[j-nsp] JUNOS vulnerability with malformed TCP packets

harbor235 harbor235 at gmail.com
Thu Jan 7 14:10:11 EST 2010


Any code released after 1/28/09 has this issue fixed ...

mike

On Thu, Jan 7, 2010 at 1:18 PM, Brad Fleming <bdfleming at kanren.net> wrote:

> I think it depends how the vulnerability is discovered. If its discovered
> by groups that are likely to exploit the issue, I'd prefer Juniper tell me
> NOW. If it is discovered internally by Juniper technicians (or in a trusted
> customer lab), I'm OK with Juniper fixing the issue and releasing details 6
> months later.
>
> I suppose severity of the exploit is another sliding metric for whether I
> want to know immediately or not.
>
> -brad
>
>
> On Jan 7, 2010, at 11:44 AM, Darrell Root wrote:
>
>
>> Anyone know why some issues identified as early as January 2009 are only
>>> being "released" now almost a year later?  Just curious on some of these
>>> security alerts and timeframe...
>>>
>>
>> If Juniper finds a security DDOS vulnerability, and it's not general
>> knowledge,
>> I'd prefer them to integrate the fix into their code without an
>> announcement.  That way,
>> by the time the hackers find out about the vulnerability, the fix may have
>> already been
>> deployed to many of our affected routers.
>>
>> In this case that saved me a crash upgrade project.  By the time it was
>> announced
>> I already had the fixed code on my JunOS boxes.
>>
>> Darrell
>>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>


More information about the juniper-nsp mailing list