[AusNOG] Juniper ScreenOS backdoor

Paul Wilkins paulwilkins369 at gmail.com
Fri Dec 18 14:08:18 EST 2015


What's more concerning? The exploit? Or that they have "unauthorised code"
in their code base?

Kind regards

Paul Wilkins

On 18 December 2015 at 12:51, Jonathan Thorpe <jthorpe at conexim.com.au>
wrote:

> Hi All,
>
>
>
> If anyone has any ScreenOS gear still running, you might want to have a
> look at this:
>
> http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10713
>
>
>
> It doesn’t say as much, but US-CERT seem to indicate that this is
> effectively backdoor code:
>
>
> https://www.us-cert.gov/ncas/current-activity/2015/12/17/Juniper-Releases-Out-band-Security-Advisory-ScreenOS
>
>
>
> *“Juniper has discovered unauthorized code in ScreenOS which could allow
> an attacker to take control of NetScreen devices and to decrypt VPN
> connections.”*
>
>
>
> Not cool.
>
>
>
> Kind Regards,
>
> Jonathan
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20151218/6702fb2b/attachment.html>


More information about the AusNOG mailing list