procheckup logo
sidebar_boxes_image

Contact Us

Find out more information about ProCheckUp click here.


sidebar_boxes_image

Services

Find out more about ProCheckUp services here.


sidebar_boxes_image

Events

  • PCI DSS User Group meeting

    Neira Jones will be speaking on Barclaycards current approach to PCI and offering advice and guidance to merchants.

Click here to see more events.

Vulnerabilities 2009


PR09-05 ScreenOS remote information disclosure on Juniper Netscreen ScreenOS Firewalls


  • Advisory publicly released: Friday, 24 April 2009
  • Vulnerability found: Sunday, 22 March 2009
  • Vendor informed: Sunday, 22 March 2009
  • Severity level: Low
  • Credits
    Richard Brain of ProCheckUp Ltd (www.procheckup.com).
    Loren Weith with CentraComm Communications, Ltd.
  • Description
    By simply requesting the about.html file, the firewall returns the version of ScreenOS and patch level used and the feature set.
    No authentication is needed to retrieve this information on the firewall's OS. It is common to find exposed ScreenOS WebUI firewall management front-ends on the Internet, attackers might use the exposed information to carry out targeted attacks knowing the version and patch level of the fir
  • Proof of concept
    http://target-domain.foo/about.html
    https://target-domain.foo/about.html


    Returns

    Juniper Networks, Inc.

    Version: 6.2.0r1.0 (Firewall+VPN)

    ScreenOS WebUI
    Copyright © 1997-2008 Juniper Networks, Inc.
    All Rights Reserved.


    For the latest technical information visit:
    http://www.juniper.net
  • How to fix
    Ensure that the firewall's management interface is disabled on the Internet connected interface, by disabling WeBUI within service options on the Internet connected interface.

    Juniper Networks have released the 6.2.0r2.0, 6.2R2 and 5.4.0r12 software updates on the 8th April 2009 which solves the issue.
  • Successfully tested on
    Juniper Networks SSG 320 ScreenOS Version: 6.2.0r1.0
    Juniper Networks netscreen SSG 520 ScreenOS Version:6.1.0r1.0
    Juniper Networks netscreen 208 ScreenOS Version: 5.4.0r10.0
  • Consecuences
    A remote attacker could recover information with regards to the target site's operating system version and patch level.
    This kind of information might be useful to attackers in certain scenarios. i.e.: when attempting to exploit published vulnerabilities in a outdated version of ScreenOS.
  • Vendor feedback
    Juniper stated that no security advisory is needed to be released due to the low CVSS score of the vulnerability, and Juniper knew of the issue already.

    Procheckup found this issue affected different Juniper firewall firmware, going back to at least 2006.
  • References


    http://www.procheckup.com/vulnerability_manager


    http://www.juniper.net/us/en/products-services/security/ssg-series/


  • Legal
    Copyright 2009 Procheckup Ltd. All rights reserved.

    Permission is granted for copying and circulating this Bulletin to the Internet community for the purpose of alerting them to problems, if and only if, the Bulletin is not edited or changed in any way, is attributed to Procheckup, and provided such reproduction and/or distribution is performed for non-commercial purposes.

    Any other use of this information is prohibited. Procheckup is not liable for any misuse of this information by any third party.