SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Intrusion Detection)  >   Juniper IDP Vendors:   Juniper
Juniper Networks NetScreen-IDP May Let Remote SSH Servers Overwrite Files in Certain Cases
SecurityTracker Alert ID:  1011144
SecurityTracker URL:  http://securitytracker.com/id/1011144
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Sep 2 2004
Impact:   Modification of system information, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.0r2 and prior versions
Description:   A vulnerability was reported in Juniper Networks NetScreen IDP. A remote SSH server can overwrite arbitrary files on the target system in certain situations.

It is reported that when a local user (on the IDP) uses scp to copy files from an untrusted remote server to the IDP, the remote server can cause the scp client on the IDP to overwrite arbitrary files. This is due to an underlying directory traversal vulnerability in scp, the report said.

Impact:   A remote SSH server can overwrite arbitrary files on the target system in certain situations.
Solution:   Juniper Networks has provided the following four solution options [quoted]:

Option 1: Upgrade the IDP with the latest OpenSSH rpm packages

Version MD5 Hash
openssh-3.1p1-14.idp2.i386.rpm d2165c9ade41573a17ccf4c718981a3e
openssh-client-3.1p1-14.idp2.i386.rpm 36c02ddb5267ac17aff907e906bbeffe
openssh-server-3.1p1-14.idp2.i386.rpm f20f558aa7c9aa20fea6cdeccbc11c5f

a. Copy the RPM packages to the /tmp directory on the IDP appliance.

b. Login to the IDP as the root user using the serial interface, or directly on the appliance (keyboard/monitor).

c. Upgrade the RPM packages by typing the following as the root user:

$ rpm -Uvh --force /tmp/openssh*3.1p1-14.idp2.i386.rpm

Option 2: Do not use scp command on the IDP. Use scp client on remote host to push files to the IDP.

Option 3: Do not use scp command to connect to an untrusted OpenSSH server.

Option 4: Use sftp as an alternative to scp for files download.

Vendor URL:  www.juniper.net/support/security/alerts/adv59739.txt (Links to External Site)
Cause:   Access control error, Input validation error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC