Knowledge Search


×
 

2015-10 Security Bulletin: Junos: OpenSSL June-July 2015 advisories

  [JSA10694] Show Article Properties


Product Affected:
This issue can affect any product or platform running Junos OS.​​
Problem:

The ​OpenSSL project has published a set of security advisories for vulnerabilities resolved in the OpenSSL library in June and July 2015:

CVE CVSS v2* base score Summary
CVE-2015-1791 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier.
CVE-2015-1793 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)​ An error in the implementation of the alternative certificate chain logic could allow an attacker to cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and "issue" an invalid certificate.​
CVE-2015-1790 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses ASN.1 encoding and lacks inner EncryptedContent data.
CVE-2015-1792 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for a hash function.
CVE-2015-1788 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a denial of service (infinite loop) via a session that uses an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication.
CVE-2015-1789 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.

*CVSS v2 scores provided for backward compatibility with NVD.

Junos OS is affected by one or more of these vulnerabilities.  Note that CVE-2014-8176 was also included in an OpenSSL advisory, but no Juniper products use DTLS for communication.

Solution:
​The following software releases have been​ updated to resolve this specific issue: Junos OS 12.1X44-D55, 12.1X46-D40, 12.1X47-D25​, 12.3R11, 12.3X48-D20, 13.2X51-D40, 13.3R7, 14.1R6, 14.2R4, 15.1R2, 15.1X49-D20​, and all subsequent releases.

OpenSSL library has been upgraded to 0.9.8zg in Junos OS 12.1X44-D55, 12.1X46-D40, 12.1X47-D25​, 12.3R11, 12.3X48-D20, 13.2X51-D40 and subsequent releases.
OpenSSL library has been upgraded to 1.0.1p in Junos OS 12.1X46-D55, 12.1X47-D45, 12.3X48-D30, 13.3R7, 14.1R6, 14.2R4, 15.1R2, 15.1X49-D20​, and all subsequent releases to resolve all vulnerabilities listed above. 

Juniper SIRT is not aware of any malicious exploitation of this vulnerability.

This issue is being tracked for Junos OS as PRs 1095598, ​1095604​, 1103020 and 1153463 which are visible on the Customer Support website.

KB16765 - "In which releases are vulnerabilities fixed?" describes which release vulnerabilities are fixed as per our End of Engineering and End of Life support policies.​​
Workaround:
​Since SSL is used for remote network configuration and management applications such as J-Web and SSL Service for JUNOScript (XNM-SSL), viable workarounds for this issue in Junos may include:
  • Disabling J-Web
  • Disable SSL service for JUNOScript and only use Netconf, which makes use of SSH, to make configuration changes
  • Limit access to J-Web and XNM-SSL from only trusted networks

Implementation:

How to obtain fixed software:
Security vulnerabilities in Junos are fixed in the next available Maintenance Release of each supported Junos version. In some cases, a Maintenance Release is not planned to be available in an appropriate time-frame. For these cases, Service Releases are made available in order to be more timely. Security Advisory and Security Notices will indicate which Maintenance and Service Releases contain fixes for the issues described. Upon request to JTAC, customers will be provided download instructions for a Service Release. Although Juniper does not provide formal Release Note documentation for a Service Release, a list of "PRs fixed" can be provided on request.

Modification History:
Modification History:

2015-10-14: Initial publication
2016-10-05: Update the list of Junos releases which have OpenSSL 1.0.1p or later (i.e added 12.1X46-D55, 12.1X47-D45, 12.3X48-D30).

Related Links:
CVSS Score:
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
Risk Level:
High
Risk Assessment:
Information for how Juniper Networks uses CVSS can be found at KB16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories"
Acknowledgements: