Juniper Junos Space < 15.1R2 Multiple Vulnerabilities (JSA10727) (Bar Mitzvah) (Logjam)

High Nessus Plugin ID 91779

Synopsis

The remote device is affected by multiple vulnerabilities.

Description

According to its self-reported version number, the version of Junos Space running on the remote device is prior to 15.1R2. It is, therefore, affected by multiple vulnerabilities :

- A flaw exists in the JCE component in the Oracle Java runtime due to various cryptographic operations using non-constant time comparisons. An unauthenticated, remote attacker can exploit this, via timing attacks, to disclose potentially sensitive information.
(CVE-2015-2601)

- A flaw exists in the JCE component in the Oracle Java runtime, within the ECDH_Derive() function, due to missing EC parameter validation when performing ECDH key derivation. A remote attacker can exploit this to disclose potentially sensitive information.
(CVE-2015-2613)

- A flaw exists in the JSSE component in the Oracle Java runtime, related to performing X.509 certificate identity checks, that allows a remote attacker to disclose potentially sensitive information. (CVE-2015-2625)

- A NULL pointer dereference flaw exists in the Security component in the Oracle Java runtime, which is related to the GCM (Galois Counter Mode) implementation when performing encryption using a block cipher in GCM mode.
An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2015-2659)

- A security feature bypass vulnerability exists, known as Bar Mitzvah, due to improper combination of state data with key data by the RC4 cipher algorithm during the initialization phase. A man-in-the-middle attacker can exploit this, via a brute-force attack using LSB values, to decrypt the traffic. (CVE-2015-2808)

- A man-in-the-middle vulnerability, known as Logjam, exists due to a flaw in the SSL/TLS protocol. A remote attacker can exploit this flaw to downgrade connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. (CVE-2015-4000)

- A flaw exists in the Security component in the Oracle Java runtime when handling Online Certificate Status Protocol (OCSP) responses with no 'nextUpdate' date specified. A remote attacker can exploit this to cause a revoked X.509 certificate to be accepted.
(CVE-2015-4748)

- A flaw exists in the JNDI component in the Oracle Java runtime, within the DnsClient::query() function, due to a failure by DnsClient exception handling to release request information. An unauthenticated, remote attacker can exploit this to cause a denial of service condition.
(CVE-2015-4749)

Solution

Upgrade to Junos Space version 15.1R2 or later.

See Also

http://www.nessus.org/u?a84b985b

http://www.nessus.org/u?4bbf45ac

https://weakdh.org/

Plugin Details

Severity: High

ID: 91779

File Name: juniper_space_jsa10727.nasl

Version: 1.5

Type: local

Published: 2016/06/23

Updated: 2018/07/12

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.6

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:juniper:junos_space

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2016/04/13

Vulnerability Publication Date: 2015/01/19

Reference Information

CVE: CVE-2015-2601, CVE-2015-2613, CVE-2015-2625, CVE-2015-2659, CVE-2015-2808, CVE-2015-4000, CVE-2015-4748, CVE-2015-4749

BID: 73684, 74733, 75854, 75867, 75871, 75877, 75890, 75895

JSA: JSA10727