| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1135727445.43b1d3554faeb@webmail.kyxar.fr> Date: Wed, 28 Dec 2005 00:50:45 +0100 From: David Maciejak <david.maciejak@...ar.fr> To: full-disclosure@...ts.grok.org.uk Cc: bugtraq@...urityfocus.com Subject: Juniper NSM remote Denial Of Service Juniper NSM remote Denial Of Service "NetScreen-Security Manager is a software that enables you to integrate and centralize management of your Juniper Networks NetScreen security environment." More information can be found on http://www.juniper.net/customers/support/products/nsm.jsp Description: Malicious user can cause a remote denial of service on guiSrv(port 7800) and devSrv(port 7801) by sending specially crafted and long strings. NSM 2004 FP2 and FP3 are known to be vulnerable. By default, a watchdog service is installed with NSM. It is able to restart automatically dead services (the test is about every 5 min). Proof of Concept: I am not intent to publicly disclose the PoC. Workaround: Upgrade at least to NSM FP4r1 also known as 2005.1 Thanks to quick responses from Juniper Security Team. David Maciejak -------------------------------------------------------------------------------- KYXAR.FR - Mail envoyé depuis http://webmail.kyxar.fr _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists