SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Firewall)  >   Juniper ScreenOS Vendors:   NetScreen
NetScreen ScreenOS Buffer Reset Flaw May Disclose Administrator Passwords Via DHCP Offer Messages
SecurityTracker Alert ID:  1007867
SecurityTracker URL:  http://securitytracker.com/id/1007867
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Oct 2 2003
Impact:   Disclosure of authentication information, Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 4.0.3r3 and prior versions
Description:   A vulnerability was reported in NetScreen's ScreenOS. In certain cases, NetScreen firewall/VPN appliances that act as DHCP servers may leak sensitive information to remote users, including passwords.

It is reported that some DHCP Offer messages generated by NetScreen devices (when acting as a DHCP Server and managed via HTTP) may disclose encoded administrator usernames and passwords.

The vulnerability is reportedly due to the re-use of a memory buffer in ScreenOS without resetting the contents of the buffer. The buffer may contain information from the previous HTTP management session.

NetScreen devices that do not provide DHCP Server services are not affected, the vendor said.

NetScreen devices managed exclusively by NetScreen Global PRO are reportedly not affected, even if they provide DHCP Server services.

NetScreen devices managed via HTTPS (SSL) or the command line interface (SSH, Telnet, or serial console) are also not affected, according to the report.

Impact:   A remote user may be able to view sensitive information, including administrative usernames and passwords, by monitoring DHCP Offer messages.
Solution:   The vendor is issuing free fixes for ScreenOS versions 2.6, 3.0, 3.1, and 4.0 to all customers, regardless of service contract status.

See the Vendor URL for vendor's advisory for details on which fix versions are available.

Vendor URL:  www.netscreen.com/services/security/alerts/10_01_03_57983_v003.jsp (Links to External Site)
Cause:   Resource error

Message History:   None.


 Source Message Contents

Subject:  http://www.netscreen.com/services/security/alerts/10_01_03_57983_v003.jsp


http://www.netscreen.com/services/security/alerts/10_01_03_57983_v003.jsp

 > Title: NetScreen Advisory 57983
 >
 > Version: 1
 > Original Publication Date: 1 October 2003
 > Last Updated: 1 October 2003
 >
 > Impact: Potential Leakage of Sensitive Information via DHCP Offer
 >
 > Affected Products: NetScreen Firewall/VPN appliances and systems
 > acting as DHCP Servers running ScreenOS versions up through 4.0.3r3.

 > Max Risk: medium

NetScreen issued a security advisory warning that some DHCP Offer messages generated by 
NetScreen devices (when acting as a DHCP Server and managed via HTTP) may disclose encoded 
administrator usernames and passwords.  The vulnerability is due to the re-use of a memory 
buffer in ScreenOS without reseting the contents of the buffer.  The buffer may contain 
information from the previous HTTP management session.

NetScreen devices that do not provide DHCP Server services are not affected.

NetScreen devices managed exclusively by NetScreen Global PRO are not affected, even if 
they provide DHCP Server services.

NetScreen devices managed via HTTPS (SSL) or the command line interface (SSH, Telnet, or 
serial console) are not affected.

The vendor is issuing free fixes for ScreenOS versions 2.6, 3.0, 3.1, and 4.0 to all 
customers, regardless of service contract status.

See the vendor's advisory for details on which fix versions are available.



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC