Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Potential security vulnerability in OpenSSL

0

0

Article ID: JSA10311 SECURITY_ADVISORIES Last Updated: 09 May 2013Version: 2.0
Legacy Advisory Id:
PSN-2003-03-007
Product Affected:
All releases of JUNOS software built prior to March 13, 2003
Problem:
Versions of OpenSSL software shipped with JUNOS releases built prior to March 13, 2003 do not perform a MAC checksum calculation on packets that contain incorrect block cipher padding. An attacker can detect the difference in the amount of time required for reporting incorrect padding errors and reporting MAC checksum verification errors. Being able to distinguish between the two types of errors can aid an attacker in devising more effective attacks against certain encryption algorithms.

More details can be found at http://www.openssl.org/news/secadv_20030219.txt. This problem is documented as PR/32421.
Solution:
All JUNOS software built on or after March 13, 2003 performs the MAC checksum calculation on all packets, including packets with incorrect block cipher padding. The code now takes nearly the same amount of time to report both types of errors. This effectively prevents an attacker from distinguishing between the two types of errors based on response time, and from using that information to improve the attack.
Implementation:
Customers should install a release of JUNOS built on or after March 13, 2003.
Severity Level:
Low
Severity Assessment:
No known exploit of this vulnerability exists.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search