OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Erik Parker (erik.parker_at_digitaldefense.net)
Date: Fri Nov 01 2002 - 12:58:45 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    There is a major correction to this data. Netscreen contacted me a couple
    of minutes after posting this. When they confirmed it was vulnerable to
    CRC32, it appears they were actually confirming there was a 'problem', and
    not the actual CRC32 bug.

    This DoS is unrelated to the CRC32 bug, however the CRC32 exploit is
    capable of causing the DoS.

    As a temporary solution until Netscreen can release a new ScreenOS, you
    could disable SSH if this is a viable option for you.

    So, it would appear Netscreen did NOT miss the CRC32 bugs that came out,
    and it's just a new one.

    It would appear Netscreen's lack of response was due to improper handling
    of the notifications and E-mails, combined with them moving offices over
    the past couple of weeks. product-sec-alertnetscreen.com seems to get you
    to the right place, at the right time.