[j-nsp] 2014-07 Security Bulletin: Junos: Denial of Service in TCP packet processing (CVE-2004-0230)

Richard A Steenbergen ras at e-gerbil.net
Wed Jul 9 12:40:42 EDT 2014


Hey Juniper,

If you're going to send out a security update on what is literally now a 
10 year old issue (god I feel old), you should at least wait until 
Throwback Thursday. :)

2014-07 Security Bulletin: Junos: Denial of Service in TCP packet 
processing (CVE-2004-0230)

Junos now implements the TCP robustness improvements outlined in Section 4 
of RFC 5961. Junos will send an ACK in response to any SYN or RST flag 
received, irrespective of the sequence number.

The following software releases have been updated to resolve this specific 
issue: Junos OS 11.4R11, 12.1R10, 12.1X44-D35, 12.1X45-D25, 12.1X46-D20, 
12.1X47-D10, 12.2R8, 12.3R6, 13.1R4, 13.2R4, 13.3R2, 14.1R1, and all 
subsequent releases (i.e. all releases built after 14.1R1).


-- 
Richard A Steenbergen <ras at e-gerbil.net>       http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)


More information about the juniper-nsp mailing list