Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

2012-11 Security Bulletin: Steel-Belted Radius: Multiple OpenSSL Vulnerabilities

0

0

Article ID: JSA10544 SECURITY_ADVISORIES Last Updated: 08 Mar 2017Version: 4.0
Legacy Advisory Id:
PSN-2012-11-768
Product Affected:
Steel-Belted Radius Carrier (SBR Carrier) 7.4
Steel-Belted Radius Carrier (SBR Carrier) 7.3
Steel-Belted Radius Carrier (SBR Carrier) 7.2.4
Steel-Belted Radius Carrier (SBR Carrier) 7.2
Steel-Belted Radius v6.1.0 (Enterprise, Global Enterprise)
Problem:

OpenSSL software distributed with Steel-Belted Radius is vulnerable to CVE-2011-4619, and CVE-2011-4576. These may allow decrypting encrypted information or cause a denial of service condition for the Steel-Belted Radius server.

CVE-2011-4576 The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.
CVSS v2 Base Score:5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVE-2011-4619 The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service condition.
CVSS v2 Base Score:5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Solution:
These vulnerabilities are fixed in:
Steel-Belted Radius Carrier (SBR Carrier) 7.4.1 or later
SBR EE Software 6.1.7 or later
SBR GE Software 6.1.7 or later
 

 

Workaround:
There are no viable workarounds that can mitigate these vulnerabilities for Steel-Belted Radius products.
Use access lists or firewall filters to limit access to the Steel-Belted Radius server only from trusted hosts.

 

Modification History:
Modification History:

2017-03-08: Category restructure.

CVSS Score:
.
Severity Level:
Medium
Severity Assessment:
CVSS v2 Base Score:5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search