Búsqueda de    
Vulnerabilidad   
    Buscar 191973 Descripciones CVE y
86218 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.106048
Categoría:JunOS Local Security Checks
Título:Junos Multiple OpenSSL Vulnerabilities
Resumen:The OpenSSL library used in Junos OS is prone to multiple;vulnerabilities.
Descripción:Summary:
The OpenSSL library used in Junos OS is prone to multiple
vulnerabilities.

Vulnerability Insight:
The OpenSSL library used in Junos OS is prone to multiple
vulnerabilities.
CVE-2015-1791: Race condition in the ssl3_get_new_session_ticket function.
CVE-2015-1793: Error in the implementation of the alternative certificate chain logic.
CVE-2015-1790: DoS vulnerability in the PKCS7_dataDecode function.
CVE-2015-1792: DoS vulnerability in the do_free_upto function.
CVE-2015-1788: DoS vulnerability in the BN_GF2m_mod_inv function.
CVE-2015-1789: DoS vulnerability in the X509_cmp_time function.

Vulnerability Impact:
The vulnerabilities range from denial of service to security bypass.

Affected Software/OS:
Junos OS 12.1, 12.3, 13.2, 13.3, 14.1, 14.2 and 15.1

Solution:
New builds of Junos OS software are available from Juniper. As a
workaround disable J-Web and disable SSL service for JUNOScript and only use Netconf.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-1791
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
BugTraq ID: 75161
http://www.securityfocus.com/bid/75161
BugTraq ID: 91787
http://www.securityfocus.com/bid/91787
Cisco Security Advisory: 20150612 Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl
Debian Security Information: DSA-3287 (Google Search)
http://www.debian.org/security/2015/dsa-3287
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.html
https://security.gentoo.org/glsa/201506-02
HPdes Security Advisory: HPSBMU03409
http://marc.info/?l=bugtraq&m=144050155601375&w=2
HPdes Security Advisory: HPSBUX03388
http://marc.info/?l=bugtraq&m=143880121627664&w=2
HPdes Security Advisory: SSRT102180
NETBSD Security Advisory: NetBSD-SA2015-008
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc
RedHat Security Advisories: RHSA-2015:1115
http://rhn.redhat.com/errata/RHSA-2015-1115.html
http://www.securitytracker.com/id/1032479
SuSE Security Announcement: SUSE-SU-2015:1143 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html
SuSE Security Announcement: SUSE-SU-2015:1150 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html
SuSE Security Announcement: SUSE-SU-2015:1182 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html
SuSE Security Announcement: SUSE-SU-2015:1184 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html
SuSE Security Announcement: SUSE-SU-2015:1185 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html
SuSE Security Announcement: openSUSE-SU-2015:1139 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html
SuSE Security Announcement: openSUSE-SU-2016:0640 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
http://www.ubuntu.com/usn/USN-2639-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-1793
BugTraq ID: 75652
http://www.securityfocus.com/bid/75652
Cisco Security Advisory: 20150710 OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150710-openssl
https://www.exploit-db.com/exploits/38640/
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161747.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161782.html
FreeBSD Security Advisory: FreeBSD-SA-15:12
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:12.openssl.asc
https://security.gentoo.org/glsa/201507-15
HPdes Security Advisory: HPSBGN03424
http://marc.info/?l=bugtraq&m=144370846326989&w=2
http://www.securitytracker.com/id/1032817
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.561427
Common Vulnerability Exposure (CVE) ID: CVE-2015-1790
BugTraq ID: 75157
http://www.securityfocus.com/bid/75157
HPdes Security Advisory: HPSBGN03371
http://marc.info/?l=bugtraq&m=143654156615516&w=2
RedHat Security Advisories: RHSA-2015:1197
http://rhn.redhat.com/errata/RHSA-2015-1197.html
http://www.securitytracker.com/id/1032564
SuSE Security Announcement: SUSE-SU-2015:1181 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html
SuSE Security Announcement: SUSE-SU-2015:1183 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html
SuSE Security Announcement: openSUSE-SU-2015:1277 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-1792
BugTraq ID: 75154
http://www.securityfocus.com/bid/75154
Common Vulnerability Exposure (CVE) ID: CVE-2015-1788
BugTraq ID: 75158
http://www.securityfocus.com/bid/75158
Common Vulnerability Exposure (CVE) ID: CVE-2015-1789
BugTraq ID: 75156
http://www.securityfocus.com/bid/75156
CopyrightThis script is Copyright (C) 2015 Greenbone Networks GmbH

Esta es sólo una de 86218 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2020 E-Soft Inc. Todos los derechos reservados.