ID de Prueba:	1.3.6.1.4.1.25623.1.0.106065
Categoría:	JunOS Local Security Checks
Título:	Juniper Networks Junos OS OpenSSH Information Leak and Buffer Overflow Vulnerability
Resumen:	Junos OS is prone to an information leak and;buffer overflow vulnerability in the OpenSSH client.
Descripción:	Summary: Junos OS is prone to an information leak and buffer overflow vulnerability in the OpenSSH client. Vulnerability Insight: CVE-2016-0777 and CVE-2016-0778 were released by Qualys and cross-announced by OpenSSH on 2016-01-14. The attack vector leading to potential compromise in these scenarios relates to a session initiated from a Junos OS device using the SSH client to an external SSH server. Vulnerability Impact: A malicious SSH server can obtain sensitive information (e.g. private key) or cause a denial of service condition. Affected Software/OS: Junos OS 12.1, 12.3, 13.3, 14.1, 14.2 and 15.1 Solution: New builds of Junos OS software are available from Juniper. CVSS Score: 4.6 CVSS Vector: AV:N/AC:H/Au:S/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-0777 http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html BugTraq ID: 80695 http://www.securityfocus.com/bid/80695 Bugtraq: 20160114 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 (Google Search) http://www.securityfocus.com/archive/1/537295/100/0/threaded Debian Security Information: DSA-3446 (Google Search) http://www.debian.org/security/2016/dsa-3446 http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175592.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.html FreeBSD Security Advisory: FreeBSD-SA-16:07 https://security.FreeBSD.org/advisories/FreeBSD-SA-16:07.openssh.asc http://seclists.org/fulldisclosure/2016/Jan/44 https://security.gentoo.org/glsa/201601-01 http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html http://www.openwall.com/lists/oss-security/2016/01/14/7 http://www.securitytracker.com/id/1034671 SuSE Security Announcement: SUSE-SU-2016:0117 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html SuSE Security Announcement: SUSE-SU-2016:0118 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html SuSE Security Announcement: SUSE-SU-2016:0119 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html SuSE Security Announcement: SUSE-SU-2016:0120 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html SuSE Security Announcement: openSUSE-SU-2016:0127 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html SuSE Security Announcement: openSUSE-SU-2016:0128 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html http://www.ubuntu.com/usn/USN-2869-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-0778 BugTraq ID: 80698 http://www.securityfocus.com/bid/80698
Copyright	Copyright (C) 2016 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.