NetScreen Advisory 58412: XSS Bug in NetScreen-SA SSL VPN
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Title: NetScreen Advisory 58412
Date: 02 March 2004
Impact: Possible theft of user credentials and remote script execution.
Affected Products: NetScreen IVE running version 3.0 to 3.3.1.
Max Risk: Low
Summary:
A cross-site scripting (XSS) vulnerability was discovered during an
external security audit of release 3.3 Patch 1 of the IVE. This
vulnerability affects customers using all versions of the IVE Platform
since 3.0. At this time there have been no reports of customers
compromised due to this IVE vulnerability.
Details:
There exists a cross-site scripting bug in 'row' parameter of the
'delhomepage.cgi' URL. This issue may result in the theft of
credentials such as session cookies and allow hostile client-side
scripts to run with unintended access privileges. The scope of the
problem is limited because only authenticated users can access the
affected URL.
NetScreen has security patches available to address this vulnerability.
We highly recommend that you upgrade your IVE to a patch corresponding
to your currently installed release.
Recommended Actions:
Install the appropriate patch corresponding to your currently installed
release.
Getting Fixed Software for NetScreen IVE Products:
NetScreen is offering free fixes for IVE versions 3.2.1 through 3.3.1
for all customers, regardless of service contract status. The following
security releases which contain the fix for this issue are available
on the NetScreen support site for all customers.
Updates available immediately:
- - 3.2.1 Patch 1-S2 (Build 5633)
- - 3.3-S1 (Build 5607)
- - 3.3 Patch 1-S1 (Build 5605)
- - 3.3.1-S1 (Build 5651)
Customers may download the above patches on the NetScreen IVE support
website at https://support.neoteris.com.
Customers with further questions may contact the NetScreen IVE Technical
Assistance Center at 408-543-2991 (Option 2) or send email to
help@xxxxxxxxxxxxxxxxxxxxx
This advisory as well as any future updates will be made available
through the NetScreen Security Notices webpage:
http://www.netscreen.com/services/security/security_notices.jsp
If you wish to verify the validity of this Security Advisory, the
public PGP key can be accessed at:
http://www.netscreen.com/services/security/
Thanks to Mark Lachniet of Analysts International
[lachniet -=at=- analysts.com] for reporting this issue and working
with us.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: NetScreen Security Response Team <security-alert@xxxxxxxxxxxxx>
iD8DBQFAR3oVW2Bw6QjqXRcRAjyEAJ4ldgHMHZVLKTIobZG+eZfo4U8J4wCgk35y
kUmrtcdta2ijAi6qG32Pe0o=
=9Nzh
-----END PGP SIGNATURE-----