[j-nsp] JUNOS Vulnerability

[Eric Van Tol]

Does anyone know if this is at all similar to the Cisco BGP
vulnerability released today?  Seems more than mere coincidence that
both vendors release a security vulnerability notice on the same day.

http://www.cisco.com/warp/public/707/cisco-sa-20050126-bgp.shtml

We upgraded Junos last night (and immediately found a cosmetic bug in
the new version!).

-evt 

-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of U. Abdullah
Sheikh
Sent: Wednesday, January 26, 2005 12:39 PM
To: juniper-nsp at puck.nether.net
Subject: [j-nsp] JUNOS Vulnerability

Hi Guys,

The long awaited vulnerability details are published by Juniper. I 
understand that I can share this with my customers.  For actual 
vulnerability detail, please contact your Juniper representative.

By the way, we already upgraded 40% of the boxes. :D

View JTAC Technical Bulletin
[Search] [Advanced Search] [Browse]
View Bulletin PSN-2005-01-010

Title Security Vulnerability in JUNOS Software

Products Affected All M-series and T-series routing platforms

Platforms Affected
�� Security
�� JUNOS 7.x
�� JUNOS 5.x
�� JUNOS 6.x
�� JUNOS 3.x
�� JUNOS 4.x

Revision Number 1

Issue Date 2005-01-26

PSN Issue : Juniper Networks has identified a serious security
vulnerability 
within our JUNOS Software. This vulnerability could be exploited either
by a 
directly-attached neighboring device or by a remote attacker that can 
deliver certain packets to the router. Routers running vulnerable JUNOS 
software are susceptible regardless of the router's configuration. It is
not 
possible to use firewall filters to protect vulnerable routers. This 
vulnerability is specific to Juniper Networks routers running JUNOS
software 
releases built prior to January 7, 2005. Routers that do not run JUNOS 
software are not susceptible to this vulnerability. Juniper Networks is
not 
aware of any actual or attempted exploit of this vulnerability.

Solution: JUNOS software has been modified to address this
vulnerability. 
All versions of JUNOS software built on or after January 22, 2005
contain 
the modified code. Software built between January 7 and January 22 may 
contain the modified code, depending on the specific JUNOS release.
Solution Implementation: All customers are strongly encouraged to
upgrade 
their software to a release that contains the modified code. Pointers to

software releases that contain the corrected code can be found in the 
Related Links section below. Customers can also contact the Juniper
Networks 
Technical Assistance Center for download information.

RelatedLinks
�� Software Download Links

Attributes
Audience Customer Service

Alert Type Product Support Notification

Risk Level High

Risk Assessment
Both directly-attached and remote attackers can severely disrupt normal 
operation of the routing
platform.

Created Date 2005-01-26 05:13:46.0

Last Modified
Date
2005-01-26 05:13:46.0
<< Back
[Search Tips]
Page 1 of 1 Juniper Networks, Inc. - JTAC Technical Bulletins View
27-Jan-05 
http://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2005-01-.
..

Disclaimer: This information is shared on best effort basis. I am not 
responsible for any error on inaccuracy. Do your own research :D

Cheers
Shek


_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
http://puck.nether.net/mailman/listinfo/juniper-nsp