NetScreen ScreenOS 2.6 Subject to Trust Interface DoS

Type securityvulns
Reporter Securityvulns
Modified 2002-02-02T00:00:00


Problem: NetScreen ScreenOS 2.6.1 subject to Trust

Interface DoS Attack

Company Info: NetScreen Technologies are the

manufacturers of some of the industry's highest

quality VPN and firewall equipment. For more

information please see

What's affected: The ScreenOS is the heart of the

NetScreen products. This allows for the firewall

configuration/management. Apparently all versions

before ScreenOS 3.1 are affected. This vulnerability

can only occur from within the "trusted" network, or

from a machine connected to the "trust" interface.

External attempts will not cause any problems/DoS.

Exploit: Someone within the trusted side of the

network can attempt a portscan on an external IP

address. When the scan runs it appears to consume

all of the available sessions. This, in turn, causes a

DoS to the entire trusted interface. The only way I got

my device to recover quickly was to perform a reset.

A recovery might be possible without a reset, but

after about 5 minutes of waiting, mine never

recovered. This exploit may or may not work on your

device. My testing was performed on a NetScreen 5.

The higher-end, more pricier models may take longer

to "eat up" all the available sessions, thus taking

longer for a DoS to occur.

I have contacted NetScreen in regards to the issue. I

received a response back that the problem is a

known issue. It has been addressed in ScreenOS

3.1. An update to ScreenOS 3.1 is available for

anyone with a NetScreen 200 or 500. For all other

models, the update to ScreenOS 3.1 will be available

on April 1, 2002.

I'd love to hear if anyone else has noticed this, or if

other models are affected by this issue.


Chris Lathem