Vulnerability-Lookup

CERTA-2006-AVI-005

Vulnerability from certfr_avis - Published: 2006-01-04 - Updated: 2006-01-04

Une vulnérabilité dans NetScreen Security Manager 2004 permet à un utilisateur mal intentionné d'effectuer un déni de service à distance sur cette fonctionnalité.

Description

Une vulnérabilité a été découverte dans les processus guiSrv (accessible par le port 7800/tcp) et devSrv (port 7801/tcp) du NetScreen Security Manager 2004 (NSM 2004). Cette vulnérabilité peut être exploitée afin de provoquer un déni de service sur le NSM 2004.

Par défaut, le service se relance de lui-même grâce à un service de surveillance du système.

Solution

L'éditeur a publié une mise à jour : NSM FP4r1, aussi connu sous le nom de 2005.1.

Juniper NetScreen Security Manager (NSM) 2004 FP2 et FP3.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Changement de version du NSM2004	None	vendor-advisory
Site de l'éditeur :	-	other
Page du support du NetScreen Security Manager :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eJuniper NetScreen Security Manager  (NSM) 2004 FP2 et FP3.\u003c/p\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les processus guiSrv (accessible\npar le port 7800/tcp) et devSrv (port 7801/tcp) du NetScreen Security\nManager 2004 (NSM 2004). Cette vuln\u00e9rabilit\u00e9 peut \u00eatre exploit\u00e9e afin de\nprovoquer un d\u00e9ni de service sur le NSM 2004.\n\nPar d\u00e9faut, le service se relance de lui-m\u00eame gr\u00e2ce \u00e0 un service de\nsurveillance du syst\u00e8me.\n\n## Solution\n\nL\u0027\u00e9diteur a publi\u00e9 une mise \u00e0 jour : NSM FP4r1, aussi connu sous le nom\nde 2005.1.\n",
  "cves": [],
  "initial_release_date": "2006-01-04T00:00:00",
  "last_revision_date": "2006-01-04T00:00:00",
  "links": [
    {
      "title": "Site de l\u0027\u00e9diteur :",
      "url": "http://www.juniper.net"
    },
    {
      "title": "Page du support du NetScreen Security Manager :",
      "url": "http://www.juniper.net/customers/support/products/nsm.jsp"
    }
  ],
  "reference": "CERTA-2006-AVI-005",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-01-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans NetScreen Security Manager 2004 permet \u00e0 un\nutilisateur mal intentionn\u00e9 d\u0027effectuer un d\u00e9ni de service \u00e0 distance\nsur cette fonctionnalit\u00e9.\n",
  "title": "Vuln\u00e9rabilit\u00e9 de Juniper NetScreen Security Manager 2004",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Changement de version du NSM2004",
      "url": null
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted