|
 |
|
NetScreen-Security Manager Communication Disclosure
|
|
|
|
|
Secunia Advisory:
|
SA10675
|
|
|
Release Date:
|
2004-01-20
|
|
Last Update:
|
2005-03-14
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Exposure of system information
Exposure of sensitive information
|
|
Where:
|
From local network
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | NetScreen-Security Manager (NSM) 2004
|
| | CVE reference: | CVE-2004-1766 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
A vulnerability has been reported in NetScreen-Security Manager, which can be exploited by malicious people to gain knowledge of sensitive information.
Communication between NetScreen-Security Manager and network devices running ScreenOS 5.0 is not encrypted by default. This may disclose configuration information to people, who are able to intercept the traffic.
The vulnerability affects NetScreen-Security Manager 2004.
Solution:
The vulnerability will be fixed in NetScreen-Security Manager 2004 Feature Pack 1.
The vendor recommends that one of the following two solutions are used in the meantime.
1) Add the following line in the "devSvr.cfg" file located in the "/usr/netscreen/DevSvr/var/" folder:
devSvrManager.cryptoKeyLength 128
Restart DevSvr services for the changes to take effect.
-- OR --
2) As root, run the script "addCryptoParam.sh", which is available at:
http://www.netscreen.com/cso
Restart DevSvr services for the changes to take effect.
Provided and/or discovered by:
Reported by vendor.
Changelog:
2004-01-23: Added CERT reference.
2005-03-14: Added CVE reference.
Original Advisory:
http://www.netscreen.com/services/security/alerts/1_19_04_58290.jsp
Other References:
CERT VU#927630
http://www.kb.cert.org/vuls/id/927630
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
1 Related Secunia Security Advisories
|
|
|
1. Juniper NetScreen Security Manager Potential Denial of Service
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
|
|
Secunia PSI
Scan | Patch | Track
Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|
