03-02-04 XSS Bug in NetScreen-SA 5000 Series of SSL VPN appliance

TITLE: 03-02-04 XSS Bug in NetScreen-SA 5000 Series of SSL VPN appliance SUMMARY Cross Site Scripting bug in the 'delhomepage.cgi' CGI binary in the NetScreen-SA 5000 Series SSL VPN appliance. DETAILS There exists a cross-site scripting bug in 'row' parameter of the 'delhomepage.cgi' CGI binary...

NetScreen-Security Manager fails to encrypt communications with managed devices

Overview A vulnerability in the NetScreen-Security Manager software could expose sensitive information in cleartext over the network. Description NetScreen Technologies' NetScreen-Security Manager provides centralized management for control of device configuration, network settings and security...

CVE-2004-1766

The default installation of NetScreen-Security Manager before Feature Pack 1 does not enable encryption for communication with devices running ScreenOS 5.0, which allows remote attackers to obtain sensitive information via sniffing...

NetScreen Security Advisory 57739

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Title: NetScreen Advisory 57739 Date: 30 July 2003 Impact: Potential Denial of Service of Security Device Affected Products: NetScreen Firewall/VPN products running ScreenOS 4.0.1r1 through 4.0.1r6 and 4.0.3r1 and 4.0.3r2 Unaffected Products: NetScree...

NetScreen DoS

DoS on incorrect TCP options...

NetScreen ScreenOS 4.0.1/4.0.3 - TCP Window Size Remote Denial of Service

source: https://www.securityfocus.com/bid/8302/info NetScreen ScreenOS has been reported prone to a vulnerability that may allow a remote user to trigger a denial of service condition in an affected appliance. It has been reported that by modifying system configuration values that control the TCP...

NetScreen ScreenOS 4.0.14.0.3 - TCP Window Size Remote Denial of Service

NetScreen ScreenOS 4.0.14.0.3 - TCP Window Size Remote Denial of Service source: https://www.securityfocus.com/bid/8302/info NetScreen ScreenOS has been reported prone to a vulnerability that may allow a remote user to trigger a denial of service condition in an affected appliance. It has been...

CVE-2002-0891

The CVE-2002-0891 issue affects NetScreen ScreenOS WebUI (pre-2.6.1r8 and certain 2.8.x/3.0.x builds before 3.0.3r1). The vulnerability allows remote attackers to trigger a denial-of-service (crash) by sending a long user name to the WebUI. Impact is limited to availability (PARTIAL) as per the N...

CVE-2002-0891

The web interface WebUI of NetScreen ScreenOS before 2.6.1r8, and certain 2.8.x and 3.0.x versions before 3.0.3r1, allows remote attackers to cause a denial of service crash via a long user name...

CVE-2002-1547

Netscreen running ScreenOS 4.0.0r6 and earlier allows remote attackers to cause a denial of service via a malformed SSH packet to the Secure Command Shell SCS management interface, as demonstrated via certain CRC32 exploits, a different vulnerability than CVE-2001-0144...

CVE-2002-2223

Buffer overflow in NetScreen-Remote 8.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted Internet Key Exchange IKE response packets, possibly including 1 a large Security Parameter Index SPI field, 2 large number of payloads, or 3 a long payload...

CVE-2002-2234

NetScreen ScreenOS before 4.0.1 allows remote attackers to bypass the Malicious-URL blocking feature by splitting the URL into fragmented IP requests...

CVE-2002-2266

NetScreen ScreenOS 2.8 through 4.0, when forwarding H.323 or Netmeeting traffic, allows remote attackers to cause a denial of service firewall session table consumption by establishing multiple half-open H.323 sessions, which are not cleaned up on garbage removal and do not time out for 36 hours...

Netscreen Malicious URL feature can be bypassed by fragmenting the request

Netscreen Malicious URL feature can be bypassed by fragmenting the request http://www.cirt.net/advisories/netscreen.shtml Product Description: NetScreen Technologies Inc. is a leading developer of integrated network security solutions that offer the security, performance and total cost of ownersh...

NetScreen multiple bugs

Predictable TCP initial sequence numbers, DoS...

NetScreen Secure Command Shell (SCS) denial-of-service vulnerability

Overview The Secure Command Shell service on NetScreen firewall products contains a remotely exploitable denial-of-service vulnerability. Description Firewall products from NetScreen Technologies, Inc. include a Secure Shell version 1 SSHv1 implementation called Secure Command Shell SCS. The SCS...

Netscreen SSH1 CRC32 Compensation Denial of service

Discovered by: HD Moore Products Tested: Netscreen-25 All models expected to be vulnerable Vendor contacted: October 23rd Vendor confirmed: October 23rd CVE: CVE-2001-0144 covered this bug. Original Bug discovered by: Michal Zalewski of the BindView RAZOR Team. In February of 2001, BindView's RAZ...

CVE-2002-0891

The web interface WebUI of NetScreen ScreenOS before 2.6.1r8, and certain 2.8.x and 3.0.x versions before 3.0.3r1, allows remote attackers to cause a denial of service crash via a long user name...

CVE-2002-0234

NetScreen ScreenOS before 2.6.1 does not support a maximum number of concurrent sessions for a system, which allows an attacker on the trusted network to cause a denial of service resource exhaustion via a port scan to an external network, which consumes all available connections...

Netscreen 25 unauthorised reboot issue

Please note that this advisory was prepared, before speaking to Netscreen's US operation. Nothing of this vulnerability has been discussed here or on vun-dev hence this email. Additionally it is not shown on netscreen's security alerts page http://www.netscreen.com/support/alert.html as of...