This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.
The remote host is affected by multiple vulnerabilities.
The version of Juniper ScreenOS running on the remote host is 6.3.x
prior to 6.3.0r22. It is, therefore, affected by multiple
vulnerabilities in its bundled version of OpenSSL :
- A denial of service vulnerability exists due to improper
validation of the content and length of the ASN1_TIME
string by the X509_cmp_time() function. A remote
attacker can exploit this, via a malformed certificate
and CRLs of various sizes, to cause a segmentation
fault, resulting in a denial of service condition. TLS
clients that verify CRLs are affected. TLS clients and
servers with client authentication enabled may be
affected if they use custom verification callbacks.
- A NULL pointer dereference flaw exists in the PKCS#7
parsing code due to incorrect handling of missing inner
'EncryptedContent'. This allows a remote attacker, via
specially crafted ASN.1-encoded PKCS#7 blobs with
missing content, to cause a denial of service condition
or other potential unspecified impacts. (CVE-2015-1790)
- A double-free error exists due to a race condition that
occurs when a NewSessionTicket is received by a
multi-threaded client when attempting to reuse a
previous ticket. A remote attacker can exploit this to
cause a denial of service condition or other potential
unspecified impact. (CVE-2015-1791)
- A flaw exists in the ASN1_TFLG_COMBINE implementation in
file tasn_dec.c related to handling malformed
X509_ATTRIBUTE structures. A remote attacker can exploit
this to cause a memory leak by triggering a decoding
failure in a PKCS#7 or CMS application, resulting in a
denial of service. (CVE-2015-3195)
Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.
See also :
Upgrade to Juniper ScreenOS version 6.3.0r22 or later. Alternatively,
refer to the vendor advisory for additional workarounds.
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.0
Public Exploit Available : false