Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

(Correction) Netscreen SSH1 CRC32 Compensation Denial of service
From: Erik Parker <erik.parker () digitaldefense net>
Date: Fri, 1 Nov 2002 12:58:45 -0600 (CST)

There is a major correction to this data. Netscreen contacted me a couple 
of minutes after posting this.  When they confirmed it was vulnerable to 
CRC32, it appears they were actually confirming there was a 'problem', and 
not the actual CRC32 bug. 

This DoS is unrelated to the CRC32 bug, however the CRC32 exploit is 
capable of causing the DoS. 

As a temporary solution until Netscreen can release a new ScreenOS, you 
could disable SSH if this is a viable option for you.

So, it would appear Netscreen did NOT miss the CRC32 bugs that came out, 
and it's just a new one. 

It would appear Netscreen's lack of response was due to improper handling 
of the notifications and E-mails, combined with them moving offices over 
the past couple of weeks. product-sec-alert () netscreen com seems to get you 
to the right place, at the right time.

  By Date           By Thread  

Current thread:
  • (Correction) Netscreen SSH1 CRC32 Compensation Denial of service Erik Parker (Nov 01)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]