Juniper Junos OpenSSL ASN.1 Memory Corruption (PSN-2012-07-645)

This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.


Synopsis :

The remote router has a memory corruption vulnerability.

Description :

According to its self-reported version number, the remote Junos
router is using an outdated version of OpenSSL. Parsing malformed
ASN.1 encoded data can result in memory corruption. This vulnerability
can be triggered by attempting to parse untrusted data (e.g., an X.509
certificate).

See also :

http://seclists.org/fulldisclosure/2012/Apr/210
https://www.openssl.org/news/secadv/20120419.txt
https://www.openssl.org/news/secadv/20120424.txt
http://www.nessus.org/u?df5606ad

Solution :

Apply the relevant Junos upgrade referenced in Juniper advisory
PSN-2012-07-645.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.2
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Junos Local Security Checks

Nessus Plugin ID: 59989 ()

Bugtraq ID: 53158
53212

CVE ID: CVE-2012-2110
CVE-2012-2131

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now