Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] Juniper NSM remote Denial Of Service

from [David Maciejak] Network Security [Permanent Link]
Subject: [Full-disclosure] Juniper NSM remote Denial Of Service
Date: Wed, 28 Dec 2005 00:50:45 +0100 

Juniper NSM remote Denial Of Service

"NetScreen-Security Manager is a software that enables you to integrate and
centralize management of your Juniper Networks NetScreen security environment."

More information can be found on
http://www.juniper.net/customers/support/products/nsm.jsp


Description:

Malicious user can cause a remote denial of service on
guiSrv(port 7800) and devSrv(port 7801) by sending specially
crafted and long strings.

NSM 2004 FP2 and FP3 are known to be vulnerable.

By default, a watchdog service is installed with NSM. 
It is able to restart automatically dead services
(the test is about every 5 min).


Proof of Concept:

I am not intent to publicly disclose the PoC.


Workaround:

Upgrade at least to NSM FP4r1 also known as 2005.1


Thanks to quick responses from Juniper Security Team.

David Maciejak



--------------------------------------------------------------------------------
KYXAR.FR - Mail envoyé depuis http://webmail.kyxar.fr
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] Juniper NSM remote Denial Of Service, David Maciejak <=
Previous by Date:  [Full-disclosure] bug in oscomerce, zeus olimpusklan
Next by Date:  Is this a new exploit?, noemailpls
Previous by Thread:  [Full-disclosure] bug in oscomerce, zeus olimpusklan
Next by Thread:  Is this a new exploit?, noemailpls
Indexes:  [Date] [Thread] [Top] [All Lists]