[j-nsp] 2014-07 Security Bulletin: Junos: Denial of Service in TCP packet processing (CVE-2004-0230)
Richard A Steenbergen
ras at e-gerbil.net
Wed Jul 9 12:40:42 EDT 2014
Hey Juniper,
If you're going to send out a security update on what is literally now a
10 year old issue (god I feel old), you should at least wait until
Throwback Thursday. :)
2014-07 Security Bulletin: Junos: Denial of Service in TCP packet
processing (CVE-2004-0230)
Junos now implements the TCP robustness improvements outlined in Section 4
of RFC 5961. Junos will send an ACK in response to any SYN or RST flag
received, irrespective of the sequence number.
The following software releases have been updated to resolve this specific
issue: Junos OS 11.4R11, 12.1R10, 12.1X44-D35, 12.1X45-D25, 12.1X46-D20,
12.1X47-D10, 12.2R8, 12.3R6, 13.1R4, 13.2R4, 13.3R2, 14.1R1, and all
subsequent releases (i.e. all releases built after 14.1R1).
--
Richard A Steenbergen <ras at e-gerbil.net> http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
More information about the juniper-nsp
mailing list