JunOS Local Security Checks : Juniper Networks Junos OS OpenSSL Information Disclosure Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.105949
Categoría:	JunOS Local Security Checks
Título:	Juniper Networks Junos OS OpenSSL Information Disclosure Vulnerability
Resumen:	Junos OS is prone to a OpenSSL side channel attack which leads to;information disclosure.
Descripción:	Summary: Junos OS is prone to a OpenSSL side channel attack which leads to information disclosure. Vulnerability Insight: The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack. Vulnerability Impact: A local attacker obtain ECDSA nonces. Affected Software/OS: Junos OS 11.4, 12.1, 12.2, 12.3, 13.1 and 13.2 Solution: New builds of Junos OS software are available from Juniper. CVSS Score: 1.9 CVSS Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-0076 20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl 58492 http://secunia.com/advisories/58492 58727 http://secunia.com/advisories/58727 58939 http://secunia.com/advisories/58939 59040 http://secunia.com/advisories/59040 59162 http://secunia.com/advisories/59162 59175 http://secunia.com/advisories/59175 59264 http://secunia.com/advisories/59264 59300 http://secunia.com/advisories/59300 59364 http://secunia.com/advisories/59364 59374 http://secunia.com/advisories/59374 59413 http://secunia.com/advisories/59413 59438 http://secunia.com/advisories/59438 59445 http://secunia.com/advisories/59445 59450 http://secunia.com/advisories/59450 59454 http://secunia.com/advisories/59454 59490 http://secunia.com/advisories/59490 59495 http://secunia.com/advisories/59495 59514 http://secunia.com/advisories/59514 59655 http://secunia.com/advisories/59655 59721 http://secunia.com/advisories/59721 60571 http://secunia.com/advisories/60571 66363 http://www.securityfocus.com/bid/66363 HPSBGN03050 http://marc.info/?l=bugtraq&m=140482916501310&w=2 HPSBMU03051 http://marc.info/?l=bugtraq&m=140448122410568&w=2 HPSBMU03056 http://marc.info/?l=bugtraq&m=140389355508263&w=2 HPSBMU03057 http://marc.info/?l=bugtraq&m=140389274407904&w=2 HPSBMU03062 http://marc.info/?l=bugtraq&m=140752315422991&w=2 HPSBMU03074 http://marc.info/?l=bugtraq&m=140621259019789&w=2 HPSBMU03076 http://marc.info/?l=bugtraq&m=140904544427729&w=2 HPSBOV03047 http://marc.info/?l=bugtraq&m=140317760000786&w=2 HPSBUX03046 http://marc.info/?l=bugtraq&m=140266410314613&w=2 MDVSA-2014:067 http://www.mandriva.com/security/advisories?name=MDVSA-2014:067 MDVSA-2015:062 http://www.mandriva.com/security/advisories?name=MDVSA-2015:062 SSRT101590 USN-2165-1 http://www.ubuntu.com/usn/USN-2165-1 http://advisories.mageia.org/MGASA-2014-0165.html http://eprint.iacr.org/2014/140 http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=2198be3483259de374f91e57d247d0fc667aef29 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629 http://support.apple.com/kb/HT6443 http://www-01.ibm.com/support/docview.wss?uid=isg400001841 http://www-01.ibm.com/support/docview.wss?uid=isg400001843 http://www-01.ibm.com/support/docview.wss?uid=swg21673137 http://www-01.ibm.com/support/docview.wss?uid=swg21676035 http://www-01.ibm.com/support/docview.wss?uid=swg21676062 http://www-01.ibm.com/support/docview.wss?uid=swg21676092 http://www-01.ibm.com/support/docview.wss?uid=swg21676419 http://www-01.ibm.com/support/docview.wss?uid=swg21676424 http://www-01.ibm.com/support/docview.wss?uid=swg21676501 http://www-01.ibm.com/support/docview.wss?uid=swg21676655 http://www-01.ibm.com/support/docview.wss?uid=swg21677695 http://www-01.ibm.com/support/docview.wss?uid=swg21677828 http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm http://www.novell.com/support/kb/doc.php?id=7015264 http://www.novell.com/support/kb/doc.php?id=7015300 http://www.openssl.org/news/secadv_20140605.txt http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html https://bugs.gentoo.org/show_bug.cgi?id=505278 https://bugzilla.novell.com/show_bug.cgi?id=869945 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946 https://kc.mcafee.com/corporate/index?page=content&id=SB10075 openSUSE-SU-2014:0480 http://lists.opensuse.org/opensuse-updates/2014-04/msg00007.html openSUSE-SU-2016:0640 http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
Copyright	Copyright (C) 2015 Greenbone AG