Vulnerability Development mailing list archives
Re: NetScreen Slipstream
From: "Alex Lambert" <alambert () webmaster com>
Date: Fri, 13 Sep 2002 18:06:53 -0500
http://www.netscreen.com/support/alerts/9_6_02.htm Works fine here. apl ----- Original Message ----- From: "Blue Boar" <BlueBoar () thievco com> To: <vuln-dev () securityfocus com> Sent: Friday, September 13, 2002 2:38 PM Subject: NetScreen Slipstream
I was asked to proxy this note to the list. I do not have one of these boxes to verify the problem myself, and it doesn't look like one can
access
the release notes without registering a product, so I can not personally vouch for the accuracy of this report. Forwarded note below. BB -------------------------------------------------------------------- this is from netscreen's release notes for 4.0.0r2 * 21901 - (IKE) Under certain conditions, an overly large SPI payload value in the IKE Phase 1 response message triggered a buffer overflow, or an IKE packet with a large number of payloads could trigger a stack
overflow.
There is no mention here http://www.netscreen.com/support/alert.html of this Screen OS 4.0.0r2 fixes the issue - though I can't test as I have no idea that the "certain conditions" were It is a pity that they are so reticent about mentioning these issues as their products are quite good.
Current thread:
- Re: NetScreen Slipstream Alex Lambert (Sep 17)
- Re: NetScreen Slipstream Blue Boar (Sep 18)
- Re: NetScreen Slipstream KF (Sep 18)
- Re: NetScreen Slipstream Blue Boar (Sep 18)