-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Title: Juniper NetScreen Advisory 59147
Date: 29 June 2004
Version: 1


Impact:
Possible HTTP cross-site script execution.


Affected Products:
Juniper Networks NetScreen 5GT Firewalls with AV        5.0.0r1 - 5.0.0r7


Unaffected Products:
Juniper Networks NetScreen 5GT Firewalls without AV     (all versions)
All other Juniper Networks NetScreen Firewalls          (all versions)


Max Risk: Medium 


Summary:
The Juniper Networks NetScreen 5GT Firewall has a HTTP cross-site scripting
vulnerability in the antivirus scan engine.


Details:
The antivirus scan engine in the Juniper Networks NetScreen 5GT Firewall is
susceptible to an HTTP cross-site scripting vulnerability.

When a user downloads Internet content using a Web browser, the antivirus scan
engine scans the contents for viruses. If the file is a zip archive, the scan
engine examines the member files within the archive. When a virus is detected,
the user is presented with a virus notification dialog containing the name of
the infected archive member. If an attacker manually crafts a zip archive
containing a virus-infected file with a specially formatted filename, the
notification dialog could present a cross-site scripting vulnerability. 


Recommended Actions:
Upgrade to ScreenOS 5.0.0r8 which fixes this issue.  Customers unable to
upgrade to 5.0.0r8 at this time can disable HTTP protocol scanning in the Scan
Manager.


Patch Availability:
NetScreen currently has ScreenOS version 5.0.0r8 available for Juniper
Networks NetScreen Firewalls.  

How to get ScreenOS:
Customers with a valid product warranty or a support contract may download the
software from the Juniper NetScreen CSO web portal: 
http://www.juniper.net/support/

For all other customers, including those with expired support contracts, please
call your regional Juniper NetScreen TAC center at one of the numbers
listed in: http://www.juniper.net/support/nscn_support/tao/contact.html

Select option 2 from the telephone menu and be sure to select the correct
product from the phone tree.  Once connected with an engineer state that you
are calling in regards to a Security Advisory and provide the title of this
notice as evidence of your entitlement to the specified release.

As with any new software installation, Juniper customers planning to upgrade
to any version of ScreenOS should carefully read the release notes and other
relevant documentation before beginning any upgrade.

If you wish to verify the validity of this Security Advisory, the public PGP
key can be accessed at: 
http://www.juniper.net/support/nscn_support/security/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: NetScreen Security Response Team <security-alert@netscreen.com>

iD8DBQFA4bjFW2Bw6QjqXRcRAqbQAKCDtHWrlbTZb+woQ0sVt2TedHbDEgCfccor
jyMyJLsvlRZMnS9aM7jxdLc=
=ifnI
-----END PGP SIGNATURE-----