[j-nsp] JUNOS vulnerability with malformed TCP packets
jf at probe-networks.de
Tue Jan 12 12:22:05 EST 2010
i have tried exploiting this on various junos version (8.2, 8.5, 9.2),
all of them crashed immediatly at tcp_input() and rebooted after dumping
However 7.4 seems to be not vulnerable. Atleast the version i have here
(7.4I20071211_1225_pgoyette) is not affected. Therefor i guess
everything below this (atleast) is not vulnerable...that would explain
why juniper had 6.x removed from the advisory on vulnerable releases.
(But 7.x is still listed...).
I still have 6.x somewhere...if anyone is interessted i can try this on
a spare unit.
One more thing: I was able to firewall this on all releases. So ACL's do
work for some extend. Also you need an open port for this to work (BGP
On Fri, 2010-01-08 at 17:41, Florian Weimer wrote:
> * Barry Greene:
> > The information is in the security advisory.
> Are the PSNs the security advisory you are referring to?
> I didn't see a security advisory as such, and I'm wondering if I'm
> missing anything.
More information about the juniper-nsp