SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Firewall)  >   Juniper ScreenOS Vendors:   NetScreen
(Vendor Issues Fix) Re: NetScreen Firewalls Can Be Crashed By Remote Users When SSH is Enabled for Remote Management
SecurityTracker Alert ID:  1005552
SecurityTracker URL:  http://securitytracker.com/id/1005552
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Nov 7 2002
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): All firewall/VPN devices are affected
Description:   A denial of service vulnerability was reported in NetScreen's firewall products. A remote user may be able to cause the device to crash if SSH is enabled on the device.

A remote user can send malformed messages to the SSH management port to cause the device to crash, requiring a hard reboot to return to normal operations.

The crash can reportedly be triggered by exploit utilities built to test the SSH1 CRC32 compensation attack detector code flaw that was reported in February 2001 by BindView RAZOR as a general SSH bug. However, the vendor indicates that the NetScreen bug is not the CRC32 bug, but rather, is a new bug in their implementation. HD Moore at Digital Defense is credited with discovering the new bug.

According to the report, SSH is not enabled by default and, when it is enabled, is usually configured for access from the trusted interface only.

Impact:   A remote user can cause the device to crash. A hard boot is required to return the device to normal operation.
Solution:   NetScreen has issued a fix and recommends that you upgrade your software or disable Secure Command Shell (SCS) administration of the device.

If you require SCS and cannot upgrade, they advise you to enable SCS only on "trusted" interfaces. You can also define a "manager-ip" access control list to ensure that management access is only permitted from specific trusted host source addresses.

NetScreen has is releasing maintenance releases (available now or shortly) at:

http://www.netscreen.com/support/

See the NetScreen alert for a patch version matrix to determine which version to apply at:

http://www.netscreen.com/support/alerts/11_06_02.html

Vendor URL:  www.netscreen.com/support/alerts/11_06_02.html (Links to External Site)
Cause:   Exception handling error

Message History:   This archive entry is a follow-up to the message listed below.
Nov 1 2002 NetScreen Firewalls Can Be Crashed By Remote Users When SSH is Enabled for Remote Management



 Source Message Contents

Subject:  NetScreen Security Alert 110602


http://www.netscreen.com/support/alerts/11_06_02.html

NetScreen issued a Security Alert (110602) warning that SSHv1 CRC32 Attacks can lead to
denial of service on NetScreen devices.  All NetScreen firewall/VPN appliances and systems
are affected.

The vendor has assigned this flaw a maximum risk rating of 'Medium'.

According to the alert, the vulnerability only exists if the administrator has enabled the
Secure Command Shell (SCS), the NetScreen implementation of SSHv1.  Only the interface on
which SCS management is enabled is vulnerable.

SCS management is not enabled by default.

NetScreen recommends that you upgrade your software or disable SCS administration of the
device.  If you require SCS and cannot upgrade, they advise you to enable SCS only on
"trusted" interfaces.  You can also define a "manager-ip" access control list to ensure
that management access is only permitted from specific trusted host source addresses.

NetScreen has is releasing maintenance releases at:

http://www.netscreen.com/support/

See the NetScreen alert for a patch version matrix at:

http://www.netscreen.com/support/alerts/11_06_02.html



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC