Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] Is ScreenOS vulnerable to CVE-2004-0230, Bugtraq ID: 10183, or NISCC 236929?

0

0

Article ID: KB13270 KB Last Updated: 27 Aug 2018Version: 3.0
Summary:

This article answers the question: "Is ScreenOS vulnerable to CVE-2004-0230, Bugtraq 10183, or NISCC 236929?" and indicates the ScreenOS release in which this issue has been addressed.

 

Symptoms:

A third party security scan has flagged a possible security vulnerability with the firewall device. This is reported as:

  • CVE-2004-0230

  • Bugtraq ID: 10183

  • NISCC Advisory Number 236929

 

Solution:

This issue has been addressed in ScreenOS 5.0.0r6 and later.

In response to the NISCC VULN 236929, a new command has been implemented in this release. The command is:

set/unset flow check tcp-rst-sequence

By default, the command is not set. This command alters the device’s response to potentially spoofed TCP RST packets.

For more details on the Juniper response to this, see JSA10319 - TCP protocol vulnerable to spoofed packets (NISCC/TCP/236929).

 

Modification History:

2018-08-27: Link to Juniper response updated in the Solution section

 

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search