copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login





 

ESB-2014.0952.2 - UPDATE [Linux][Juniper][Mobile][OSX] Juniper Products: Multiple vulnerabilities

Date: 08 December 2014
References: ESB-2014.0755  ESB-2014.0887  ESB-2014.0932  ESB-2014.0933  ESB-2014.0946.10  ESB-2014.0962  

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                              ESB-2014.0952.2
2014-06 Out of Cycle Security Bulletin: Vulnerabilities in OpenSSL related
 to ChangeCipherSpec, DTLS, SSL_MODE_RELEASE_BUFFERS and ECDH ciphersuites
                              8 December 2014

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Junos OS
                   Juniper Secure Access
                   Juniper Pulse Desktop
                   Juniper Network Connect
                   Host Checker
                   Junos Space
                   Junos Pulse
Publisher:         Juniper Networks
Operating System:  Juniper
                   Mobile Device
                   Linux variants
                   OS X
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Access Privileged Data          -- Remote/Unauthenticated
                   Denial of Service               -- Remote/Unauthenticated
                   Provide Misleading Information  -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2014-3470 CVE-2014-0224 CVE-2014-0221
                   CVE-2014-0198 CVE-2014-0195 CVE-2010-5298

Reference:         ESB-2014.0946
                   ESB-2014.0933
                   ESB-2014.0932
                   ESB-2014.0887
                   ESB-2014.0755

Original Bulletin: 
   http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629

Revision History:  December  8 2014: Included status of SBR Carrier, updated 
				     available Junos OS for SRX solution 
         			     releases.
                   June     11 2014: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

2014-06 Out of Cycle Security Bulletin: Vulnerabilities in OpenSSL related
to ChangeCipherSpec, DTLS, SSL_MODE_RELEASE_BUFFERS and ECDH ciphersuites

Categories:

    Junos
    Router Products
    M-series
    T-series
    MX-series
    SA Series (SSL VPN)
    UAC Series
    Switch Products
    EX-series
    SSL_VPN_(IVE_OS)


Security Advisories ID:		JSA10629
Last Updated:			04 Dec 2014
Version:			43.0

Product Affected:
Various products: Please see the list in the problem section

Problem:
OpenSSL published an advisory on June 5th regarding following seven
vulnerabilities that have been fixed in OpenSSL versions 0.9.8za, 1.0.0m
and 1.0.1h.

Following is a summary of vulnerabilities and their status with respect
to Juniper products:

CVE-2014-0224 SSL/TLS MITM vulnerability

An attacker using a carefully crafted handshake can force the use of
weak keying material in OpenSSL SSL/TLS clients and servers. This can
be exploited by a Man-in-the-middle (MITM) attack where the attacker can
decrypt and modify traffic from the attacked client and server. The attack
can only be performed between a vulnerable client and server. OpenSSL
clients are vulnerable in all versions of OpenSSL. Servers are only known
to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1.

    Junos OS: Any product or platform running Junos OS versions prior to
    14.1 are vulnerable to this issue (PR 999736).
    Following Secure Access software versions are vulnerable (PR 1000219):
	IVEOS 8.0 prior to 8.0R4.1
	IVEOS 7.4 prior to 7.4R11.1
	UACOS C4.4 prior to C4.4r11.1
	UACOS C5.0 prior to C5.0r4.1
    Following Pulse Desktop versions are vulnerable (PR 1000143):
	5.0 prior to 5.0R4.1
	4.0 prior to 4.0R11.1
    Secure Access software versions 7.1rX, 7.2rX and 7.3rX are not vulnerable
    on the server side when clients are used to access Secure Access server
    with those versions.
    All Network Connect FIPS versions are vulnerable.
    All versions Linux Network Connect are vulnerable
    Network Connect for Mac OS X is vulnerable only if openssl version
    provided by Mac OS X system is vulnerable.
    All versions of Host Checker are vulnerable.
    All JSAM (Java Secure Application Manager) versions are NOT vulnerable.
    All WSAM (Windows Secure Application Manager) versions are NOT
    vulnerable.
    All Junos Pulse (Mobile) for iOS FIPS versions are vulnerable (PR
    1000204).
    All Junos Pulse (Mobile) for Android versions are vulnerable.
    All versions of Junos Space prior to 14.1R1 are vulnerable (PR 999804).
    Junos WebApp Secure (JWAS) is vulnerable (PR 1000088).
    SBR Enterprise 6.10-6.17 are vulnerable. Please see KB29217 for more
    information on this product.
    SBR Carrier is vulnerable in 7.5.0 versions prior to 7.5.0-R11, 7.6.0
    versions prior to 7.6.0-R10 and 8.0.0 versions prior to 8.0.0-R2
    are vulnerable.
    ScreenOS is not vulnerable (PR 999772) - ScreenOS Web UI is not
    vulnerable and all Juniper servers that ScreenOS can connect to have
    been verified to be not vulnerable, hence ScreenOS is not vulnerable.
    Windows Network Connect (Non-FIPS) versions are not vulnerable.
    Junos Pulse (iOS) Non-FIPS versions are not vulnerable.
    Windows In-Box Junos Pulse Client on Windows 8.1 is not vulnerable.
    Junos Pulse (Mobile) for Windows Phone 8.1 versions is not vulnerable.



CVE-2014-0198 SSL_MODE_RELEASE_BUFFERS NULL pointer dereference

A flaw in the do_ssl3_write function can allow remote attackers to cause a
denial of service via a NULL pointer dereference. This flaw only affects
OpenSSL 1.0.0 and 1.0.1 where SSL_MODE_RELEASE_BUFFERS is enabled, which
is not the default and not common.

    All versions of Junos OS running on any product or platform running
    are vulnerable (PR 988917).
    Following Secure Access versions are vulnerable (PR 988916):
	IVEOS 8.0 prior to 8.0R4.1
	IVEOS 7.4 prior to 7.4R11.1
	UACOS C4.4 prior to C4.4r11.1
	UACOS C5.0 prior to C5.0r4.1
    Secure Access software versions 7.1, 7.2 and 7.3 are not vulnerable.
    Junos WebApp Secure (JWAS) is vulnerable (PR 1000088).
    Junos Space is not vulnerable.
    ScreenOS is not vulnerable.
    SBR Carrier is not vulnerable.



CVE-2010-5298 SSL_MODE_RELEASE_BUFFERS session injection or denial of service

A race condition in the ssl3_read_bytes function can allow remote attackers
to inject data across sessions or cause a denial of service. This flaw only
affects multithreaded applications using OpenSSL 1.0.0 and 1.0.1, where
SSL_MODE_RELEASE_BUFFERS is enabled, which is not the default and not common.

    Junos OS: Any product or platform running Junos OS versions prior to
    14.1 are vulnerable to this issue (PR 984416).
    Following Secure Access versions are vulnerable (PR 986446):
	IVEOS 8.0 prior to 8.0r4
	IVEOS 7.4 prior to 7.4r11
	UACOS C4.4 prior to C4.4r11.1
	UACOS C5.0 prior to C5.0r4.1
    Secure Access software versions 7.1, 7.2 and 7.3 are not vulnerable.
    Junos WebApp Secure (JWAS) is vulnerable (PR 1000088).
    Junos Space is not vulnerable.
    ScreenOS is not vulnerable.
    SBR Carrier is not vulnerable.



CVE-2014-3470 Anonymous ECDH denial of service

OpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to
a denial of service attack.

    Junos WebApp Secure (JWAS) is vulnerable (PR 1000088).
    SBR Carrier is vulnerable (PR 1030183).
    Junos Pulse is not vulnerable.
    Junos Space is not vulnerable.
    ScreenOS is not vulnerable.
    SSL VPN Secure Access software is not vulnerable, however software
    has been updated to include OpenSSL changes for this issue.
    Junos OS is not vulnerable.


CVE-2014-0076 ECDSA nonce disclosure using side-channel attack

The Montgomery ladder implementation in OpenSSL through 1.0.0l does not
ensure that certain swap operations have a constant-time behavior, which
makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD
cache side-channel attack.

    Junos OS: Any product or platform running Junos OS versions prior to
    13.3 are vulnerable to this issue (PR 982853).
    Junos WebApp Secure (JWAS) is vulnerable (PR 1000088).
    ScreenOS is vulnerable (PR 999772).
    Junos Space is not vulnerable.
    SSL VPN Secure Access software is not vulnerable
    Unified Access Control software is not vulnerable
    SA Series SSL VPN Virtual Appliance is vulnerable.
    Junos Pulse for windows is vulnerable.
    SBR Carrier is not vulnerable.



CVE-2014-0221 DTLS recursion flaw

By sending an invalid DTLS handshake to an OpenSSL DTLS client the code can
be made to recurse eventually crashing in a DoS attack. Only applications
using OpenSSL as a DTLS client are affected.

    Juniper SIRT is not aware of any Juniper products that use DTLS for
    communication. Juniper products are not vulnerable to this issue. Junos
    OS, SSL VPN products, ScreenOS, Junos Space, Junos WebApp Secure (JWAS)
    are not vulnerable to this issue.



CVE-2014-0195 DTLS invalid fragment vulnerability

A buffer overrun attack can be triggered by sending invalid DTLS fragments
to an OpenSSL DTLS client or server. This is potentially exploitable to
run arbitrary code on a vulnerable client or server. Only applications
using OpenSSL as a DTLS client or server affected.

    Juniper SIRT is not aware of any Juniper products that use DTLS for
    communication. Juniper products are not vulnerable to this issue. Junos
    OS, SSL VPN products, ScreenOS, Junos Space, Junos WebApp Secure (JWAS)
    are not vulnerable to this issue.




Products not vulnerable to any of the above issues:

    ADC Software is not vulnerable
    SmartPass is not vulnerable
    JunosE is not vulnerable
    WX/WXC series is not vulnerable


Juniper is investigating our product portfolio for affected software that
is not mentioned above. As new information becomes available this document
will be updated.

Modification History:
June 5, 2014: Initial release
June 6, 2014: Included status of ScreenOS, Junos Space
June 10, 2014: Included UAC/SA/Pulse information in solution section,
updated status of ScreenOS.
June 12, 2014: Included status of Junos WebApp Secure (JWAS).
July 1, 2014: Included status of WX/WXC series.
July 29, 2014: Updated available Junos OS resolution releases.
September 4th, 2014: Fixed grammatical error in ScreenOS problem section.
September 11th, 2014: Updated available Junos OS and Junos Space resolution
releases.
October 5th, 2014: Updated available Junos OS solution releases.
Dec 4, 2014: Included status of SBR Carrier, updated available Junos OS
for SRX solution releases.

Solution:

    SA (SSL VPN)
	CVE-2014-0224 SSL/TLS MITM vulnerability
	    Fixes for this issue are found in IVEOS 8.0r4.1 and 7.4r11.1,
	    For more information on solution available for this platform
	    please see KB: http://kb.juniper.net/KB29195
	CVE-2014-0198 SSL_MODE_RELEASE_BUFFERS NULL pointer dereference
	    Fixes for this issue are found in IVEOS 7.4R11.1 and 8.0R4.1.
	CVE-2010-5298 SSL_MODE_RELEASE_BUFFERS session injection or denial
	of service
	    Fixes for this issue are found in IVEOS 7.4R11 and 8.0R4.
	CVE-2014-3470 Anonymous ECDH denial of service
	    Fixes for this issue are found in IVEOS  7.1r19.1, 7.4R11.1
	    and 8.0R4.1.
    SA Series SSL VPN Virtual Appliance
	Fixes for this platform are in progress. We plan to add a fix in
	a future SA major release.
    UAC/IC
	CVE-2014-0224 SSL/TLS MITM vulnerability
	    Fixes for this issue are found in UACOS C4.4r11.1 and C5.0r41.1.
	CVE-2014-0198 SSL_MODE_RELEASE_BUFFERS NULL pointer dereference
	    Fixes for this issue are found in UACOS C4.4r11.1 and C5.0r41.1.
	CVE-2010-5298 SSL_MODE_RELEASE_BUFFERS session injection or denial
	of service
	    Fixes for this issue are found in UACOS C4.4r11.1 and C5.0r41.1.
	CVE-2014-3470 Anonymous ECDH denial of service
	    Fixes for this issue are found in UACOS C4.4r11.1 and C5.0r41.1.
    Junos Pulse
	CVE-2014-0224 SSL/TLS MITM vulnerability
	    Fixes for this issue are found in 5.0r4.1 and 4.0r11.1.
	    For more information on solution available for this platform
	    please see KB: http://kb.juniper.net/KB29195
	CVE-2014-0076 ECDSA nonce disclosure using side-channel attack
	    Fixes for this issue are planned for a future release (5.1r1)
	    No ETA is set at this time.
    IDP Signatures
	Juniper has released signatures to detect attempts to exploit
	CVE-2014-0224:
	    http://services.netscreen.com/documentation/signatures/SSL%3AOPENSSL-MITM-SEC-BYPASS.html
	    https://signatures.juniper.net/restricted/sigupdates/nsm-updates/2386.html
    Junos OS
	CVE-2014-0224 SSL/TLS MITM vulnerability
	    This issue is fixed in 11.4R12-S1, 12.1X44-D40, 12.1X46-D20,
	    12.1X46-D25, 12.1X47-D15, 12.2R9, 12.3R8, 13.1R4-S2, 13.2R5,
	    13.3R2-S3, 13.3R3, 14.1R1 and all subsequent releases. Even
	    though CVE-2014-0221, CVE-2014-0195 and CVE-2014-3470 do not
	    affect Junos, changes to resolve these issues are included
	    along with the fix for CVE-2014-0224.
	CVE-2014-0198 SSL_MODE_RELEASE_BUFFERS NULL pointer dereference
	    This is fixed in 11.4R12-S4, 12.1X44-D40, 12.1X46-D20,
	    12.1X46-D25, 12.1X47-D15, 12.2R9, 12.3R8, 13.1R4-S3, 13.2R5-S1,
	    13.3R3, 14.1R2 and all subsequent releases.
	CVE-2010-5298 SSL_MODE_RELEASE_BUFFERS session injection or denial
	of service
	    This is fixed in 12.1X44-D40, 12.1X46-D20, 12.1X46-D25,
	    12.1X47-D10, 12.2R9, 12.3R7, 13.1R4-S3, 13.2R5, 13.3R2-S3,
	    13.3R3, 14.1R1 and all subsequent releases.
	    A fix release is pending for Junos 11.4.
	CVE-2014-0076 ECDSA nonce disclosure using side-channel attack
	    This is fixed in 11.4R12-S1, 12.1X44-D40, 12.1X46-D20,
	    12.1X46-D25, 12.1X47-D10, 12.2R9, 12.3R7, 13.1R4-S3, 13.2R5-S1,
	    13.3R1 and all subsequent releases.
    Junos Space
	CVE-2014-0224 SSL/TLS MITM vulnerability is fixed in Junos Space
	14.1R1 and all later releases
    SBR Carrier
	CVE-2014-0224 is fixed in 7.5.0-R11, 7.6.0-R10, 8.0.0-R2 and all
	later releases.
	Release of fixes for CVE-2014-3470 is pending.


We are currently investigating our product portfolio for affected software
and will work to provide fixes for any software that is found to be
vulnerable. Any available solution to particular CVEs is listed in the
Problem section above.

Workaround:
Junos OS:
Since SSL is used for remote network configuration and management
applications such as J-Web and SSL Service for JUNOScript (XNM-SSL),
viable workarounds for this issue in Junos may include:

    Disabling J-Web
    Disable SSL service for JUNOScript and only use Netconf, which makes
    use of SSH, to make configuration changes
    Limit access to J-Web and XNM-SSL from only trusted network


Workaround for CVE-2014-0076:
Since this vulnerability requires an attacker to have a local account on
the device and be able to execute arbitrary code, limiting access to only
trusted users should completely mitigate the issue on affected devices.

Implementation:

Related Links:

    OpenSSL Security Advisory [05 Jun 2014]

    KB16765: In which releases are vulnerabilities fixed?

    KB16446: Common Vulnerability Scoring System (CVSS) and Juniper's
    Security Advisories

    Report a Security Vulnerability - How to Contact the Juniper Networks
    Security Incident Response Team

CVSS Score:
5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)

Risk Level:
High

Risk Assessment:
A network based attacker who can conduct man-in-the-middle type of attacks
can decrypt or modify encrypted traffic. This may contains sensitive
information that can be leveraged to conduct additional attacks.

Acknowledgements:

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVITh8hLndAQH1ShLAQKfSBAAuiKMD+xG4fPPFSkIURuZcsLUy112tubh
IwpGwouYP07vbAM0NgPTJk8GrrWjEbPVBhewnPrayMtW/pQMD4fZolGZWGRFOHd2
WKtnaicYuXuplDHptyxJBex4KUMrUfoTdy4DthV7K6SgEwMjD+o7kGEck/ZnVpkE
kCQ3XK5xPKwvNu52SjzIXSTRZ/PKQCAmfDJbrCnLa+xOAmO/0E6bXT5LDEN8XN4B
OxJtdw/iLpf+h56ItbCsxj+Z1a5Fq0wb2xyVHpBK5DRvIjYwnWXE9rSdoJmfmkUr
9En+mpJwWbzLsL0HyCvchHwA68i3OmZ6BKvaTAAl4v2YOjW1t/eqNsgTzIPYjBSD
kDYN+ia97NrFDe2Lm7kXL0eWY3kkHRFhQpamJQFBHvpOGl0Lxcr7iQzF3pviqlaw
kusyWiMNEhmCE77sVPvy8M2lWfgRBLE21Nw3RD1yoFQNdBTfeno3V+aSJjHidk7i
Yy8KKHZxVMrdGmnBCVvUR13rCPzld/zauPYa5O6Ik3zx7cwA9ssZy/C8ErV/3WHr
u/DBG3ZCj6ez4hafMn1QQtzHc5b8313UmEpd2tPC4V4bGg1bQX/M6sMwL14EUYGH
QqhtkNrmh58TAydtjDF2ibi5z9u5rvvBUr7/4S1OtCMhGMagWvCU4oTrMHmv9Yr0
cTo8OPwIrzQ=
=IB7P
-----END PGP SIGNATURE-----