ScreenOS: Network based denial of service vulnerability in ScreenOS

Product Affected:

This issue can affect any Netscreen and ScreenOS Series products running ScreenOS.

 
Problem:

A vulnerability in ScreenOS L2TP packet processing may allow a remote network based attacker to cause a denial of service condition on ScreenOS devices by sending a crafted L2TP packet.

This issue is assigned CVE-2015-7750.

 
Solution:

​This issue has been resolved in ScreenOS 6.3.0r13-dnd1 and 6.3.0r18-dnc1.

This issue is being tracked as PR 1086779 and is visible on the Customer Support website.

KB16765 - "In which releases are vulnerabilities fixed?" describes which release vulnerabilities are fixed as per our End of Engineering and End of Life support policies.​​

Workaround:
On ScreenOS 6.3.0 this issue can be mitigated by not configuring L2TP settings.

Cisco/Juniper Commands

Cisco Command	Juniper Command	Co-Ordinating Definition
show run	sh configuration	Show running configuration
sh ver	sh ver	Show version
show ip interface brief	show interface terse	displays the status of interfaces configured for IP
show interface [intfc]	show interfaces [intfc] detail	displays the interface configuration, status and statistics.
show controller intfc	show interfaces intfc extensive	displays information about a physical port device
show interface | incl (proto|Desc)	show interfaces description	displays the interface configuration, status and statistics
show ip route	show route	displays summary information about entries in the routing table
show ip bgp summary	show bgp summary	displays the status of all Border Gateway Protocol (BGP) connections
show ip bgp net mask	show route protocol bgp prefix	will show you how that route is being advertised, look for the first line
show ip bgp net mask longer-prefixes	show route range prefix	will show you how that route is being advertised, look for the first line
show ip bgp regexp AS-regexp	show route aspath-regexp "AS-regexp"	displays routes matching the autonomous system (AS) path regular expression
show ip bgp neighbors neigh received-routes	show route receive-protocol bgp neigh show route source-gateway neigh protocol bgp	Shows whether a neighbor supports the route refresh capability
show ip bgp neighbor neigh advertised-routes	show route advertising-protocol bgp neigh	Shows whether a neighbor supports the route refresh capability
show clns neighbors	show isis adjacency	displays both ES and IS neighbors
show clns interface	show isis interface	shows specific information about each interface
show ip route isis	show isis routes	displays the current state of the the routing table
show isis topology	show isis spf	displays a list of all connected routers in all areas
show ip ospf interface	show ospf neighbor	shows neighbor ID, Priority, IP, & State if the neighbor router, dead time.
show ip ospf interface	show ospf interface	shows neighbor id, pri, state, dead time, address and interface
show ip route ospf	show ospf route	display the current state of the routing table
show ip ospf database	show ospf database	display list of information related to the OSPF database for a specific communication server
show version	show version, show system uptime	display the system hardware config., software version, and name and source of configuration files and boot images
show diags	show chasis hardware	displays power-on diagnostics status
show processes cpu	show system process	displays utilization statistics
show tech-support	request support info	displays the current software image, configuration, controllers, counters, stacks, interfaces, memory and buffers
show logging	show log messages	display the state of logging to the syslog
show route-map name	show policy name	displayall route-maps configured or only the one specified
show ip prefix-list name	show policy name	display information about a prefix list or prefix list entries
show ip community-list list	configure,  show policy-options community name	display routes that are permitted by BGP community list
show environment all	show chassis  environment	displays temperature and voltage information on the console
ping dest	ping dest rapid (for cisco like output) ping dest (for unix like output)	to check to see if a destination is alive
ping (setting source int)	ping dest bypass-routing	to check to see if a destination is alive
terminal monitor	monitor start messages	Change console terminal settings
terminal no monitor	monitor stop	Change console terminal settings
terminal length 0	set cli screen-length 0	sets the length for displaying command output

Junos: Enterprise networks gain scalability, security, and flexibility.

As businesses move to the cloud to solve their data management and access problems, they see a critical need for solutions that can help them bridge the gap between their existing environment and their vision of a more agile and flexible network.

In today’s enterprise campus, the majority of networks are manual systems comprising layers of switches, VLANs, and security products, each adding operational complexity. Because these layers must be administered manually, they introduce the potential for human errors that can disrupt services and open security gaps.

These challenges are prompting a growing number of enterprises to adopt cloud technologies as their primary operating model. With the right tools and platforms, enterprises can transform their campus network into a critical on-ramp to cloud-based applications that are deployed in private clouds and on-premise data centers or hosted in remote locations.

Cloud-Enable the Enterprise Campus

Enter Juniper Unite - a simple and secure cloud-enabled infrastructure that supports a diverse set of devices, applications, people, and things.

Juniper Unite dynamically provides network infrastructure to support any business imperative while improving your employees’ business productivity securely, wherever they are.

• Simplified infrastructure that is scalable and resilient to keep up with the demands of users and cloud applications. Combined with a management interface that provides zero-touch provisioning and visibility into network operations, these elements lower the costs associated with today’s brittle and complex enterprise networks.
• Comprehensive enterprise security that provides visibility into the network and the ability to defend against threats in real time via a multitude of sensors and third-party feeds.
• Open Convergence Framework with APIs that integrate with best-of-breed technology such as WLAN and unified communications or security feeds. The APIs also offer automation and orchestration capabilities for the future.

Juniper Unite delivers high-scale service capabilities for enterprise IT departments, with innovation derived from building the world’s largest cloud-based networks and tailoring it to the enterprise.