lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <0FD9D979B9535D4890AE309799B6D1E55C5D13@lansingemail.seqnt.com> From: mlachniet at sequoianet.com (Lachniet, Mark) Subject: 03-02-04 XSS Bug in NetScreen-SA 5000 Series of SSL VPN appliance TITLE: 03-02-04 XSS Bug in NetScreen-SA 5000 Series of SSL VPN appliance SUMMARY Cross Site Scripting bug in the 'delhomepage.cgi' CGI binary in the Netscreen NetScreen-SA 5000 Series SSL VPN appliance. DETAILS There exists a cross-site scripting bug in 'row' parameter of the 'delhomepage.cgi' CGI binary. This bug was discovered on an appliance known as an "A5030-Clustered pair" running firmware version 3.3 Patch 1 (build 4797). The vulnerability may exist in other versions. This issue may result in the theft of credentials such as session cookies, allow hostile client-side scripts to run with unintended access privileges, or provide a means for a "phishing" attack. For more detailed descriptions of Cross Site Scripting and its implications, please refer to whitepapers such as: http://www.cgisecurity.com/articles/xss-faq.shtml <http://www.cgisecurity.com/articles/xss-faq.shtml> http://www.spidynamics.com/whitepapers/SPIcross-sitescripting.pdf <http://www.spidynamics.com/whitepapers/SPIcross-sitescripting.pdf> The 'delhomepage.cgi' is accessible only by authenticated users. WORKAROUND Upgrade to the patched version of IVE software. Contact Netscreen support for details. ORIGINATOR The issue was discovered by Mark Lachniet of Analysts International [lachniet -=at=- analysts.com] during a security analysis of the web application interface of the device. Analysts International's security team provides a variety of security services and can be reached at [SecurityServices -=at=- analysts.com]. MAINTAINER The maintainer of the Netscreen IVE SSL VPN Appliance is the Netscreen Corporation [http://www.netscreen.com]. The following information about security at Netscreen is taken from the Security Center web page at: http://www.netscreen.com/services/security/index.jsp <http://www.netscreen.com/services/security/index.jsp> "Please report any potential or real instances of a security vulnerability (with any NetScreen product or service) to the NetScreen Security Alert Team at security@...screen.com <mailto:security@...screen.com> . For immediate assistance, TAC is available 24 hours a day by calling 1-877-NETSCREEN." VENDOR RESPONSE In the opinion of the author, the Netscreen corporation responded quickly and efficiently to this issue, and clearly takes the security of their prodcuts seriously. Netscreen should be commended for their prompt and professional handling of the issue. DATE OF CONTACT 2/6/2004 - Sent E-Mail to Sriram Ramachandran [SRamachandran -=at=- netscreen.com] and received response. Immediately discussed issue via. conference call. The bug was confirmed by the Netscreen staff. 2/7/2004 - Draft advisory sent to Netscreen support staff 2/9/2004 - Ongoing dialog with Netscreen on issue 2/11/2004 - Ongoing dialog with Netscreen on issue 2/18/2004 - Ongoing dialog with Netscreen on issue 2/23/2004 - Ongoing dialog with Netscreen on issue 2/25/2004 - Advisory updated based on vendor response 3/02/2004 - Final advisory released -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040302/adb9f42b/attachment.html
Powered by blists - more mailing lists