New User, Welcome!     Login

Juniper Networks

Juniper Advisory

By simply requesting the about.html file, the firewall returns the version of ScreenOS and patch level used and the feature set.
No authentication is needed to retrieve this information on the firewall's OS. It is common to find exposed ScreenOS WebUI firewall management front-ends on the Internet, attackers might use the exposed information to carry out targeted attacks knowing the version and patch level of the firmware used.  


Successfully tested on:
Juniper Networks SSG 320 ScreenOS Version: 6.2.0r1.0
Juniper Networks netscreen SSG 520 ScreenOS Version:6.1.0r1.0
Juniper Networks netscreen 208 ScreenOS Version: 5.4.0r10.0

Proof of concept:

PR07-41: XSS on Juniper Networks Secure Access 2000

PR07-41: XSS on Juniper Networks Secure Access 2000

Vulnerability found: 6th December 2007

Vendor informed: 12th December 2007

Severity: Medium-high


Description:

PR07-42: Webroot disclosure on Juniper Networks Secure Access 2000

PR07-42: Webroot disclosure on Juniper Networks Secure Access 2000

Vulnerability found: 6th December 2007

Vendor informed: 12th December 2007

Severity: Low

Description:

Juniper SRX Critical Denial of Service Vulnerability

*Juniper SRX Critical Denial of Service Vulnerability*


*Overview*
According to Google Finance: /Juniper Networks, Inc. designs, develops
and sells products and services that together provide its customers
with network infrastructure that creates responsive and trusted
environments for accelerating the deployment of services and
applications over a single network. The Company serves the networking
requirements of global service providers, enterprises and public

PR09-16: Juniper Secure Access series (Juniper IVE) Cross-Site Scripting Vulnerability

interface without authentication, that a vanilla cross site scripting
(XSS) attack is possible.


Successfully tested on:
Juniper Networks IVE version 6.5R1 (Build 14599)

Model SA-2000


Proof of concept:

PR09-17: Juniper Secure Access seriers (Juniper IVE) authenticated XSS & REDIRECTION

IVE Web interface, that vanilla cross site scripting (XSS) attacks are
possible.


Successfully tested on:
Juniper Networks IVE
version 6.5R1 (Build 14599)
version 6.5R2 (Build 14951)

Model SA-2000

RE: MS09-048 includes fixes for TCP/IP implementation issues reported more than a year ago

        Jim

-- 
James N. Duncan, CISSP
Manager, Juniper Networks Security Incident Response Team (Juniper SIRT)
E-mail: jduncan@juniper.net  Mobile: +1 919 608 0748
PGP key fingerprint: E09E EA55 DA28 1399 75EB  D6A2 7092 9A9C 6DC3 1821

VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.

      remote denial of service. By sending a malformed request, IIS
      might shut down. IIS 6.0 restarts automatically. However, IIS 5.0
      does not restart automatically when its Startup Type is set to
      Manual.

      VMware would like to thank the Juniper Networks J-Security
      Security Research Team for reporting this issue to us.

      The Common Vulnerabilities and Exposures Project (cve.mitre.org)
      has assigned the name CVE-2008-3697 to this issue.


Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!