SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Firewall)  >   Juniper ScreenOS Vendors:   NetScreen
(Vendor Confirms and Plans a Fix) Re: NetScreen Firewall Bridging Flaw Lets Remote Users Bypass the Firewall With Non-IP Packets
SecurityTracker Alert ID:  1007167
SecurityTracker URL:  http://securitytracker.com/id/1007167
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jul 10 2003
Impact:   Host/resource access via network
Vendor Confirmed:  Yes  
Version(s): 4.0.x
Description:   Paul (InquisiTeam) reported a vulnerability in NetScreen firewall products when operating in bridge mode. A remote user can send Ethernet packets containing protocols other than IP and ARP through the firewall.

It is reported that Bridge Mode on the NetScreen 20x and 50x series models provide an option to "bypass non-IP traffic". The firewall will reportedly bypass broadcast Ethernet frames with non-IP protocols even if this option is not checked. According to the report, the processing of the packets is not logged.

All interfaces can be reached, including the administrative firewall zone, it is reported.

The vendor has reportedly been notified.

Impact:   A remote user can bypass the firewall and connect to systems through the firewall using non-IP protocols.
Solution:   The vendor plans to issue maintenance releases to ScreenOS 4.0.1 and 4.0.3 the week of July 14, 2003, to allow administrators to control the forwarding of multicast and broadcast packets of non-IP protocols.
Vendor URL:  www.netscreen.com/services/security/alerts/advisory-57605.txt (Links to External Site)
Cause:   Access control error

Message History:   This archive entry is a follow-up to the message listed below.
Jul 9 2003 NetScreen Firewall Bridging Flaw Lets Remote Users Bypass the Firewall With Non-IP Packets



 Source Message Contents

Subject:  NetScreen Advisory 57605


http://www.netscreen.com/services/security/alerts/advisory-57605.txt

NetScreen issued an advisory (57605) confirming a vulnerability in ScreenOS 4.0.0 when 
running in Transparent Mode (the default mode for the NetScreen 25, 50, 204 and 208 
appliances, and the NetScreen 500, 5200, and 5400 systems).

A remote user on the local network can reportedly send layer 2 multicasts or broadcasts 
that contain protocols other than IPv4 through the firewall.


According to the report, the default configuration prohibits the passing of non-IP 
protocols in unicast layer 2 packets.  However, non-IP protocols in multicast and 
broadcast layer 2 packets cannot currently be blocked.

The advisory notes that no security filtering is provided on non-IP packets.

The vendor plans to issue maintenance releases to ScreenOS 4.0.1 and 4.0.3 the week of 
July 14 to allow administrators to control the forwarding of multicast and broadcast 
packets of non-IP protocols.

The vendor indicates that the maximum risk is "Low".



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC