Educause Security Discussion mailing list archives
Re: Juniper backdoor password now public (plus bonus Shodan .edu search)
From: Alex Keller <axkeller () STANFORD EDU>
Date: Mon, 21 Dec 2015 21:15:07 +0000
It's already achieved legendary status, in no small part because of the intense speculation it is NOBUS ('Nobody But
Us') handiwork. This discovery comes at a time when current events have catalyzed a feeding frenzy by the proponents of
"exceptional access" for National Security and LEOs.
Indeed the scope right now is specific versions of ScreenOS, but there is little doubt that 2016 will usher in deep
dive code reviews for all the major network vendors.
The HD Moore (Rapid7/Metasploit) analysis is solid (link previously provided by Shawn Merdinger), here is another
decent write-up on the emerging technical details:
https://www.imperialviolet.org/2015/12/19/juniper.html
Almost certainly this story will become curiouser and curiouser in the coming days and weeks.
Best,
Alex
Alex Keller
StanfordĀ | Engineering
Information Technology
axkeller () stanford edu
(650)736-6421
-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Brian
Helman
Sent: Monday, December 21, 2015 12:37 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Juniper backdoor password now public (plus bonus Shodan .edu search)
This is a serious vulnerability, but before it becomes Internet legend, this issue does not impact the entire line of
Juniper products. It "only" impacts Juniper ScreenOS systems, not JunOS (that we know of at this time). Netscreen
products include the NS and SSG VPN/Firewall chassis. SRX next-gen systems as well as EX and MX gear run JunOS.
There are patched versions of the firmware available.
-Brian
-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Shawn
Merdinger
Sent: Sunday, December 20, 2015 10:11 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Juniper backdoor password now public (plus bonus Shodan .edu search)
fyi
https://community.rapid7.com/community/infosec/blog/2015/12/20/cve-2015-7755-juniper-screenos-authentication-backdoor
https://gist.github.com/hdm/18c8818d8623c2053e5c#file-19b-19-diff-L466
[ 83 hits ] -- https://www.shodan.io/search?query=org%3Auniversity+netscreen
[ 16 hits ] -- https://www.shodan.io/search?query=org%3Acollege+netscreen
Thanks,
--scm
Current thread:
- Juniper backdoor password now public (plus bonus Shodan .edu search) Shawn Merdinger (Dec 20)
- Re: Juniper backdoor password now public (plus bonus Shodan .edu search) Brian Helman (Dec 21)
- Re: Juniper backdoor password now public (plus bonus Shodan .edu search) Alex Keller (Dec 21)
- Re: Juniper backdoor password now public (plus bonus Shodan .edu search) Brian Helman (Dec 21)