Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Security vulnerabilities in OpenSSL (PR/26985)

0

0

Article ID: JSA10287 SECURITY_ADVISORIES Last Updated: 09 May 2013Version: 3.0
Legacy Advisory Id:
FA-SW-0208-001
Product Affected:
All domestic releases of JUNOS Internet software released prior to August 5, 2002 are affected.
Problem:

Several security vulnerabilities exist in current releases of the OpenSSL shared library code, which is included with domestic releases of JUNOS software. Details of these security vulnerabilities can be found at http://www.openssl.org/news/secadv_20020730.txt and are documented in PR/26985.

Note: Operating system software on the G10 cable modem termination system (CMTS) is unaffected by these security vulnerabilities.

Solution:
The OpenSSL code shipped with domestic releases of JUNOS software has been patched to eliminate these vulnerabilities.
Implementation:
New releases of JUNOS software containing the patched OpenSSL code will be available as soon as possible. Customers should upgrade their software to a release issued after August 5, 2002.
Severity Level:
Low
Severity Assessment:
JUNOS software contains only one of the vulnerabilities identified. Data could possibly be corrupted if the router attempts to verify a malformed certificate supplied by the server. The likelihood of this occurring is very low.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search