A flaw in the operating system used in NetScreen's firewall/VPN servers could be exploited to cause the machine to reboot, resulting in a temporary service outing.
Due to a bug in ScreenOS, a non-privileged user who attempts to connect to a NetScreen Security Device management IP from the range of addresses permitted by the manager-ip feature with a particular TCP window option setting, can cause the system to crash and reboot. This issue affects Telnet and WebUI (HTTP/HTTPS) management, as well as WebAuth authentication service (HTTP/HTTPS).
Affected products: NetScreen Firewall/VPN products running ScreenOS 4.0.1r1 through 4.0.1r6 and 4.0.3r1 and 4.0.3r2.
For details, see http://www.netscreen.com/services/security/alerts/advisory-57739.txt.