[AusNOG] Juniper ScreenOS backdoor

Jonathan Thorpe jthorpe at Conexim.com.au
Fri Dec 18 14:35:23 EST 2015


Considering the earliest release it affects is 6.2.0r12, that means it’s been there since at least October 2011!

Kind Regards,
Jonathan

From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Paul Wilkins
Sent: 18 December 2015 14:08
To: ausnog at lists.ausnog.net
Subject: Re: [AusNOG] Juniper ScreenOS backdoor

What's more concerning? The exploit? Or that they have "unauthorised code" in their code base?
Kind regards
Paul Wilkins

On 18 December 2015 at 12:51, Jonathan Thorpe <jthorpe at conexim.com.au<mailto:jthorpe at conexim.com.au>> wrote:
Hi All,

If anyone has any ScreenOS gear still running, you might want to have a look at this:
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10713

It doesn’t say as much, but US-CERT seem to indicate that this is effectively backdoor code:
https://www.us-cert.gov/ncas/current-activity/2015/12/17/Juniper-Releases-Out-band-Security-Advisory-ScreenOS

“Juniper has discovered unauthorized code in ScreenOS which could allow an attacker to take control of NetScreen devices and to decrypt VPN connections.”

Not cool.

Kind Regards,
Jonathan

_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net>
http://lists.ausnog.net/mailman/listinfo/ausnog

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20151218/0bdfd637/attachment.html>


More information about the AusNOG mailing list