Junos OS is prone to a OpenSSL session injection and denial of service vulnerability.
A remote attacker might inject data accross sessions or cause a denial of service.
New builds of Junos OS software are available from Juniper.
A race condition in the ssl3_read_bytes function can allow remote attackers to inject data across sessions or cause a denial of service. This flaw only affects multithreaded applications using OpenSSL 1.0.0 and 1.0.1, where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the default and not common.
Junos OS 11.4, 12.1, 12.2, 12.3, 13.1, 13.2 and 13.3
Check the OS build.
Updated on 2015-03-25