[j-nsp] SA SSL VPN vulnerable to Heartbleed?
Jed Laundry
jlaundry at jlaundry.com
Wed Apr 9 04:26:37 EDT 2014
For those who haven't yet seen, R*.1 releases are now available with
updated OpenSSL libraries.
Thanks,
Jed.
On 9 April 2014 11:53, Matthew Tighe <wldsbn at gmail.com> wrote:
> Just released http://kb.juniper.net/JSA10623
>
> ---
>
> Sounds like an advisory is coming today:
>
>
>
> "The Juniper SIRT is fully aware of the vulnerability and Engineering is
> working on fixes for affected releases of Junos OS and IVE OS. Juniper
> will be providing an out-of-cycle advisory (JSA) on this issue later today
> (April 8th, 2014). Junos OS 13.3 and above use OpenSSL 1.0.1 which is
> affected by this vulnerability, while earlier versions use OpenSSL 0.9.8
> and are unaffected by this vulnerability. SA 7.4r1 and UAC 4.4r1 are also
> confirmed as vulnerable, since they use OpenSSL 1.0.1. PR 981102 has been
> submitted for Junos to upgrade OpenSSL to 1.0.1g, and PR 981148 has been
> submitted for IVE OS to disable TLS heartbeat.
>
>
>
> SSL VPN (IVEOS) 7.3, 7.2, and 7.1 are not vulnerable"
>
>
>
>
>
>
>
> > On Apr 8, 2014, at 3:41 PM, "Andy Litzinger" <
> Andy.Litzinger at theplatform.com> wrote:
>
> >
> > I opened a JTAC case for the same issue. JTAC said their security team
> is
>
> > aware of the CVE and they are waiting for fix/recommendation.
>
> >
> > -andy
>
> >
> >> On 4/8/14 2:51 PM, "David B Funk" <dbfunk at engineering.uiowa.edu> wrote:
>
> >>
> >> We have a SA4500 SSL VPN box with the JTAC recommended 7.4R8.0 release.
>
> >> Testing by tools such as "https://www.ssllabs.com/ssltest/" shows it to
>
> >> be vulnerable to the Heartbleed attack (http://heartbleed/).
>
> >>
> >> Checking software downloads at juniper.net does not even seem to
>
> >> have an alert for this problem, let alone a fix.
>
> >>
> >> Does Juniper have a clue about this?
>
> >> Is anybody else worried?
>
> >>
> >> --
> >> Dave Funk University of Iowa
>
> >> <dbfunk (at) engineering.uiowa.edu> College of Engineering
>
> >> 319/335-5751 FAX: 319/384-0549 1256 Seamans Center
>
> >> Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
>
> >> #include <std_disclaimer.h>
>
> >> Better is not better, 'standard' is better. B{
>
> >> _______________________________________________
>
> >> juniper-nsp mailing list juniper-nsp at puck.nether.net
>
> >> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
> >
> >
> > _______________________________________________
>
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
>
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
>
> _______________________________________________
>
> juniper-nsp mailing list juniper-nsp at puck.nether.net
>
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list