Juniper NSM remote Denial Of Service "NetScreen-Security Manager is a software that enables you to integrate and centralize management of your Juniper Networks NetScreen security environment." More information can be found on http://www.juniper.net/customers/support/products/nsm.jsp Description: Malicious user can cause a remote denial of service on guiSrv(port 7800) and devSrv(port 7801) by sending specially crafted and long strings. NSM 2004 FP2 and FP3 are known to be vulnerable. By default, a watchdog service is installed with NSM. It is able to restart automatically dead services (the test is about every 5 min). Proof of Concept: I am not intent to publicly disclose the PoC. Workaround: Upgrade at least to NSM FP4r1 also known as 2005.1 Thanks to quick responses from Juniper Security Team. David Maciejak -------------------------------------------------------------------------------- KYXAR.FR - Mail envoyé depuis http://webmail.kyxar.fr _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/