2014-11 Security Bulletin: CTPOS: Multiple vulnerabilities resolved by third party software upgrades
Product Affected:CTPOS releases prior to 6.6R2.
Problem:CTPOS release 6.6R2 addresses vulnerabilities in prior releases with NTP updated from 4.2.2 to 4.2.6, OpenSSH updated from 5.1 to 6.6 and OpenSSL updated from 0.9.8w to 0.9.8za. The following is a summary of vulnerabilities ordered by risk score: CVECVSS v2 base scoreSummaryCVE-2009-01596.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)NTP stack-based buffer overflow that could allow remote NTP servers to execute arbitrary code via a crafted response.CVE-2014-02246.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)OpenSSL man in the middle vulnerability related to ChangeCipherSpec messages, aka the “CCS Injection” vulnerability.CVE-2009-35636.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)NTP denial of service vulnerability.CVE-2010-51075.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)OpenSSH denial of service (connection-slot exhaustion) vulnerability due to insecure default configuration.CVE-2014-00764.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)OpenSSL ECDSA nonce disclosure via cache side-channel attacks vulnerability.CVE-2014-34704.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)OpenSSL Denial of service related to anonymous ECDH cipher suites.
Solution:All these issues are resolved in CTPOS 6.6R2 (released 20 June 2014) and later releases.
Workaround:Limiting access to the device from only trusted hosts would help mitigate or reduce the risks of exposure to these issues.
Implementation:CTPOS Releases are available for download from http://www.juniper.net/support/downloads/.Modification History: 2014-11-12: Initial publication.
Related Links: CVSS Score:6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Risk Assessment:NTP vulnerability CVE-2009-0159 and OpenSSL vulnerability CVE-2014-0224 have the highest CVSS v2 base score of 6.8 in this advisory.