There is a major correction to this data. Netscreen contacted me a couple of minutes after posting this. When they confirmed it was vulnerable to CRC32, it appears they were actually confirming there was a 'problem', and not the actual CRC32 bug. This DoS is unrelated to the CRC32 bug, however the CRC32 exploit is capable of causing the DoS. As a temporary solution until Netscreen can release a new ScreenOS, you could disable SSH if this is a viable option for you. So, it would appear Netscreen did NOT miss the CRC32 bugs that came out, and it's just a new one. It would appear Netscreen's lack of response was due to improper handling of the notifications and E-mails, combined with them moving offices over the past couple of weeks. product-sec-alertat_private seems to get you to the right place, at the right time.
This archive was generated by hypermail 2b30 : Fri Nov 01 2002 - 13:44:05 PST