|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Full-disclosure] Juniper NSM remote Denial Of Service
From: David Maciejak (david.maciejak
kyxar.fr)
Date: Tue Dec 27 2005 - 17:50:45 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Juniper NSM remote Denial Of Service
"NetScreen-Security Manager is a software that enables you to integrate and
centralize management of your Juniper Networks NetScreen security environment."
More information can be found on
http://www.juniper.net/customers/support/products/nsm.jsp
Description:
Malicious user can cause a remote denial of service on
guiSrv(port 7800) and devSrv(port 7801) by sending specially
crafted and long strings.
NSM 2004 FP2 and FP3 are known to be vulnerable.
By default, a watchdog service is installed with NSM.
It is able to restart automatically dead services
(the test is about every 5 min).
Proof of Concept:
I am not intent to publicly disclose the PoC.
Workaround:
Upgrade at least to NSM FP4r1 also known as 2005.1
Thanks to quick responses from Juniper Security Team.
David Maciejak
--------------------------------------------------------------------------------
KYXAR.FR - Mail envoyé depuis http://webmail.kyxar.fr
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]