The Grugq

**Name of the Vulnerable Software and Affected Versions** Juniper ScreenOS versions 6.2.0r15 through 6.2.0r18 Juniper ScreenOS versions 6.3.0r12 before 6.3.0r12b Juniper ScreenOS versions 6.3.0r13 before 6.3.0r13b Juniper ScreenOS versions 6.3.0r14 before 6.3.0r14b Juniper ScreenOS versions 6.3.0r15 before 6.3.0r15b Juniper ScreenOS versions 6.3.0r16 before 6.3.0r16b Juniper ScreenOS versions 6.3.0r17 before 6.3.0r17b Juniper ScreenOS versions 6.3.0r18 before 6.3.0r18b Juniper ScreenOS versions 6.3.0r19 before 6.3.0r19b Juniper ScreenOS versions 6.3.0r20 before 6.3.0r21 **Description** The issue is related to weaknesses in the authentication procedure of the ScreenOS operating system. This allows a remote attacker to gain administrative access by entering a specially crafted password during an SSH or TELNET session. **Recommendations** For Juniper ScreenOS versions 6.2.0r15 through 6.2.0r18, update to a version outside of this range. For Juniper ScreenOS versions 6.3.0r12 before 6.3.0r12b, update to 6.3.0r12b or later. For Juniper ScreenOS versions 6.3.0r13 before 6.3.0r13b, update to 6.3.0r13b or later. For Juniper ScreenOS versions 6.3.0r14 before 6.3.0r14b, update to 6.3.0r14b or later. For Juniper ScreenOS versions 6.3.0r15 before 6.3.0r15b, update to 6.3.0r15b or later. For Juniper ScreenOS versions 6.3.0r16 before 6.3.0r16b, update to 6.3.0r16b or later. For Juniper ScreenOS versions 6.3.0r17 before 6.3.0r17b, update to 6.3.0r17b or later. For Juniper ScreenOS versions 6.3.0r18 before 6.3.0r18b, update to 6.3.0r18b or later. For Juniper ScreenOS versions 6.3.0r19 before 6.3.0r19b, update to 6.3.0r19b or later. For Juniper ScreenOS versions 6.3.0r20 before 6.3.0r21, update to 6.3.0r21 or later. As a temporary workaround, consider restricting access to SSH and TELNET sessions until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Juniper ScreenOS versions 6.2.0r15 through 6.2.0r18 Juniper ScreenOS versions 6.3.0r12 before 6.3.0r12b Juniper ScreenOS versions 6.3.0r13 before 6.3.0r13b Juniper ScreenOS versions 6.3.0r14 before 6.3.0r14b Juniper ScreenOS versions 6.3.0r15 before 6.3.0r15b Juniper ScreenOS versions 6.3.0r16 before 6.3.0r16b Juniper ScreenOS versions 6.3.0r17 before 6.3.0r17b Juniper ScreenOS versions 6.3.0r18 before 6.3.0r18b Juniper ScreenOS versions 6.3.0r19 before 6.3.0r19b Juniper ScreenOS versions 6.3.0r20 before 6.3.0r21 **Description** The encryption implementation in Juniper ScreenOS makes it easier for remote attackers to discover the plaintext content of VPN sessions by sniffing the network for ciphertext data and conducting an unspecified decryption attack. This issue is related to the implementation of a cryptographic protocol, which can be exploited by a remote attacker to decrypt messages transmitted within a VPN session by analyzing network traffic. **Recommendations** For Juniper ScreenOS versions 6.2.0r15 through 6.2.0r18, update to a version outside of this range. For Juniper ScreenOS versions 6.3.0r12 before 6.3.0r12b, update to 6.3.0r12b or later. For Juniper ScreenOS versions 6.3.0r13 before 6.3.0r13b, update to 6.3.0r13b or later. For Juniper ScreenOS versions 6.3.0r14 before 6.3.0r14b, update to 6.3.0r14b or later. For Juniper ScreenOS versions 6.3.0r15 before 6.3.0r15b, update to 6.3.0r15b or later. For Juniper ScreenOS versions 6.3.0r16 before 6.3.0r16b, update to 6.3.0r16b or later. For Juniper ScreenOS versions 6.3.0r17 before 6.3.0r17b, update to 6.3.0r17b or later. For Juniper ScreenOS versions 6.3.0r18 before 6.3.0r18b, update to 6.3.0r18b or later. For Juniper ScreenOS versions 6.3.0r19 before 6.3.0r19b, update to 6.3.0r19b or later. For Juniper ScreenOS versions 6.3.0r20 before 6.3.0r21, update to 6.3.0r21 or later.

**Name of the Vulnerable Software and Affected Versions** Blueman versions prior to 2.0.3 **Description** The issue allows local users to gain privileges. It is related to the EnableNetwork method in the Network class. The `dhcp handler` argument is involved in the issue. **Recommendations** For versions prior to 2.0.3, update to version 2.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the EnableNetwork method in the Network class until a patch is available.