OpenSSL published an advisory on June 5th regarding following seven vulnerabilities that have been fixed in OpenSSL versions 0.9.8za, 1.0.0m and 1.0.1h.Following is a summary of vulnerabilities and their status with respect to Juniper products:CVE-2014-0224 SSL/TLS MITM vulnerability An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. The attack can only be performed between a vulnerable client and server. OpenSSL clients are vulnerable in all versions of OpenSSL. Servers are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1. Junos OS: Any product or platform running Junos OS versions prior to 14.1 are vulnerable to this issue (PR 999736).Following Secure Access software versions are vulnerable (PR 1000219):IVEOS 8.0 prior to 8.0R4.1IVEOS 7.4 prior to 7.4R11.1UACOS C4.4 prior to C4.4r11.1UACOS C5.0 prior to C5.0r4.1Following Pulse Desktop versions are vulnerable (PR 1000143):5.0 prior to 5.0R4.14.0 prior to 4.0R11.1Secure Access software versions 7.1rX, 7.2rX and 7.3rX are not vulnerable on the server side when clients are used to access Secure Access server with those versions.All Network Connect FIPS versions are vulnerable.All versions Linux Network Connect are vulnerableNetwork Connect for Mac OS X is vulnerable only if openssl version provided by Mac OS X system is vulnerable.All versions of Host Checker are vulnerable.All JSAM (Java Secure Application Manager) versions are NOT vulnerable.All WSAM (Windows Secure Application Manager) versions are NOT vulnerable.All Junos Pulse (Mobile) for iOS FIPS versions are vulnerable (PR 1000204).All Junos Pulse (Mobile) for Android versions are vulnerable.All versions of Junos Space are vulnerable (PR 999804).Junos WebApp Secure (JWAS) is vulnerable (PR 1000088).SBR enterprise 6.10-6.17 are vulnerable. Please see KB29217 for more information on this product.ScreenOS is not vulnerable (PR 999772) – ScreenOS Web UI is not vulnerable and all Juniper servers that ScreenOS can connect to have been verified to be not vulnerable, hence ScreenOS is not vulnerable.Windows Network Connect (Non-FIPS) versions are not vulnerable.Junos Pulse (iOS) Non-FIPS versions are not vulnerable.Windows In-Box Junos Pulse Client on Windows 8.1 is not vulnerable.Junos Pulse (Mobile) for Windows Phone 8.1 versions is not vulnerable. CVE-2014-0198 SSL_MODE_RELEASE_BUFFERS NULL pointer dereference A flaw in the do_ssl3_write function can allow remote attackers to cause a denial of service via a NULL pointer dereference. This flaw only affects OpenSSL 1.0.0 and 1.0.1 where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the default and not common. All versions of Junos OS running on any product or platform running are vulnerable (PR 988917).Following Secure Access versions are vulnerable (PR 988916):IVEOS 8.0 prior to 8.0R4.1IVEOS 7.4 prior to 7.4R11.1UACOS C4.4 prior to C4.4r11.1UACOS C5.0 prior to C5.0r4.1Secure Access software versions 7.1, 7.2 and 7.3 are not vulnerable.Junos WebApp Secure (JWAS) is vulnerable (PR 1000088).Junos Space is not vulnerable.ScreenOS is not vulnerable.CVE-2010-5298 SSL_MODE_RELEASE_BUFFERS session injection or denial of service A race condition in the ssl3_read_bytes function can allow remote attackers to inject data across sessions or cause a denial of service. This flaw only affects multithreaded applications using OpenSSL 1.0.0 and 1.0.1, where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the default and not common.Junos OS: Any product or platform running Junos OS versions prior to 14.1 are vulnerable to this issue (PR 984416).Following Secure Access versions are vulnerable (PR 986446):IVEOS 8.0 prior to 8.0r4IVEOS 7.4 prior to 7.4r11UACOS C4.4 prior to C4.4r11.1UACOS C5.0 prior to C5.0r4.1Secure Access software versions 7.1, 7.2 and 7.3 are not vulnerable.Junos WebApp Secure (JWAS) is vulnerable (PR 1000088).Junos Space is not vulnerable.ScreenOS is not vulnerable. CVE-2014-3470 Anonymous ECDH denial of service OpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to a denial of service attack. Junos WebApp Secure (JWAS) is vulnerable (PR 1000088).Junos Pulse is not vulnerable.Junos Space is not vulnerable.ScreenOS is not vulnerable.SSL VPN Secure Access software is not vulnerable, however software has been updated to include OpenSSL changes for this issue.Junos OS is not vulnerable.CVE-2014-0076 ECDSA nonce disclosure using side-channel attack The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack. Junos OS: Any product or platform running Junos OS versions prior to 13.3 are vulnerable to this issue (PR 982853).Junos WebApp Secure (JWAS) is vulnerable (PR 1000088).ScreenOS is vulnerable (PR 999772).Junos Space is not vulnerable.SSL VPN Secure Access software is not vulnerableUnified Access Control software is not vulnerableSA Series SSL VPN Virtual Appliance is vulnerable.Junos Pulse for windows is vulnerable. CVE-2014-0221 DTLS recursion flaw By sending an invalid DTLS handshake to an OpenSSL DTLS client the code can be made to recurse eventually crashing in a DoS attack. Only applications using OpenSSL as a DTLS client are affected. Juniper SIRT is not aware of any Juniper products that use DTLS for communication. Juniper products are not vulnerable to this issue. Junos OS, SSL VPN products, ScreenOS, Junos Space, Junos WebApp Secure (JWAS) are not vulnerable to this issue.CVE-2014-0195 DTLS invalid fragment vulnerability A buffer overrun attack can be triggered by sending invalid DTLS fragments to an OpenSSL DTLS client or server. This is potentially exploitable to run arbitrary code on a vulnerable client or server. Only applications using OpenSSL as a DTLS client or server affected. Juniper SIRT is not aware of any Juniper products that use DTLS for communication. Juniper products are not vulnerable to this issue. Junos OS, SSL VPN products, ScreenOS, Junos Space, Junos WebApp Secure (JWAS) are not vulnerable to this issue.Products not vulnerable to any of the above issues:ADC Software is not vulnerableSmartPass is not vulnerableJunosE is not vulnerableWX/WXC series is not vulnerableJuniper is investigating our product portfolio for affected software that is not mentioned above. As new information becomes available this document will be updated.Modification History:June 5, 2014: Initial releaseJune 6, 2014: Included status of ScreenOS, Junos SpaceJune 10, 2014: Included UAC/SA/Pulse information in solution section, updated status of ScreenOS.June 12, 2014: Included status of Junos WebApp Secure (JWAS).July 1, 2014: Included status of WX/WXC series.July 29, 2014: Updated available Junos OS resolution releases.September 4th, 2014: Fixed grammatical error in ScreenOS problem section.SA (SSL VPN) CVE-2014-0224 SSL/TLS MITM vulnerability Fixes for this issue are found in IVEOS 8.0r4.1 and 7.4r11.1,For more information on solution available for this platform please see KB: http://kb.juniper.net/KB29195CVE-2014-0198 SSL_MODE_RELEASE_BUFFERS NULL pointer dereference Fixes for this issue are found in IVEOS 7.4R11.1 and 8.0R4.1.CVE-2010-5298 SSL_MODE_RELEASE_BUFFERS session injection or denial of service Fixes for this issue are found in IVEOS 7.4R11 and 8.0R4.CVE-2014-3470 Anonymous ECDH denial of service Fixes for this issue are found in IVEOS  7.1r19.1, 7.4R11.1 and 8.0R4.1.SA Series SSL VPN Virtual Appliance Fixes for this platform are in progress. We plan to add a fix in a future SA major release. UAC/IC CVE-2014-0224 SSL/TLS MITM vulnerability Fixes for this issue are found in UACOS C4.4r11.1 and C5.0r41.1.CVE-2014-0198 SSL_MODE_RELEASE_BUFFERS NULL pointer dereference Fixes for this issue are found in UACOS C4.4r11.1 and C5.0r41.1.CVE-2010-5298 SSL_MODE_RELEASE_BUFFERS session injection or denial of service Fixes for this issue are found in UACOS C4.4r11.1 and C5.0r41.1.CVE-2014-3470 Anonymous ECDH denial of service Fixes for this issue are found in UACOS C4.4r11.1 and C5.0r41.1.Junos Pulse CVE-2014-0224 SSL/TLS MITM vulnerability Fixes for this issue are found in 5.0r4.1 and 4.0r11.1.For more information on solution available for this platform please see KB: http://kb.juniper.net/KB29195CVE-2014-0076 ECDSA nonce disclosure using side-channel attack Fixes for this issue are planned for a future release (5.1r1) No ETA is set at this time.IDP SignaturesJuniper has released signatures to detect attempts to exploit CVE-2014-0224: Junos OSCVE-2014-0224 SSL/TLS MITM vulnerability This issue is fixed in 11.4R12-S1, 12.1X46-D20, 13.1R4-S2, 13.2R5, 13.3R2-S3, 13.3R3, 14.1R1 and all subsequent releases. Even though CVE-2014-0221, CVE-2014-0195 and CVE-2014-3470 do not affect Junos, changes to resolve these issues are included along with the fix for CVE-2014-0224.A fix release is pending for Junos 12.1X44, 12.1X47, 12.2 and 12.3.CVE-2014-0198 SSL_MODE_RELEASE_BUFFERS NULL pointer dereference This is fixed in 12.1X46-D20 and 13.3R3.A fix release is pending for other supported Junos releases.CVE-2010-5298 SSL_MODE_RELEASE_BUFFERS session injection or denial of service This is fixed in 12.1X46-D20, 12.3R7, 13.2R5, 13.3R2-S3, 13.3R3, 14.1R1 and all subsequent releases.A fix release is pending for Junos 11.4, 12.1X44, 12.1X47, 12.2, 13.1.CVE-2014-0076 ECDSA nonce disclosure using side-channel attack This is fixed in 11.4R12-S1, 12.1X46-D20, 12.1X47-D10, 12.3R7, 13.3R1 and all subsequent releases.A fix release is pending for Junos 12.1X44, 12.2, 13.1, 13.2. We are currently investigating our product portfolio for affected software and will work to provide fixes for any software that is found to be vulnerable. Any available solution to particular CVEs is listed in the Problem section above.Junos OS:Since SSL is used for remote network configuration and management applications such as J-Web and SSL Service for JUNOScript (XNM-SSL), viable workarounds for this issue in Junos may include: Disabling J-WebDisable SSL service for JUNOScript and only use Netconf, which makes use of SSH, to make configuration changesLimit access to J-Web and XNM-SSL from only trusted networkWorkaround for CVE-2014-0076:Since this vulnerability requires an attacker to have a local account on the device and be able to execute arbitrary code, limiting access to only trusted users should completely mitigate the issue on affected devices.A network based attacker who can conduct man-in-the-middle type of attacks can decrypt or modify encrypted traffic. This may contains sensitive information that can be leveraged to conduct additional attacks.

Leave a Reply