Búsqueda de    
Vulnerabilidad   
    Buscar 191973 Descripciones CVE y
86218 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.105948
Categoría:JunOS Local Security Checks
Título:Junos SSL Session Injection Vulnerability
Resumen:Junos OS is prone to a OpenSSL session injection and denial;of service vulnerability.
Descripción:Summary:
Junos OS is prone to a OpenSSL session injection and denial
of service vulnerability.

Vulnerability Insight:
A race condition in the ssl3_read_bytes function can allow
remote attackers to inject data across sessions or cause a denial of service. This flaw only affects
multithreaded applications using OpenSSL 1.0.0 and 1.0.1, where SSL_MODE_RELEASE_BUFFERS is enabled, which
is not the default and not common.

Vulnerability Impact:
A remote attacker might inject data across sessions or cause a
denial of service.

Affected Software/OS:
Junos OS 11.4, 12.1, 12.2, 12.3, 13.1, 13.2 and 13.3

Solution:
New builds of Junos OS software are available from Juniper.

CVSS Score:
4.0

CVSS Vector:
AV:N/AC:H/Au:N/C:N/I:P/A:P

Referencia Cruzada: BugTraq ID: 66801
Common Vulnerability Exposure (CVE) ID: CVE-2010-5298
http://www.securityfocus.com/bid/66801
Bugtraq: 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/534161/100/0/threaded
Cisco Security Advisory: 20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html
http://seclists.org/fulldisclosure/2014/Dec/23
http://security.gentoo.org/glsa/glsa-201407-05.xml
HPdes Security Advisory: HPSBGN03068
http://marc.info/?l=bugtraq&m=140544599631400&w=2
HPdes Security Advisory: HPSBHF03052
http://marc.info/?l=bugtraq&m=141658880509699&w=2
HPdes Security Advisory: HPSBMU03051
http://marc.info/?l=bugtraq&m=140448122410568&w=2
HPdes Security Advisory: HPSBMU03055
http://marc.info/?l=bugtraq&m=140431828824371&w=2
HPdes Security Advisory: HPSBMU03056
http://marc.info/?l=bugtraq&m=140389355508263&w=2
HPdes Security Advisory: HPSBMU03057
http://marc.info/?l=bugtraq&m=140389274407904&w=2
HPdes Security Advisory: HPSBMU03062
http://marc.info/?l=bugtraq&m=140752315422991&w=2
HPdes Security Advisory: HPSBMU03074
http://marc.info/?l=bugtraq&m=140621259019789&w=2
HPdes Security Advisory: HPSBMU03076
http://marc.info/?l=bugtraq&m=140904544427729&w=2
http://www.mandriva.com/security/advisories?name=MDVSA-2014:090
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
http://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuse
https://rt.openssl.org/Ticket/Display.html?id=2167&user=guest&pass=guest
https://rt.openssl.org/Ticket/Display.html?id=3265&user=guest&pass=guest
http://openwall.com/lists/oss-security/2014/04/13/1
OpenBSD Security Advisory: [5.5] 004: SECURITY FIX: April 12, 2014
http://www.openbsd.org/errata55.html#004_openssl
http://secunia.com/advisories/58337
http://secunia.com/advisories/58713
http://secunia.com/advisories/58939
http://secunia.com/advisories/58977
http://secunia.com/advisories/59162
http://secunia.com/advisories/59287
http://secunia.com/advisories/59300
http://secunia.com/advisories/59301
http://secunia.com/advisories/59342
http://secunia.com/advisories/59413
http://secunia.com/advisories/59437
http://secunia.com/advisories/59438
http://secunia.com/advisories/59440
http://secunia.com/advisories/59450
http://secunia.com/advisories/59490
http://secunia.com/advisories/59655
http://secunia.com/advisories/59666
http://secunia.com/advisories/59669
http://secunia.com/advisories/59721
SuSE Security Announcement: SUSE-SU-2015:0743 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html
CopyrightThis script is Copyright (C) 2015 Greenbone Networks GmbH

Esta es sólo una de 86218 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2020 E-Soft Inc. Todos los derechos reservados.