Anfälligkeitssuche        Suche in 187964 CVE Beschreibungen
und 85075 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.106065
Kategorie:JunOS Local Security Checks
Titel:Junos OpenSSH Information Leak and Buffer Overflow Vulnerability
Zusammenfassung:Junos OS is prone to a information leak and;buffer overflow vulnerability in the OpenSSH client.
Beschreibung:Summary:
Junos OS is prone to a information leak and
buffer overflow vulnerability in the OpenSSH client.

Vulnerability Insight:
CVE-2016-0777 and CVE-2016-0778 were released by
Qualys and cross-announced by OpenSSH on 2016-01-14.
The attack vector leading to potential compromise in these scenarios relates to a session
initiated from a Junos OS device using the SSH client to an external SSH server.

Vulnerability Impact:
A malicious SSH server can obtain sensitive information
(e.g. private key) or cause a denial of service condition.

Affected Software/OS:
Junos OS 12.1, 12.3, 13.3, 14.1, 14.2 and 15.1

Solution:
New builds of Junos OS software are available from Juniper.

CVSS Score:
4.6

CVSS Vector:
AV:N/AC:H/Au:S/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2016-0777
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
BugTraq ID: 80695
http://www.securityfocus.com/bid/80695
Bugtraq: 20160114 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 (Google Search)
http://www.securityfocus.com/archive/1/537295/100/0/threaded
Debian Security Information: DSA-3446 (Google Search)
http://www.debian.org/security/2016/dsa-3446
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175592.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.html
FreeBSD Security Advisory: FreeBSD-SA-16:07
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:07.openssh.asc
http://seclists.org/fulldisclosure/2016/Jan/44
https://security.gentoo.org/glsa/201601-01
http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html
http://www.openwall.com/lists/oss-security/2016/01/14/7
http://www.securitytracker.com/id/1034671
SuSE Security Announcement: SUSE-SU-2016:0117 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html
SuSE Security Announcement: SUSE-SU-2016:0118 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html
SuSE Security Announcement: SUSE-SU-2016:0119 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html
SuSE Security Announcement: SUSE-SU-2016:0120 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html
SuSE Security Announcement: openSUSE-SU-2016:0127 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html
SuSE Security Announcement: openSUSE-SU-2016:0128 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html
http://www.ubuntu.com/usn/USN-2869-1
Common Vulnerability Exposure (CVE) ID: CVE-2016-0778
BugTraq ID: 80698
http://www.securityfocus.com/bid/80698
CopyrightThis script is Copyright (C) 2016 Greenbone Networks GmbH

Dies ist nur einer von 85075 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.