Anfälligkeitssuche        Suche in 187964 CVE Beschreibungen
und 85075 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.106048
Kategorie:JunOS Local Security Checks
Titel:Junos Multiple OpenSSL Vulnerabilities
Zusammenfassung:The OpenSSL library used in Junos OS is prone to multiple;vulnerabilities.
Beschreibung:Summary:
The OpenSSL library used in Junos OS is prone to multiple
vulnerabilities.

Vulnerability Insight:
The OpenSSL library used in Junos OS is prone to multiple
vulnerabilities.
CVE-2015-1791: Race condition in the ssl3_get_new_session_ticket function.
CVE-2015-1793: Error in the implementation of the alternative certificate chain logic.
CVE-2015-1790: DoS vulnerability in the PKCS7_dataDecode function.
CVE-2015-1792: DoS vulnerability in the do_free_upto function.
CVE-2015-1788: DoS vulnerability in the BN_GF2m_mod_inv function.
CVE-2015-1789: DoS vulnerability in the X509_cmp_time function.

Vulnerability Impact:
The vulnerabilities range from denial of service to security bypass.

Affected Software/OS:
Junos OS 12.1, 12.3, 13.2, 13.3, 14.1, 14.2 and 15.1

Solution:
New builds of Junos OS software are available from Juniper. As a
workaround disable J-Web and disable SSL service for JUNOScript and only use Netconf.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2015-1791
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
BugTraq ID: 75161
http://www.securityfocus.com/bid/75161
BugTraq ID: 91787
http://www.securityfocus.com/bid/91787
Cisco Security Advisory: 20150612 Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl
Debian Security Information: DSA-3287 (Google Search)
http://www.debian.org/security/2015/dsa-3287
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.html
https://security.gentoo.org/glsa/201506-02
HPdes Security Advisory: HPSBMU03409
http://marc.info/?l=bugtraq&m=144050155601375&w=2
HPdes Security Advisory: HPSBUX03388
http://marc.info/?l=bugtraq&m=143880121627664&w=2
HPdes Security Advisory: SSRT102180
NETBSD Security Advisory: NetBSD-SA2015-008
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc
RedHat Security Advisories: RHSA-2015:1115
http://rhn.redhat.com/errata/RHSA-2015-1115.html
http://www.securitytracker.com/id/1032479
SuSE Security Announcement: SUSE-SU-2015:1143 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html
SuSE Security Announcement: SUSE-SU-2015:1150 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html
SuSE Security Announcement: SUSE-SU-2015:1182 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html
SuSE Security Announcement: SUSE-SU-2015:1184 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html
SuSE Security Announcement: SUSE-SU-2015:1185 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html
SuSE Security Announcement: openSUSE-SU-2015:1139 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html
SuSE Security Announcement: openSUSE-SU-2016:0640 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
http://www.ubuntu.com/usn/USN-2639-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-1793
BugTraq ID: 75652
http://www.securityfocus.com/bid/75652
Cisco Security Advisory: 20150710 OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150710-openssl
https://www.exploit-db.com/exploits/38640/
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161747.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161782.html
FreeBSD Security Advisory: FreeBSD-SA-15:12
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:12.openssl.asc
https://security.gentoo.org/glsa/201507-15
HPdes Security Advisory: HPSBGN03424
http://marc.info/?l=bugtraq&m=144370846326989&w=2
http://www.securitytracker.com/id/1032817
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.561427
Common Vulnerability Exposure (CVE) ID: CVE-2015-1790
BugTraq ID: 75157
http://www.securityfocus.com/bid/75157
HPdes Security Advisory: HPSBGN03371
http://marc.info/?l=bugtraq&m=143654156615516&w=2
RedHat Security Advisories: RHSA-2015:1197
http://rhn.redhat.com/errata/RHSA-2015-1197.html
http://www.securitytracker.com/id/1032564
SuSE Security Announcement: SUSE-SU-2015:1181 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html
SuSE Security Announcement: SUSE-SU-2015:1183 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html
SuSE Security Announcement: openSUSE-SU-2015:1277 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-1792
BugTraq ID: 75154
http://www.securityfocus.com/bid/75154
Common Vulnerability Exposure (CVE) ID: CVE-2015-1788
BugTraq ID: 75158
http://www.securityfocus.com/bid/75158
Common Vulnerability Exposure (CVE) ID: CVE-2015-1789
BugTraq ID: 75156
http://www.securityfocus.com/bid/75156
CopyrightThis script is Copyright (C) 2015 Greenbone Networks GmbH

Dies ist nur einer von 85075 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.