[j-nsp] JUNOS Vulnerability
Eric Van Tol
eric at atlantech.net
Wed Jan 26 12:45:04 EST 2005
Does anyone know if this is at all similar to the Cisco BGP
vulnerability released today? Seems more than mere coincidence that
both vendors release a security vulnerability notice on the same day.
http://www.cisco.com/warp/public/707/cisco-sa-20050126-bgp.shtml
We upgraded Junos last night (and immediately found a cosmetic bug in
the new version!).
-evt
-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of U. Abdullah
Sheikh
Sent: Wednesday, January 26, 2005 12:39 PM
To: juniper-nsp at puck.nether.net
Subject: [j-nsp] JUNOS Vulnerability
Hi Guys,
The long awaited vulnerability details are published by Juniper. I
understand that I can share this with my customers. For actual
vulnerability detail, please contact your Juniper representative.
By the way, we already upgraded 40% of the boxes. :D
View JTAC Technical Bulletin
[Search] [Advanced Search] [Browse]
View Bulletin PSN-2005-01-010
Title Security Vulnerability in JUNOS Software
Products Affected All M-series and T-series routing platforms
Platforms Affected
�� Security
�� JUNOS 7.x
�� JUNOS 5.x
�� JUNOS 6.x
�� JUNOS 3.x
�� JUNOS 4.x
Revision Number 1
Issue Date 2005-01-26
PSN Issue : Juniper Networks has identified a serious security
vulnerability
within our JUNOS Software. This vulnerability could be exploited either
by a
directly-attached neighboring device or by a remote attacker that can
deliver certain packets to the router. Routers running vulnerable JUNOS
software are susceptible regardless of the router's configuration. It is
not
possible to use firewall filters to protect vulnerable routers. This
vulnerability is specific to Juniper Networks routers running JUNOS
software
releases built prior to January 7, 2005. Routers that do not run JUNOS
software are not susceptible to this vulnerability. Juniper Networks is
not
aware of any actual or attempted exploit of this vulnerability.
Solution: JUNOS software has been modified to address this
vulnerability.
All versions of JUNOS software built on or after January 22, 2005
contain
the modified code. Software built between January 7 and January 22 may
contain the modified code, depending on the specific JUNOS release.
Solution Implementation: All customers are strongly encouraged to
upgrade
their software to a release that contains the modified code. Pointers to
software releases that contain the corrected code can be found in the
Related Links section below. Customers can also contact the Juniper
Networks
Technical Assistance Center for download information.
RelatedLinks
�� Software Download Links
Attributes
Audience Customer Service
Alert Type Product Support Notification
Risk Level High
Risk Assessment
Both directly-attached and remote attackers can severely disrupt normal
operation of the routing
platform.
Created Date 2005-01-26 05:13:46.0
Last Modified
Date
2005-01-26 05:13:46.0
<< Back
[Search Tips]
Page 1 of 1 Juniper Networks, Inc. - JTAC Technical Bulletins View
27-Jan-05
http://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2005-01-.
..
Disclaimer: This information is shared on best effort basis. I am not
responsible for any error on inaccuracy. Do your own research :D
Cheers
Shek
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
http://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list