SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Firewall)  >   Juniper ScreenOS Vendors:   NetScreen
(Vendor Issues Fix) Re: NetScreen Firewall Can Be Made to Reboot By Remote Users That Send Long Usernames to the Device's Login Screen
SecurityTracker Alert ID:  1004427
SecurityTracker URL:  http://securitytracker.com/id/1004427
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  May 31 2002
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 2.6.1r8, 2.8.0r2, 2.8.1r1, 3.0.1r2, and 3.0.2r3
Description:   A denial of service vulnerability was reported in the NetScreen 25 firewall device (which may apply to other models, as well). A remote user that has access to the login screen can cause the device to reboot.

A remote user can apparently login to the NetScreen device with the following username to cause the device to reboot:

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxx

According to the report, the syslog log entries will only show that the NetScreen's interfaces have changed to 'Up' status.

Impact:   A remote user can cause the device to reboot, interrupting all existing connections.
Solution:   NetScreen reports that this issue was discovered during internal testing and has been addressed in all versions of ScreenOS released after April 23, 2002.

Fixed versions include: 2.6.1r8 and later, 2.8.0r2 and later, 2.8.1r1 and later, 3.0.1r2 and later, 3.0.2r3 and later, 3.0.3r1 and later. This issue was reportedly never present in 3.1.0r1 and later.

Vendor URL:  www.netscreen.com/support/ns25_reboot.html (Links to External Site)
Cause:   Exception handling error

Message History:   This archive entry is a follow-up to the message listed below.
May 28 2002 NetScreen Firewall Can Be Made to Reboot By Remote Users That Send Long Usernames to the Device's Login Screen



 Source Message Contents

Subject:  NetScreen


NetScreen Security Alert

NetScreen Response to: "NetScreen-25 Unauthorized Reboot Issue"

May 30, 2002

This issue was reported to NetScreen on May 27, 2002 and simultaneously
reported to BugTraq@SecurityFocus.com (visible as
http://online.securityfocus.com/bid/4842 ). Other reporting sites may
have been contacted as well.

The reported issue involves the graphical user interface ("WebUI") and
submitting excessively long (i.e. several multiples of the stated
maximum length) usernames. Bounds checking was not performed, and the
system would crash while attempting to process the excessively long
username.  This resulted in a denial of service for the protected
systems, as no forwarding of traffic would occur while the NetScreen
device was rebooting.  This issue was discovered in NetScreen's internal
testing and has been addressed in all versions of ScreenOS released
after April 23, 2002. This list includes versions 2.6.1r8 and later,
2.8.0r2 and later, 2.8.1r1 and later, 3.0.1r2 and later, 3.0.2r3 and
later, 3.0.3r1 and later. This issue was never present in 3.1.0r1 and
later. 

The standard security practices of only permitting management access via
selected interface(s), defining a list of source IP addresses permitted
management access (the manager-ip list), and/or only permitting CLI
(Telnet or SSH) management access to the device will all mitigiate
exposure to this issue. Upgrading to one of the ScreenOS releases
mentioned above will prevent this issue.

http://www.netscreen.com/support/ns25_reboot.html



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC