[nsp-sec] vendor-flaw: for all the freebsd users out there

[Paul Goyette]

> I sent a directed response to Chris yesterday...  
> 
> > Juniper has substantially modified this code, so the FreeBSD patch
> > is not relevant.
> > 
> > Our engineering folks are checking to see if we have some similar
> > issue.
> 
> Here's an update...
> 
> Our engineering folks have examined the JUNOS code, and our initial
> assessment is that we have something that needs to be fixed.  :(
> 
> We're working on developing the fix and on determining the delivery
> mechanism(s) that will be used.
> 
> While we may update folks on this forum, affected customers should
> use normal support processes (ie, "open a case") to get plugged in
> to the formal communication channels.

And another update...

We've had some more eyes looking into this (eyes that are more
familiar with the code path in question), and we now think that
JUNOS is not vulnerable.  We have people setting up a lab so we
can verify (Yay or Nay) with real-world analysis rather than
static code-review.  We'll keep you all posted.