Problem:
OpenSSL published an
advisory on June 5th regarding following seven vulnerabilities that have
been fixed in OpenSSL versions 0.9.8za, 1.0.0m and 1.0.1h.
Following is a summary of vulnerabilities and their status with respect to Juniper products:
CVE-2014-0224 SSL/TLS MITM vulnerability An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. The attack can only be performed between a vulnerable client *and* server. OpenSSL clients are vulnerable in all versions of OpenSSL. Servers are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1.
CVE-2014-0198 SSL_MODE_RELEASE_BUFFERS NULL pointer dereference A flaw in the do_ssl3_write function can allow remote attackers to cause a denial of service via a NULL pointer dereference. This flaw only affects OpenSSL 1.0.0 and 1.0.1 where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the default and not common.
CVE-2010-5298 SSL_MODE_RELEASE_BUFFERS session injection or denial of service A race condition in the ssl3_read_bytes function can allow remote attackers to inject data across sessions or cause a denial of service. This flaw only affects multithreaded applications using OpenSSL 1.0.0 and 1.0.1, where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the default and not common.
CVE-2014-3470 Anonymous ECDH denial of service OpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to a denial of service attack.
CVE-2014-0076 ECDSA nonce disclosure using side-channel attack The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.
CVE-2014-0221 DTLS recursion flaw By sending an invalid DTLS handshake to an OpenSSL DTLS client the code can be made to recurse eventually crashing in a DoS attack. Only applications using OpenSSL as a DTLS client are affected.
CVE-2014-0195 DTLS invalid fragment vulnerability A buffer overrun attack can be triggered by sending invalid DTLS fragments to an OpenSSL DTLS client or server. This is potentially exploitable to run arbitrary code on a vulnerable client or server. Only applications using OpenSSL as a DTLS client or server affected.
Juniper is investigating our product portfolio for affected software that is not mentioned above. As new information becomes available this document will be updated.
Modification History:
June 5, 2014: Initial release
Solution:Following is a summary of vulnerabilities and their status with respect to Juniper products:
CVE-2014-0224 SSL/TLS MITM vulnerability An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. The attack can only be performed between a vulnerable client *and* server. OpenSSL clients are vulnerable in all versions of OpenSSL. Servers are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1.
- Junos OS is vulnerable to this issue (PR 999736).
- SSL VPN, UAC, Junos Pulse (except non-FIPS version on iOS), Network Connect (except non-FIPS version on Windows) are vulnerable (PR 999726).
CVE-2014-0198 SSL_MODE_RELEASE_BUFFERS NULL pointer dereference A flaw in the do_ssl3_write function can allow remote attackers to cause a denial of service via a NULL pointer dereference. This flaw only affects OpenSSL 1.0.0 and 1.0.1 where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the default and not common.
- Junos OS is vulnerable to this issue (PR 988917).
- SSL VPN is vulnerable to this issue (PR 988916).
CVE-2010-5298 SSL_MODE_RELEASE_BUFFERS session injection or denial of service A race condition in the ssl3_read_bytes function can allow remote attackers to inject data across sessions or cause a denial of service. This flaw only affects multithreaded applications using OpenSSL 1.0.0 and 1.0.1, where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the default and not common.
- Junos OS: This issue has been resolved in all supported versions of Junos. All releases built on or after 2014-05-08 will contain the fix for this issue (PR 984416).
- SSL VPN: This issue is fixed in IVE OS 8.0r4, and 7.4r11 and all subsequent releases (PR 986446).
CVE-2014-3470 Anonymous ECDH denial of service OpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to a denial of service attack.
- Junos Pulse is not vulnerable to this issue.
- This issue is being investigated to see if any other Juniper software uses anonymous ECDH ciphersuites as a client.
CVE-2014-0076 ECDSA nonce disclosure using side-channel attack The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.
- Junos OS: releases prior to 13.3 are vulnerable to this issue (PR 982853).
CVE-2014-0221 DTLS recursion flaw By sending an invalid DTLS handshake to an OpenSSL DTLS client the code can be made to recurse eventually crashing in a DoS attack. Only applications using OpenSSL as a DTLS client are affected.
- Juniper SIRT is not aware of any Juniper products that uses DTLS for communication. Juniper products are not vulnerable to this issue.
CVE-2014-0195 DTLS invalid fragment vulnerability A buffer overrun attack can be triggered by sending invalid DTLS fragments to an OpenSSL DTLS client or server. This is potentially exploitable to run arbitrary code on a vulnerable client or server. Only applications using OpenSSL as a DTLS client or server affected.
- Juniper SIRT is not aware of any Juniper products that uses DTLS for communication. Juniper products are not vulnerable to this issue.
Juniper is investigating our product portfolio for affected software that is not mentioned above. As new information becomes available this document will be updated.
Modification History:
June 5, 2014: Initial release
Junos Pulse/SA (SSL VPN)
We are currently investigating our product portfolio for affected software and will work to provide fixes for any software that is found to be vulnerable. Any available solution to particular CVEs is listed in the Problem section above.
Workaround:
For more information on solution available for this platform please see KB: http://kb.juniper.net/KB29195
We are currently investigating our product portfolio for affected software and will work to provide fixes for any software that is found to be vulnerable. Any available solution to particular CVEs is listed in the Problem section above.
Junos OS:
Since SSL is used for remote network configuration and management applications such as J-Web and SSL Service for JUNOScript (XNM-SSL), viable workarounds for this issue in Junos may include:
Since SSL is used for remote network configuration and management applications such as J-Web and SSL Service for JUNOScript (XNM-SSL), viable workarounds for this issue in Junos may include:
- Disabling J-Web
- Disable SSL service for JUNOScript and only use Netconf, which makes use of SSH, to make configuration changes
- Limit access to J-Web and XNM-SSL from only trusted network
No comments:
Post a Comment