nanog mailing list archives

Re: [CVE-2015-7755] Backdoor in Juniper/ScreenOS

From: Karsten Thomann <karsten_thomann () linfre de>
Date: Fri, 18 Dec 2015 13:19:36 +0000

Am Freitag, 18. Dezember 2015, 09:28:11 schrieb Stephane Bortzmeyer:

http://forums.juniper.net/t5/Security-Incident-Response/Important-Announceme
nt-about-ScreenOS/ba-p/285554

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10713&cat=
SIRT_1

&actp=LIST

Should we blame Juniper for letting a git repository open to
"unauthorized code" or should we congratulate them for their frankness
(few corporations would have admitted the problem)?


I think we should do both, even if it would be interessting to know how long 
the problem already exists.

Current thread:

[CVE-2015-7755] Backdoor in Juniper/ScreenOS Stephane Bortzmeyer (Dec 18)
- Re: [CVE-2015-7755] Backdoor in Juniper/ScreenOS Karsten Thomann (Dec 18)
  - Re: [CVE-2015-7755] Backdoor in Juniper/ScreenOS Dave Taht (Dec 18)
    - Re: [CVE-2015-7755] Backdoor in Juniper/ScreenOS Steven M. Bellovin (Dec 18)
    - Re: [CVE-2015-7755] Backdoor in Juniper/ScreenOS Steven M. Bellovin (Dec 18)
    - Re: [CVE-2015-7755] Backdoor in Juniper/ScreenOS Royce Williams (Dec 18)
    - Re: [CVE-2015-7755] Backdoor in Juniper/ScreenOS Steven M. Bellovin (Dec 18)
  - Re: [CVE-2015-7755] Backdoor in Juniper/ScreenOS A . L . M . Buxey (Dec 18)
- Re: [CVE-2015-7755] Backdoor in Juniper/ScreenOS Stephane Bortzmeyer (Dec 21)
- Re: [CVE-2015-7755] Backdoor in Juniper/ScreenOS Doug Barton (Dec 21)