Búsqueda de    
Vulnerabilidad   
    Buscar 191973 Descripciones CVE y
86218 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.106046
Categoría:JunOS Local Security Checks
Título:Junos OpenSSH Restriction Bypass Vulnerability
Resumen:Junos OS is prone to a restriction bypass vulnerability in OpenSSH.
Descripción:Summary:
Junos OS is prone to a restriction bypass vulnerability in OpenSSH.

Vulnerability Insight:
A vulnerability in OpenSSH may allow a remote network based
attacker to effectively bypass restrictions on number of authentication attempts, as defined by
MaxAuthTries settings on Junos.

Vulnerability Impact:
The vulnerability may enable brute force password attacks to gain
access to the device.

Affected Software/OS:
Junos OS 12.1, 12.3, 13.2, 13.3, 14.1, 14.2 and 15.1

Solution:
New builds of Junos OS software are available from Juniper. As a
workaround disable password based authentication completely, and implement key based authentication
exclusively in the SSH server configuration.

CVSS Score:
8.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-5600
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
BugTraq ID: 75990
http://www.securityfocus.com/bid/75990
BugTraq ID: 91787
http://www.securityfocus.com/bid/91787
BugTraq ID: 92012
http://www.securityfocus.com/bid/92012
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162955.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.html
http://seclists.org/fulldisclosure/2015/Jul/92
https://security.gentoo.org/glsa/201512-04
https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html
http://openwall.com/lists/oss-security/2015/07/23/4
RedHat Security Advisories: RHSA-2016:0466
http://rhn.redhat.com/errata/RHSA-2016-0466.html
http://www.securitytracker.com/id/1032988
SuSE Security Announcement: SUSE-SU-2015:1581 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html
http://www.ubuntu.com/usn/USN-2710-1
http://www.ubuntu.com/usn/USN-2710-2
CopyrightThis script is Copyright (C) 2015 Greenbone Networks GmbH

Esta es sólo una de 86218 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2020 E-Soft Inc. Todos los derechos reservados.