Summary
Junos OS is prone to a OpenSSL session injection and denial of service vulnerability.
Impact
A remote attacker might inject data accross sessions or cause a denial of service.
Solution
New builds of Junos OS software are available from Juniper.
Insight
A race condition in the ssl3_read_bytes function can allow remote attackers to inject data across sessions or cause a denial of service. This flaw only affects multithreaded applications using OpenSSL 1.0.0 and 1.0.1, where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the default and not common.
Affected
Junos OS 11.4, 12.1, 12.2, 12.3, 13.1, 13.2 and 13.3
Detection
Check the OS build.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2010-5298 -
CVSS Base Score: 4.0
AV:N/AC:H/Au:N/C:N/I:P/A:P
Related Vulnerabilities