There is a vulnerability in NetScreen's latest ScreenOS

that allows a malicious user to create a denial of

service attack remotely.



This has only been confirmed with the following

operating systems and NetScreen hardware.



Microsoft Windows 2000 Professional SP1 and SP2

NetScreen 204 and 208



By modifying the TCP Window size in the registry in W2K

a user can cause a NetScreen 20x running ScreenOS

4.0.3r2 to core dump the ASIC and reboot.



This only affects devices that have management services

such as Web, Telnet, or SSH enabled on an interface.



When a user tries to connect to one of the management

ports with the registry settings below the NetScreen

crashes.



\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

New DWORD Value



Tcp1323Opts

HEX

3



TcpWindowSize

Decimal

131400



Papa Love Mambo Research Group

plm at ioerror.org