Jump to content
sleed

Juniper patches Logjam

By sleed, in Stiri securitate

Recommended Posts

sleed Newbie

sleed

Posted
Posted

Juniper Networks sysadmins can add Junos Space network management patches to their to-do list.

The gin palace says “any product or platform running Junos Space before 15.2R1” has the privilege escalation vulnerabilities, adding that “Attack vectors include: cross site request forgeries (CSRF), default authentication credentials, information leak and command injection”.

The remotely-exploitable bugs, turned up by the company's internal code review, include six vectors inherited from Oracle's Java SE (CVE-2015-4748, CVE-2015-2601, CVE-2015-2613, CVE-2015-4749, CVE-2015-2625 and CVE-2015-2659). These have been fixed with an upgrade to the Oracle Java runtime, to 1.7.0 update 85.

The company also discovered that Space still had an RC4 implementation that was vulnerable to last year's Bar Mitzvah attack, and a TLS implementation subject to Logjam.

The vulnerabilities have been cleaned up in Junos Space 15.2R1, which first shipped in March 2016.

Juniper adds that Junos Space should only be accessible from trusted networks, and should run on “jump boxes” without direct Internet access. ®

 

Sursa: Source

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...