Junos OpenSSL Information Disclosure Vulnerability

Summary
Junos OS is prone to a OpenSSL side channel attack which leads to information disclosure.
Impact
A local attacker obtain ECDSA nonces.
Solution
New builds of Junos OS software are available from Juniper.
Insight
The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.
Affected
Junos OS 11.4, 12.1, 12.2, 12.3, 13.1 and 13.2
Detection
Check the OS build.
References

Updated on 2015-03-25