[j-nsp] JUNOS vulnerability with malformed TCP packets

Andree Toonk andree at toonk.nl
Tue Jan 12 14:47:32 EST 2010


Hi,

.-- My secret spy satellite informs me that at 1/12/10 9:22 AM  Jonas 
Frey wrote:

> However 7.4 seems to be not vulnerable. Atleast the version i have here
> (7.4I20071211_1225_pgoyette) is not affected. Therefor i guess
> everything below this (atleast) is not vulnerable...that would explain
> why juniper had 6.x removed from the advisory on vulnerable releases.
> (But 7.x is still listed...).

I can confirm that. I Just tried it in our lab using a M10 running 
7.2R4.2 and that versions does not seem to be affected either.
The same box running 7.6R3.6 is affected (i.e. crashed).

> One more thing: I was able to firewall this on all releases. So ACL's do
> work for some extend. Also you need an open port for this to work (BGP
> etc). 

Yes, same here.
Also see video here: http://www.toonk.nl/blog/?p=522

Cheers,
  Andree



More information about the juniper-nsp mailing list