NetScreen ScreenOS TCP Window DoS

2003-07-30T14:53:21
ID OSVDB:2346
Type osvdb
Reporter OSVDB
Modified 2003-07-30T14:53:21

Description

Vulnerability Description

NetScreen ScreenOS contains a flaw that may allow a remote denial of service. The issue is triggered when a remote attacker sends a specially crafted packet with certain TCP Window options set, and will result in loss of availability for the platform.

Technical Description

This issue affects Telnet and WebUI (HTTP/HTTPS) management, as well as WebAuth authentication service (HTTP/HTTPS).

Solution Description

Upgrade to version 4.0.1r7, 4.0.3r3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

NetScreen ScreenOS contains a flaw that may allow a remote denial of service. The issue is triggered when a remote attacker sends a specially crafted packet with certain TCP Window options set, and will result in loss of availability for the platform.

References:

Vendor URL: http://www.netscreen.com Vendor Specific Solution URL: http://www.netscreen.com/services/download_soft/ Vendor Specific Advisory URL Secunia Advisory ID:9404 Keyword: NetScreen Advisory 57739