SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Firewall)  >   Juniper ScreenOS Vendors:   NetScreen
NetScreen Predictable TCP Sequence Numbers Let Remote Users Bypass Security Rules
SecurityTracker Alert ID:  1005709
SecurityTracker URL:  http://securitytracker.com/id/1005709
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Nov 26 2002
Impact:   Host/resource access via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.7, 2.6, 2.8, 3.0, 3.1, 4.0
Description:   A vulnerability was reported in NetScreen's firewall/VPN appliances due to the generation of predicatable TCP Initial Sequence Numbers (ISNs). A remote user may be able to hijack protected sessions or bypass the firewall's access control policies.

It is reported that a remote user can use IP spoofing and can attempt to predict TCP ISNs generated by the appliance to bypass the device's IP-based security policies.

According to the vendor, the flaw is exploitable on the following connections:

1) TCP connections to and from the NetScreen device itself
2) TCP connections that match policies requiring authentication
3) TCP connections forwarded through the appliance between two other hosts when syn-flood protection is enabled and the appliance is performing SYN proxying for the protected hosts.

According to the report, the ISN algorithms in ScreenOS 2.6 and earlier are more predictable. However, versions all versions prior to 4.0.1 are vulnerable.

Impact:   A remote user may be able to bypass the device's access control rules for certain types of connections.
Solution:   The vendor has issued a fixed version (4.0.1). NetScreen indicates that you can install one of the maintenance releases listed in their advisory (http://www.netscreen.com/support/alerts/Predictable_TCP_Initial_Sequence_Numbers.html) or upgrade to ScreenOS 4.0.1.

Registered users with a valid service contract can download the software from:

http://www.netscreen.com/support/updates.html

Vendor URL:  www.netscreen.com/support/alerts/Predictable_TCP_Initial_Sequence_Numbers.html (Links to External Site)
Cause:   State error

Message History:   None.


 Source Message Contents

Subject:  NetScreen Security Alert 51897 - Predictable Sequence Numbers


http://www.netscreen.com/support/alerts/Predictable_TCP_Initial_Sequence_Numbers.html

NetScreen issued Security Alert 51897 warning of a weakness in their firewall/VPN
appliances due to predicatable TCP Initial Sequence Numbers (ISNs).

Versions:  ScreenOS 1.7, 2.6, 2.8, 3.0, 3.1, 4.0

It is reported that a remote user can use IP spoofing and can attempt to predict TCP ISNs
generated by the appliance to bypass the device's IP-based security policies.

According to the vendor, the flaw is exploitable on the following connections:

1) TCP connections to and from the NetScreen device itself
2) TCP connections that match policies requiring authentication
3) TCP connections forwarded through the appliance between two other hosts when syn-flood
protection is enabled and the appliance is performing SYN proxying for the protected
hosts.

According to the report, the ISN algorithms in ScreenOS 2.6 and earlier are most
predictable.  However, versions all versions prior to 4.0.1 are vulnerable.

NetScreen indicates that you can install one of the maintenance releases listed in their
advisory
(http://www.netscreen.com/support/alerts/Predictable_TCP_Initial_Sequence_Numbers.html) or
upgrade to ScreenOS 4.0.1.

Registered users with a valid service contract can download the software from:

http://www.netscreen.com/support/updates.html



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC