[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] Juniper NSM remote Denial Of Service
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] Juniper NSM remote Denial Of Service
- From: David Maciejak <david.maciejak@xxxxxxxx>
- Date: Wed, 28 Dec 2005 00:50:45 +0100
Juniper NSM remote Denial Of Service
"NetScreen-Security Manager is a software that enables you to integrate and
centralize management of your Juniper Networks NetScreen security environment."
More information can be found on
http://www.juniper.net/customers/support/products/nsm.jsp
Description:
Malicious user can cause a remote denial of service on
guiSrv(port 7800) and devSrv(port 7801) by sending specially
crafted and long strings.
NSM 2004 FP2 and FP3 are known to be vulnerable.
By default, a watchdog service is installed with NSM.
It is able to restart automatically dead services
(the test is about every 5 min).
Proof of Concept:
I am not intent to publicly disclose the PoC.
Workaround:
Upgrade at least to NSM FP4r1 also known as 2005.1
Thanks to quick responses from Juniper Security Team.
David Maciejak
--------------------------------------------------------------------------------
KYXAR.FR - Mail envoyé depuis http://webmail.kyxar.fr
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/