Knowledge Search


×
 

Remote crash of ScreenOS via the SSHv1 service

  [JSA10339] Show Article Properties


Legacy Advisory Id:
PSN-2004-08-003
Product Affected:
Juniper Networks NetScreen firewalls with SSHv1 enabled
Problem:
On Juniper Networks NetScreen firewalls, the SSHv1 service implementation has an error which allows an attacker to crash ScreenOS.

A malicious person who can connect to the SSHv1 service on a Juniper Networks Netscreen firewall can crash the device prior to being authenticated. Upon execution of the attack, the firewall will reboot or hang, which will prevent traffic from flowing through the device.

Solution:
The SSHv1 code has been updated to eliminate the vulnerability.
Implementation:
Customers have a number of choices to mitigate the attack:
  1. Upgrade the firewall to one of the following versions of ScreenOS:
    VersionAvailability
    5.0.0r8Now
    5.0.0r8.1Now
    4.0.0r13Now
    4.0.1r11Now
    4.0.3r8Now
    4.0.1-Dial2r5Now
    4.0.1-SBRr5Now
    4.0.1-IGMP3r4Now
    4.0.1-MCASTr2Now
    3.0.3r9Now
  2. Disable SSHv1 and manage the device through other means (such as HTTPS).
  3. Configure the firewall to only accept connections from trusted IP addresses. Additionally, enabling IP Spoof protection will add an additional layer of security.
Related Links:
Risk Level:
High
Risk Assessment:
The vulnerability requires a valid TCP connection to the SSH service on the firewall which may mitigate some risk. However, the attack does not require an authenticated session.