[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Juniper NSM remote Denial Of Service

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Juniper NSM remote Denial Of Service
From: David Maciejak <david.maciejak@xxxxxxxx>
Date: Wed, 28 Dec 2005 00:50:45 +0100

Juniper NSM remote Denial Of Service

"NetScreen-Security Manager is a software that enables you to integrate and
centralize management of your Juniper Networks NetScreen security environment."

More information can be found on
http://www.juniper.net/customers/support/products/nsm.jsp


Description:

Malicious user can cause a remote denial of service on
guiSrv(port 7800) and devSrv(port 7801) by sending specially
crafted and long strings.

NSM 2004 FP2 and FP3 are known to be vulnerable.

By default, a watchdog service is installed with NSM. 
It is able to restart automatically dead services
(the test is about every 5 min).


Proof of Concept:

I am not intent to publicly disclose the PoC.


Workaround:

Upgrade at least to NSM FP4r1 also known as 2005.1


Thanks to quick responses from Juniper Security Team.

David Maciejak



--------------------------------------------------------------------------------
KYXAR.FR - Mail envoyé depuis http://webmail.kyxar.fr
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] Spy Agency Mined Vast Data Trove
Next by Date: Re: [Full-disclosure] Spy Agency Mined Vast Data Trove
Previous by thread: [Full-disclosure] bug in oscomerce
Next by thread: [Full-disclosure] Moreover Robert Lemos
Index(es):
- Date
- Thread