The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of NetScreen IVE

vulnerability note CVE-2014-2291

Junos Pulse Secure Access Service: Cross Site Scripting of Pulse Collaboration

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting in Pulse Collaboration of Junos Pulse Secure Access Service, in order to execute JavaScript code in the context of the web site.
Impacted products: IVE OS, Juniper SA.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 12/03/2014.
Identifiers: CERTFR-2014-AVI-123, CVE-2014-2291, JSA10617, VIGILANCE-VUL-14414.

Description of the vulnerability

The Junos Pulse Secure Access Service product offers a web service.

However, Pulse Collaboration (Secure Meeting) does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting in Pulse Collaboration of Junos Pulse Secure Access Service, in order to execute JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2014-2292

Junos Pulse Secure Access Service: privilege escalation via Linux Network Connect

Synthesis of the vulnerability

A local attacker can use Linux Network Connect of Junos Pulse Secure Access Service, in order to escalate his privileges.
Impacted products: IVE OS, Junos Pulse, Juniper SA.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 12/03/2014.
Identifiers: CERTFR-2014-AVI-123, CVE-2014-2292, JSA10616, VIGILANCE-VUL-14413.

Description of the vulnerability

The Linux Network Connect product is installed on Linux computers, to access to the SSL VPN.

However, a local attacker can use Linux Network Connect to gain root privileges.

A local attacker can therefore use Linux Network Connect of Junos Pulse Secure Access Service, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2013-6956

Juniper Junos Pulse Secure Access Service, IVE: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Juniper Junos Pulse Secure Access Service, IVE, in order to execute JavaScript code in the context of the web site.
Impacted products: IVE OS, Junos Pulse, Juniper SA.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 12/12/2013.
Identifiers: BID-64261, CERTA-2013-AVI-674, CVE-2013-6956, JSA10602, VIGILANCE-VUL-13941.

Description of the vulnerability

The Juniper Junos Pulse Secure Access Service product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Juniper Junos Pulse Secure Access Service, in order to execute JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2012-2131 CVE-2013-0166 CVE-2013-0169

Juniper Junos Pulse SA, IVE, UAC: multiple vulnerabilities of OpenSSL

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OpenSSL of Junos Pulse Secure Access Service (IVE) and Junos Pulse Access Control Service (UAC).
Impacted products: IVE OS, Junos Pulse, Juniper SA, Juniper UAC.
Severity: 3/4.
Consequences: user access/rights, data reading, denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 12/09/2013.
Identifiers: CERTA-2013-AVI-527, CVE-2012-2131, CVE-2013-0166, CVE-2013-0169, JSA10591, VIGILANCE-VUL-13417.

Description of the vulnerability

Several vulnerabilities were announced in Junos Pulse Secure Access Service (IVE) and Junos Pulse Access Control Service (UAC).

An attacker can use malformed ASN.1 data, with an application linked to OpenSSL 0.9.8, in order to corrupt the memory, which leads to a denial of service or to code execution (VIGILANCE-VUL-11564). [severity:3/4; CVE-2012-2131]

An attacker can inject wrongly encrypted messages in a TLS/DTLS session in mode CBC, and measure the delay before the error message reception, in order to progressively guess the clear content of the session (VIGILANCE-VUL-12394). [severity:1/4; CVE-2013-0169]

An attacker can setup a malicious OCSP server, in order to stop OpenSSL applications which connect (VIGILANCE-VUL-12378). [severity:2/4; CVE-2013-0166]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2013-5650

Juniper Junos Pulse SA, IVE, UAC: denial of service via SSL Acceleration Card

Synthesis of the vulnerability

When a SSL Acceleration Card is installed on Junos Pulse Secure Access Service (IVE) and Junos Pulse Access Control Service (UAC), an attacker can send a malformed packet, in order to trigger a denial of service.
Impacted products: IVE OS, Junos Pulse, Juniper SA, Juniper UAC.
Severity: 3/4.
Consequences: denial of service on server.
Provenance: internet client.
Creation date: 12/09/2013.
Identifiers: BID-62354, CERTA-2013-AVI-527, CVE-2013-5650, JSA10590, VIGILANCE-VUL-13416.

Description of the vulnerability

A SSL Acceleration Card can be installed on Junos Pulse Secure Access Service (IVE) and Junos Pulse Access Control Service (UAC).

However, in this case, a special packet blocks the system.

When a SSL Acceleration Card is installed on Junos Pulse Secure Access Service (IVE) and Junos Pulse Access Control Service (UAC), an attacker can therefore send a malformed packet, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2013-5649

Juniper Junos Pulse SA, IVE: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Juniper Junos Pulse Secure Access, in order to execute JavaScript code in the context of the web site.
Impacted products: IVE OS, Junos Pulse, Juniper SA.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 12/09/2013.
Identifiers: BID-62353, CERTA-2013-AVI-527, CVE-2013-5649, JSA10589, VIGILANCE-VUL-13415.

Description of the vulnerability

The Juniper Networks SSL VPN product has a web server.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Juniper Junos Pulse Secure Access, in order to execute JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2013-3970

Juniper SA, UAC: site spoofing via Trusted Server CA Root

Synthesis of the vulnerability

An attacker, who has access to the development certification authority of Juniper, can create a fake site, which is not detected by Junos Pulse Secure Access Service (SSL VPN) nor Junos Pulse Access Control Service (UAC).
Impacted products: IVE OS, Juniper SA, Juniper UAC.
Severity: 2/4.
Consequences: client access/rights.
Provenance: internet server.
Creation date: 14/06/2013.
Identifiers: BID-60521, CVE-2013-3970, JSA10571, VIGILANCE-VUL-12979.

Description of the vulnerability

The Junos Pulse Secure Access Service (SSL VPN) and Junos Pulse Access Control Service (UAC) products contain a list of trusted certification authorities. So, when a site has a certificate published by one of these CA, the user does not see a warning.

However, the development root certificate Juniper was integrated in some production versions of Juniper products.

An attacker, who has access to the development certification authority of Juniper, can therefore create a fake site, which is not detected by Junos Pulse Secure Access Service (SSL VPN) nor Junos Pulse Access Control Service (UAC).
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2012-2110

OpenSSL: memory corruption via asn1_d2i_read_bio

Synthesis of the vulnerability

An attacker can use malformed ASN.1 data, with an application linked to OpenSSL, in order to corrupt the memory, which leads to a denial of service or to code execution.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP-UX, AIX, Tivoli Workload Scheduler, IVE OS, Junos Pulse, Junos Space, Juniper SA, Juniper SBR, Mandriva Linux, NetBSD, NetScreen Firewall, ScreenOS, OpenBSD, OpenSSL, openSUSE, Solaris, RHEL, JBoss EAP by Red Hat, SUSE Linux Enterprise Desktop, SLES, ESX.
Severity: 3/4.
Consequences: user access/rights, denial of service on service.
Provenance: document.
Creation date: 19/04/2012.
Identifiers: 1643316, BID-53158, c03333987, CERTA-2012-AVI-224, CERTA-2012-AVI-286, CERTA-2012-AVI-419, CERTA-2012-AVI-479, CERTFR-2014-AVI-480, CERTFR-2016-AVI-300, CVE-2012-2110, DSA-2454-1, ESX350-201302401-SG, ESX400-201209001, ESX400-201209401-SG, ESX400-201209402-SG, ESX400-201209404-SG, ESX410-201208101-SG, ESX410-201208102-SG, ESX410-201208103-SG, ESX410-201208104-SG, ESX410-201208105-SG, ESX410-201208106-SG, ESX410-201208107-SG, FEDORA-2012-6395, FEDORA-2012-6403, FreeBSD-SA-12:01.openssl, HPSBUX02782, JSA10659, KB27376, MDVSA-2012:060, NetBSD-SA2012-001, openSUSE-SU-2013:0336-1, openSUSE-SU-2013:0337-1, openSUSE-SU-2013:0339-1, PSN-2012-09-712, PSN-2013-03-872, PSN-2013-05-941, RHSA-2012:0518-01, RHSA-2012:0522-01, RHSA-2012:1306-01, RHSA-2012:1307-01, RHSA-2012:1308-01, SOL16285, SSRT100844, SUSE-SU-2012:0623-1, SUSE-SU-2012:0637-1, SUSE-SU-2012:1149-1, SUSE-SU-2012:1149-2, VIGILANCE-VUL-11559, VMSA-2012-0003.1, VMSA-2012-0005.2, VMSA-2012-0005.3, VMSA-2012-0008.1, VMSA-2012-0013, VMSA-2012-0013.1, VMSA-2013-0001.2, VMSA-2013-0003.

Description of the vulnerability

X.509 certificates are encoded with ASN.1 (Abstract Syntax Notation).

OpenSSL uses BIO, which are data streams where a program can write or read.

The asn1_d2i_read_bio() function of OpenSSL decodes ASN.1 data coming from a BIO.

However, this function converts ("cast") size of ASN.1 objects to signed integers (where as "size_t" is unsigned). If the announced size of an object is greater than 0x80000000, an allocation error thus occurs, and the memory is corrupted.

The asn1_d2i_read_bio() function is used by several OpenSSL functions. Note: SSL/TLS clients/servers do not use this function, and are thus not vulnerable (there are exceptions if d2i_X509_bio() is called). However, S/MIME or CMS applications are vulnerable.

An attacker can therefore use malformed ASN.1 data, with an application linked to OpenSSL, in order to corrupt the memory, which leads to a denial of service or to code execution.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2011-4619

OpenSSL: denial of service via SGC

Synthesis of the vulnerability

An attacker can use the handshake restart feature of SGC without the Client Hello message, in order to create a denial of service.
Impacted products: BIG-IP Hardware, TMOS, FreeBSD, HP-UX, AIX, Tivoli Workload Scheduler, IVE OS, Junos Pulse, Juniper SA, OpenSSL, openSUSE, Solaris, JBoss EAP by Red Hat, ESX, ESXi, VMware vSphere, VMware vSphere Hypervisor.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 13/03/2012.
Identifiers: 1643316, c03333987, CERTA-2012-AVI-286, CERTA-2012-AVI-479, CVE-2011-4619, ESX410-201208101-SG, ESX410-201208102-SG, ESX410-201208103-SG, ESX410-201208104-SG, ESX410-201208105-SG, ESX410-201208106-SG, ESX410-201208107-SG, ESXi410-201208101-SG, ESXi500-201212102-SG, FreeBSD-SA-12:01.openssl, HPSBUX02782, openSUSE-SU-2013:0336-1, openSUSE-SU-2013:0337-1, openSUSE-SU-2013:0339-1, PSN-2012-09-712, RHSA-2012:1306-01, RHSA-2012:1307-01, RHSA-2012:1308-01, SOL15389, SOL15461, SSRT100844, VIGILANCE-VUL-11428, VMSA-2012-0005.2, VMSA-2012-0012.1, VMSA-2012-0012.2, VMSA-2012-0013, VMSA-2012-0013.2, VMSA-2013-0003.

Description of the vulnerability

The SGC (Server Gated Cryptography) technology processes weak algorithms/keys. It is considered as obsolete.

An attacker can use the handshake restart feature of SGC without the Client Hello message, in order to create a denial of service.

This vulnerability results from a bad correction for CVE-2011-4619 (VIGILANCE-VUL-11257).
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2012-0884

OpenSSL: Bleichenbacher attack on CMS and PKCS7

Synthesis of the vulnerability

The Bleichenbacher attack can be used against the OpenSSL implementation of CMS and PKCS#7, in order to obtain clear text information, using 2^20 messages.
Impacted products: IPSO, Debian, Fedora, FreeBSD, HP-UX, AIX, Tivoli Workload Scheduler, IVE OS, Junos Pulse, Juniper SA, Mandriva Linux, OpenSSL, openSUSE, Solaris, RHEL, JBoss EAP by Red Hat, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: data reading.
Provenance: document.
Creation date: 12/03/2012.
Identifiers: 1643316, BID-52428, c03333987, CERTA-2012-AVI-134, CERTA-2012-AVI-286, CERTA-2012-AVI-419, CVE-2012-0884, DSA-2454-1, FEDORA-2012-4659, FEDORA-2012-4665, FreeBSD-SA-12:01.openssl, HPSBUX02782, MDVSA-2012:038, openSUSE-SU-2012:0547-1, openSUSE-SU-2013:0336-1, openSUSE-SU-2013:0337-1, openSUSE-SU-2013:0339-1, PSN-2012-09-712, RHSA-2012:0426-01, RHSA-2012:1306-01, RHSA-2012:1307-01, RHSA-2012:1308-01, sk76360, SSRT100844, SUSE-SU-2012:0479-1, VIGILANCE-VUL-11427.

Description of the vulnerability

The PKCS#7 format is used to represent a signed or encrypted document. CMS (Cryptographic Message Syntax) is an improvement of PKCS#7. S/MIME used PKCS#7, and now uses CMS. TLS/SSL does not use PKCS#7 nor CMS.

In 1998, Daniel Bleichenbacher proposed an attack to detect if clear data belong to encrypted data in a PKCS#1 block. This attack is named "Million Message Attack" because it requires to query an oracle numerous times.

However, the Bleichenbacher attack can be used against the OpenSSL implementation of CMS and PKCS#7, in order to obtain clear text information, using 2^20 messages.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about NetScreen IVE: