NetScreen-25 remote SSH request denial of service

netscreen-ssh-dos (10528)

Low Risk

Description:

NetScreen-25 and possibly other NetScreen security devices with the SSH (Secure Shell) management port enabled, are vulnerable to a denial of service attack. A remote attacker could send a malformed request to the SSH management port on the NetScreen device to cause the device to crash. This vulnerability could also be triggered using the "SSH CRC32" remote exploit.

For more information on the "SSH CRC32" vulnerability, refer to Internet Security Systems Security Alert, October 30, 2001. See References.

Platforms Affected:

• Juniper, NetScreen ScreenOS 4.0.0
• Juniper, NetScreen ScreenOS 4.0.0r1
• Juniper, NetScreen ScreenOS 4.0.0r2
• Juniper, NetScreen ScreenOS 4.0.0r3
• Juniper, NetScreen ScreenOS 4.0.0r4
• Juniper, NetScreen ScreenOS 4.0.0r5
• Juniper, NetScreen ScreenOS 4.0.0r6

Remedy:

Upgrade to the latest version of ScreenOS (4.0.0r6 or later), available from the NetScreen Web site. See References.

As a workaround, disable the SSH remote management port.

Consequences:

Denial of Service

References:

• BugTraq Mailing List, Fri Nov 01 2002 - 12:30:39 CST , Netscreen SSH1 CRC32 Compensation Denial of service at http://archives.neohapsis.com/archives/bugtraq/2002-10/0443.html.
• BugTraq Mailing List, Fri Nov 01 2002 - 12:58:45 CST , (Correction) Netscreen SSH1 CRC32 Compensation Denial of service at http://archives.neohapsis.com/archives/bugtraq/2002-10/0446.html.
• Internet Security Systems Security Alert, October 30, 2001, Widespread Exploitation of SSH CRC32 Compensation Attack at http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20300.
• NetScreen Web site, NetScreen - Software Updates at http://www.netscreen.com/support/updates.html.
• CVE-2002-1547: Netscreen running ScreenOS 4.0.0r6 and earlier allows remote attackers to cause a denial of service via a malformed SSH packet to the Secure Command Shell (SCS) management interface, as demonstrated via certain CRC32 exploits, a different vulnerability than CVE-2001-0144.
• OSVDB ID: 4376: NetScreen ScreenOS SSH1 Remote Request DoS
• US-CERT VU#930161: NetScreen Secure Command Shell (SCS) denial-of-service vulnerability

Reported:

Nov 01, 2002

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page