[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 408/04 - **** - ************



 
-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 408/04 dated 05.08.04  Time: 14:45 
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====

Juniper Networks NetScreen Advisory 59147 - Remote crash of ScreenOS via the SSHv1 service


Detail
====== 

A malicious person who can connect to the SSHv1 service on a Juniper Networks Netscreen 
firewall can crash the device before having to authenticate.  Upon execution of the attack, 
the firewall will reboot or hang, which will prevent traffic to flow through the device.





- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             

        ESB-2004.0484 -- Juniper Networks NetScreen Advisory 59147
              Remote crash of ScreenOS via the SSHv1 service
                              05 August 2004

===========================================================================

        

Product:                NetScreen firewalls with SSHv1 enabled
Publisher:              Juniper Networks
Impact:                 Denial of Service
Access Required:        Remote

Comment: Juniper Networks NetScreen firewalls with SSH disabled or SSHv2
         enabled are unaffected.

- - --------------------------BEGIN INCLUDED TEXT--------------------

- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Title: Juniper Networks NetScreen Advisory 59147
Date: 3 August 2004
Version: 1


Impact:
Remote crash of ScreenOS via the SSHv1 service


Affected Products:
    Juniper Networks NetScreen firewalls with SSHv1 enabled


Unaffected Products:
    Juniper Networks NetScreen firewalls with SSH disabled or SSHv2 enabled


Max Risk: High


Summary:
The Juniper Networks NetScreen firewall SSHv1 service implementation has a bug which 
allows an attacker to crash ScreenOS.


Details:
A malicious person who can connect to the SSHv1 service on a Juniper Networks Netscreen 
firewall can crash the device before having to authenticate.  Upon execution of the attack, 
the firewall will reboot or hang, which will prevent traffic to flow through the device.


Recommended Actions:
Customers have a number of choices to mitigate the attack:

Option 1:  Upgrade the firewall to one of the following versions of
ScreenOS:

Version                 Availability 
5.0.0r8                     Now
5.0.0r8.1                   Now
4.0.0r13                    Now
4.0.1r11                    Now
4.0.3r8                     Now
4.0.1-Dial2r5               Now
4.0.1-SBRr5                 Now
4.0.1-IGMP3r4               Now
4.0.1-MCASTr2               Now
3.0.3r9                     Now 

Option 2:  Disable SSHv1 and manage the device through other means (such as HTTPS).

Option 3:  Configure the firewall to only accept connections from trusted IP addresses.  
Additionally, enabling IP Spoof protection will add an additional layer of security.


Patch Availability:
Juniper Networks currently has updated versions of ScreenOS available for immediate download.


How to get ScreenOS:
Customers with a valid product warranty or a support contract may download the software 
from the Juniper Networks CSC web portal: http://www.juniper.net/support/

For all other customers, including those with expired support contracts, please call your 
regional Juniper Networks TAC (JTAC) center.  To get a listing of JTAC phone numbers, 
please sign up for a CSC account at: http://www.juniper.net/entitlement/setupAccountInfo.do

Select option 2 from the telephone menu and be sure to select the correct product from the 
phone tree.  Once connected with an engineer state that you are calling in regards to a 
Security Advisory and provide the title of this notice as evidence of your entitlement 
to the specified release.

Please note that customers with expired support contracts will be provided only with the 
software update for the version of software that they are currently using, when that 
version becomes available.

As with any new software installation, Juniper Networks customers planning to upgrade 
to any version of ScreenOS should carefully read the release notes and other relevant 
documentation before beginning any upgrade.


Juniper Networks would like to thank Mark Ellzey Thomas of NaviSite for discovering 
this issue and working with us.


If you wish to verify the validity of this Security Advisory, the public PGP key can 
be accessed at: http://www.juniper.net/support/security/
- - -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Juniper NetScreen Security Response Team <security-alert@xxxxxxxxxxx>

iD8DBQFBD/UuW2Bw6QjqXRcRAlbgAJ0aIrji2u80xRJvPXhYpakdpCNZTwCdEZgs
VF13cW6F3qfOE7hwdsDw6Lo=
=Ebjo
- - -----END PGP SIGNATURE-----

- - --------------------------END INCLUDED TEXT--------------------


iQCVAwUBQRF1XSh9+71yA2DNAQJ63gP+OwrObT7qDEk6E3bQpf1tfvIOvd1sd1Ca
eiDAsKHXk4Z/WlacZploOpv0F/ifjZxtxn0/rQlHBK1KqZGnEnAeZZRS8G5jUhuN
IJhc8tDtRySOGVaDpTnKILcP8hBSWYhCPSsELG3VuVy108CCEZ9GvJpzesKHDoKq
6cR09/IH7nc=
=5f9P
- -----END PGP SIGNATURE-----
- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Juniper Networks for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQCVAwUBQRI5Wopao72zK539AQFBjAQAgHSkm1Ek7S/QYkHZly13Oo+FGiz+mjjX
aooZb9Qc3+EmDKlbuZRXGt/GIy6RZrq+tlmO8j30uzQz8zbl0IrFjez9QeHl13AB
y3ZCa+lK0ovUF/BIcZl6Oxt+05dwQvbqd6bgLxuYtZfxbwwKOXtIyfQWjnEMAKOd
CXKFwDztl6A=
=2H8E
-----END PGP SIGNATURE-----