Juniper Steel-Belted Radius Multiple OpenSSL Vulnerabilities

medium Nessus Plugin ID 70165

Language:

Synopsis

The remote host has an application installed that is affected by multiple OpenSSL vulnerabilities.

Description

The version of Juniper Steel-Belted Radius software installed on the remote RedHat or CentOS host is affected by multiple OpenSSL vulnerabilities :

- The SSL 3.0 implementation in OpenSSL does not properly initialize data structures for block cipher padding, which could allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer. (CVE-2011-4576)

- The Server Gated Cryptography (SGC) implementation in OpenSSL does not properly handle handshake restarts, which could allow remote attackers to cause a denial of service condition. (CVE-2011-4619)

Solution

Updates are available from the vendor.

Plugin Details

Severity: Medium

ID: 70165

File Name: juniper_sbr_multiple.nasl

Version: 1.7

Type: local

Family: Misc.

Published: 9/27/2013

Updated: 11/27/2019

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2011-4576

Vulnerability Information

CPE: x-cpe:/a:juniper:steel-belted_radius

Required KB Items: Host/local_checks_enabled

Exploit Ease: No known exploits are available

Patch Publication Date: 11/1/2012

Vulnerability Publication Date: 11/1/2012

Reference Information

CVE: CVE-2011-4576, CVE-2011-4619

BID: 51281

IAVA: 2013-A-0027

Detections

Analytics