[j-nsp] Juniper and OpenSSH exploits

Tue Sep 23 15:56:59 EDT 2003

Hi,

On Tue, Sep 23, 2003 at 08:39:20AM -0400, Jeff Aitken wrote:
> On Tue, Sep 23, 2003 at 10:58:40AM +0300, Pekka Savola wrote:
> > Are you really running your junipers without a filter running on lo0.0, 
> > protecting TCP/22, etc?  If such are implemented properly, this issue is 
> > not all that intresting..
> 
> Is it not true that a single packet (i.e., a packet with an
> appropriately spoofed source-IP such that it will make it through
> the filter) can cause problems?  Or is two-way conversation between
> the router and the attacker required in order to exploit the
> vulnerability?

The current buffer problems happen inside an established TCP connection.

One packet won't be sufficient for that, you need to be able to spoof
the 3way-Handshake.

gert
-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de