Juniper Steel-Belted Radius Multiple OpenSSL Vulnerabilities

Medium Nessus Plugin ID 70165


The remote host has an application installed that is affected by multiple OpenSSL vulnerabilities.


The version of Juniper Steel-Belted Radius software installed on the remote RedHat or CentOS host is affected by multiple OpenSSL vulnerabilities :

- The SSL 3.0 implementation in OpenSSL does not properly initialize data structures for block cipher padding, which could allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer. (CVE-2011-4576)

- The Server Gated Cryptography (SGC) implementation in OpenSSL does not properly handle handshake restarts, which could allow remote attackers to cause a denial of service condition. (CVE-2011-4619)


Updates are available from the vendor.

See Also

Plugin Details

Severity: Medium

ID: 70165

File Name: juniper_sbr_multiple.nasl

Version: 1.6

Type: local

Family: Misc.

Published: 2013/09/27

Updated: 2018/07/12

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: x-cpe:/a:juniper:steel-belted_radius

Required KB Items: Host/local_checks_enabled

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2012/11/01

Vulnerability Publication Date: 2012/11/01

Reference Information

CVE: CVE-2011-4576, CVE-2011-4619

BID: 51281

IAVA: 2013-A-0027