Anfälligkeitssuche        Suche in 187964 CVE Beschreibungen
und 85075 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.105949
Kategorie:JunOS Local Security Checks
Titel:Junos OpenSSL Information Disclosure Vulnerability
Zusammenfassung:Junos OS is prone to a OpenSSL side channel attack which leads to;information disclosure.
Beschreibung:Summary:
Junos OS is prone to a OpenSSL side channel attack which leads to
information disclosure.

Vulnerability Insight:
The Montgomery ladder implementation in OpenSSL through 1.0.0l does
not ensure that certain swap operations have a constant-time behavior, which makes it easier for
local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.

Vulnerability Impact:
A local attacker obtain ECDSA nonces.

Affected Software/OS:
Junos OS 11.4, 12.1, 12.2, 12.3, 13.1 and 13.2

Solution:
New builds of Junos OS software are available from Juniper.

CVSS Score:
1.9

CVSS Vector:
AV:L/AC:M/Au:N/C:P/I:N/A:N

Querverweis: BugTraq ID: 66363
Common Vulnerability Exposure (CVE) ID: CVE-2014-0076
http://www.securityfocus.com/bid/66363
Cisco Security Advisory: 20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl
HPdes Security Advisory: HPSBGN03050
http://marc.info/?l=bugtraq&m=140482916501310&w=2
HPdes Security Advisory: HPSBMU03051
http://marc.info/?l=bugtraq&m=140448122410568&w=2
HPdes Security Advisory: HPSBMU03056
http://marc.info/?l=bugtraq&m=140389355508263&w=2
HPdes Security Advisory: HPSBMU03057
http://marc.info/?l=bugtraq&m=140389274407904&w=2
HPdes Security Advisory: HPSBMU03062
http://marc.info/?l=bugtraq&m=140752315422991&w=2
HPdes Security Advisory: HPSBMU03074
http://marc.info/?l=bugtraq&m=140621259019789&w=2
HPdes Security Advisory: HPSBMU03076
http://marc.info/?l=bugtraq&m=140904544427729&w=2
HPdes Security Advisory: HPSBOV03047
http://marc.info/?l=bugtraq&m=140317760000786&w=2
HPdes Security Advisory: HPSBUX03046
http://marc.info/?l=bugtraq&m=140266410314613&w=2
HPdes Security Advisory: SSRT101590
http://www.mandriva.com/security/advisories?name=MDVSA-2014:067
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
http://eprint.iacr.org/2014/140
http://secunia.com/advisories/58492
http://secunia.com/advisories/58727
http://secunia.com/advisories/58939
http://secunia.com/advisories/59040
http://secunia.com/advisories/59162
http://secunia.com/advisories/59175
http://secunia.com/advisories/59264
http://secunia.com/advisories/59300
http://secunia.com/advisories/59364
http://secunia.com/advisories/59374
http://secunia.com/advisories/59413
http://secunia.com/advisories/59438
http://secunia.com/advisories/59445
http://secunia.com/advisories/59450
http://secunia.com/advisories/59454
http://secunia.com/advisories/59490
http://secunia.com/advisories/59495
http://secunia.com/advisories/59514
http://secunia.com/advisories/59655
http://secunia.com/advisories/59721
http://secunia.com/advisories/60571
SuSE Security Announcement: openSUSE-SU-2014:0480 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-04/msg00007.html
SuSE Security Announcement: openSUSE-SU-2016:0640 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
http://www.ubuntu.com/usn/USN-2165-1
CopyrightThis script is Copyright (C) 2015 Greenbone Networks GmbH

Dies ist nur einer von 85075 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.