Details of VAR-200512-0724

ID

VAR-200512-0724

CVE

CVE-2005-4587

TITLE

Juniper NetScreen-Security Manager Remote Denial of Service Vulnerability

Trust: 0.9

sources: BID: 16075 // CNNVD: CNNVD-200512-625

DESCRIPTION

Juniper NetScreen-Security Manager (NSM) 2004 FP2 and FP3 allow remote attackers to cause a denial of service (crash or hang of server components that are automatically restarted) via a long crafted string on (1) port 7800 (the GUI Server port) or (2) port 7801 (the Device Server port). Juniper NSM is prone to a remote denial of service vulnerability. A remote attacker may trigger a crash or hang in the server and deny service to legitimate users. It should be noted that the application ships with a watchdog service that periodically restarts the services. NSM 2004 FP2 and FP3 are reportedly vulnerable. NetScreen-Security Manager (NSM) is a security management platform that provides management and monitoring of devices, networks, and security configurations and policies. TITLE: Juniper NetScreen Security Manager Potential Denial of Service SECUNIA ADVISORY ID: SA18232 VERIFY ADVISORY: http://secunia.com/advisories/18232/ CRITICAL: Less critical IMPACT: DoS WHERE: >From local network SOFTWARE: NetScreen-Security Manager (NSM) 2004 http://secunia.com/product/2843/ DESCRIPTION: David Maciejak has reported a vulnerability in NetScreen Security Manager (NSM) which potentially can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error in "guiSrv" and "devSrv". This can be exploited to crash the service via specially crafted input sent to port 7800 and 7801. The vulnerability has been reported in NSM 2004 FP2 and FP3. Other versions may also be affected. SOLUTION: Update to version FP4r1 (2005.1). PROVIDED AND/OR DISCOVERED BY: David Maciejak ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.35

sources: NVD: CVE-2005-4587 // BID: 16075 // VULHUB: VHN-15795 // PACKETSTORM: 42688

AFFECTED PRODUCTS

vendor:	juniper	model:	netscreen-security manager 2004	scope:	eq	version:	*	Trust: 1.0
vendor:	juniper	model:	netscreen-security manager 2004	scope:	-	version:	-	Trust: 0.6
vendor:	juniper	model:	netscreen-security manager fp3	scope:	eq	version:	2004	Trust: 0.3
vendor:	juniper	model:	netscreen-security manager fp2	scope:	eq	version:	2004	Trust: 0.3
vendor:	juniper	model:	netscreen-security manager	scope:	ne	version:	2005.1	Trust: 0.3

sources: BID: 16075 // CNNVD: CNNVD-200512-625 // NVD: CVE-2005-4587

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2005-4587
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200512-625
value:	HIGH
Trust: 0.6
VULHUB:	VHN-15795
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2005-4587
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-15795
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-15795 // CNNVD: CNNVD-200512-625 // NVD: CVE-2005-4587

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-4587

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200512-625

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200512-625

EXTERNAL IDS

db:	BID	id:	16075	Trust: 2.0
db:	SECUNIA	id:	18232	Trust: 1.8
db:	SECTRACK	id:	1015417	Trust: 1.7
db:	OSVDB	id:	22047	Trust: 1.7
db:	NVD	id:	CVE-2005-4587	Trust: 1.7
db:	CNNVD	id:	CNNVD-200512-625	Trust: 0.7
db:	FULLDISC	id:	20051227 JUNIPER NSM REMOTE DENIAL OF SERVICE	Trust: 0.6
db:	VULHUB	id:	VHN-15795	Trust: 0.1
db:	PACKETSTORM	id:	42688	Trust: 0.1

sources: VULHUB: VHN-15795 // BID: 16075 // PACKETSTORM: 42688 // CNNVD: CNNVD-200512-625 // NVD: CVE-2005-4587

REFERENCES

url:	http://www.securityfocus.com/bid/16075	Trust: 1.7
url:	http://archives.neohapsis.com/archives/fulldisclosure/2005-12/1281.html	Trust: 1.7
url:	http://www.osvdb.org/22047	Trust: 1.7
url:	http://securitytracker.com/id?1015417	Trust: 1.7
url:	http://secunia.com/advisories/18232	Trust: 1.7
url:	http://www.juniper.net/customers/support/products/nsm.jsp	Trust: 0.3
url:	http://www.juniper.net/support/security/alerts/psn-2006-01-005.txt	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/18232/	Trust: 0.1
url:	http://secunia.com/product/2843/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-15795 // BID: 16075 // PACKETSTORM: 42688 // CNNVD: CNNVD-200512-625 // NVD: CVE-2005-4587

CREDITS

David Maciejak david.maciejak@kyxar.fr

Trust: 0.6

sources: CNNVD: CNNVD-200512-625

SOURCES

db:	VULHUB	id:	VHN-15795
db:	BID	id:	16075
db:	PACKETSTORM	id:	42688
db:	CNNVD	id:	CNNVD-200512-625
db:	NVD	id:	CVE-2005-4587

LAST UPDATE DATE

2024-08-14T15:14:58.952000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-15795	date:	2008-09-05T00:00:00
db:	BID	id:	16075	date:	2006-02-07T20:54:00
db:	CNNVD	id:	CNNVD-200512-625	date:	2005-12-30T00:00:00
db:	NVD	id:	CVE-2005-4587	date:	2008-09-05T20:57:15.597

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-15795	date:	2005-12-30T00:00:00
db:	BID	id:	16075	date:	2005-12-28T00:00:00
db:	PACKETSTORM	id:	42688	date:	2005-12-31T02:14:35
db:	CNNVD	id:	CNNVD-200512-625	date:	2005-12-30T00:00:00
db:	NVD	id:	CVE-2005-4587	date:	2005-12-30T11:03:00