| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1135727445.43b1d3554faeb@webmail.kyxar.fr> Date: Tue Dec 27 23:38:07 2005 From: david.maciejak at kyxar.fr (David Maciejak) Subject: Juniper NSM remote Denial Of Service Juniper NSM remote Denial Of Service "NetScreen-Security Manager is a software that enables you to integrate and centralize management of your Juniper Networks NetScreen security environment." More information can be found on http://www.juniper.net/customers/support/products/nsm.jsp Description: Malicious user can cause a remote denial of service on guiSrv(port 7800) and devSrv(port 7801) by sending specially crafted and long strings. NSM 2004 FP2 and FP3 are known to be vulnerable. By default, a watchdog service is installed with NSM. It is able to restart automatically dead services (the test is about every 5 min). Proof of Concept: I am not intent to publicly disclose the PoC. Workaround: Upgrade at least to NSM FP4r1 also known as 2005.1 Thanks to quick responses from Juniper Security Team. David Maciejak -------------------------------------------------------------------------------- KYXAR.FR - Mail envoy? depuis http://webmail.kyxar.fr
Powered by blists - more mailing lists