[j-nsp] JUNOS Vulnerability

[U. Abdullah Sheikh]

Hi Guys,

The long awaited vulnerability details are published by Juniper. I 
understand that I can share this with my customers.  For actual 
vulnerability detail, please contact your Juniper representative.

By the way, we already upgraded 40% of the boxes. :D

View JTAC Technical Bulletin
[Search] [Advanced Search] [Browse]
View Bulletin PSN-2005-01-010

Title Security Vulnerability in JUNOS Software

Products Affected All M-series and T-series routing platforms

Platforms Affected
�� Security
�� JUNOS 7.x
�� JUNOS 5.x
�� JUNOS 6.x
�� JUNOS 3.x
�� JUNOS 4.x

Revision Number 1

Issue Date 2005-01-26

PSN Issue : Juniper Networks has identified a serious security vulnerability 
within our JUNOS Software. This vulnerability could be exploited either by a 
directly-attached neighboring device or by a remote attacker that can 
deliver certain packets to the router. Routers running vulnerable JUNOS 
software are susceptible regardless of the router's configuration. It is not 
possible to use firewall filters to protect vulnerable routers. This 
vulnerability is specific to Juniper Networks routers running JUNOS software 
releases built prior to January 7, 2005. Routers that do not run JUNOS 
software are not susceptible to this vulnerability. Juniper Networks is not 
aware of any actual or attempted exploit of this vulnerability.

Solution: JUNOS software has been modified to address this vulnerability. 
All versions of JUNOS software built on or after January 22, 2005 contain 
the modified code. Software built between January 7 and January 22 may 
contain the modified code, depending on the specific JUNOS release.
Solution Implementation: All customers are strongly encouraged to upgrade 
their software to a release that contains the modified code. Pointers to 
software releases that contain the corrected code can be found in the 
Related Links section below. Customers can also contact the Juniper Networks 
Technical Assistance Center for download information.

RelatedLinks
�� Software Download Links

Attributes
Audience Customer Service

Alert Type Product Support Notification

Risk Level High

Risk Assessment
Both directly-attached and remote attackers can severely disrupt normal 
operation of the routing
platform.

Created Date 2005-01-26 05:13:46.0

Last Modified
Date
2005-01-26 05:13:46.0
<< Back
[Search Tips]
Page 1 of 1 Juniper Networks, Inc. - JTAC Technical Bulletins View
27-Jan-05 
http://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2005-01-...

Disclaimer: This information is shared on best effort basis. I am not 
responsible for any error on inaccuracy. Do your own research :D

Cheers
Shek