SSL VPN
Reply
Contributor
rotearc
Posts: 82
Registered: ‎07-10-2010
0

In regards to PSN-2011-03-198 and 199

Hi Forum members,

 

Anyone read the PSN-2011-03-198 and 199?

 

Here is the link, (requires login)

 

http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2011-03-198&viewMode...

 

http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2011-03-199&viewMode...

 

I read both of these security advisories and the information stated are not very clear as to what is the potential service impact?

 

Since there is another update sometimes around April 1 for IE9,  I don't want to perform the upgrade twice within the next 15 days. 

 

 

Juniper Employee
DaveDugal
Posts: 2
Registered: ‎01-08-2009

Re: In regards to PSN-2011-03-198 and 199

[ Edited ]

Hello rotearc.

 

Thanks for the question regarding the service impact of our two recently released out-of-cycle PSNs.

 

These two PSNs each resulted in a CVSS Base Score of 5.8  Along with this score, a CVSS Vector was supplied:

(AV:N/AC:M/Au:N/C:P/I:P/A:N)

 

.  Among other things, this vector represents a partial confidentiality and partial integrity impact.

 

 

Without going into detail that would violate entitled disclosure, the issue is that one can obtain access to content that shouldn't be accessible.  While the direct impact of arbitrary access to these files is minimal, the integrity breach could lead to additional methods of attack, beyond the scope of this medium risk vulnerability.

 

Dave Dugal

    Juniper SIRT

 

Moderator Moderator
Moderator
ruc
Posts: 232
Registered: ‎11-06-2007
0

Re: In regards to PSN-2011-03-198 and 199

One minor clarification regarding the IE9 KB @ http://kb.juniper.net/KB19293

 

>>>Since there is another update sometimes around April 1 for IE9

 

The update referred to in the KB article is an update of the content in the KB article itself and not the actual releases that will support IE9.

Contributor
rotearc
Posts: 82
Registered: ‎07-10-2010
0

Re: In regards to PSN-2011-03-198 and 199

Dave,

 

Thanks for the reply.  But it still does not help me to understand what are the risks?  Maybe we should take this offline.  If you can send me a private message.  I will like to discuss with you on this matters.

 

Regards,

 

Ernest

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.