-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Title:
Specifically crafted packets can cause NSM Denial of Service 

Date:
19 January 2006

Version:
2.0

Impact:
Denial of Service

Affected Products:
Juniper Networks, Netscreen Security Manager prior to NSM FP4r1
also known as 2005.1

Max Risk:
Low

Summary:
Specifically crafted packets can cause NSM Denial of Service

Details:
NetScreen Security Manager enables you to integrate and centralize
management of your Juniper Networks NetScreen security environment.
Under certain circumstances, malicious users could cause guiSrv and
devSrv to crash by sending specially crafted packets.

Mitigating factors:
It is common best practice to restrict access to administration
platforms to trusted clients only. Juniper Networks recommends
connections to guiSrv and devSrv be exclusively restricted to trusted
segments.

The NSM watchdog process automatically restarts any halted daemons
every 5 minutes.

Recommended Actions:
Upgrade to NSM FP4r1 also known as 2005.1 or more recent version

Credit:
Discovered by David Maciejak

Disclaimer:
Juniper Networks is providing this notice on an "AS IS" basis. No
warranty or guarantee of any kind is expressed in this notice and none
should be implied. Juniper Networks expressly excludes and disclaims
any warranties regarding this notice or materials referred to in this
notice, including, without limitation, any implied warranty of
merchantability, fitness for a particular purpose, absence of hidden
defects, or of noninfringement. Your use or reliance on this notice or
materials referred to in this notice is at your own risk. Juniper
Networks may change this notice at any time.


If you wish to verify the validity of this Security Advisory, the 
public PGP key can be accessed at:
http://www.juniper.net/support/security/

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQA/AwUBQ8/fwgJw4nLp1sbREQJrnQCghPEvI94cMZOLmOPVbPJ2mxg/iu8AniDj
98u3KVBXhnXrx1UO6oTzQiCa
=0xXX
-----END PGP SIGNATURE-----