[nsp-sec] Juniper Security Advisories - please check if you are a customer and not received E-mails

[Smith, Donald]

Someone posted a poc.
I can't tell for sure since I don't see the packets but the logic appears correct.

http://ptresearch.blogspot.com/2010/01/juniper-junos-remote-kernel-crash-flaw.html


Has anyone seen any major issues with upgrading to the fixed versions of code in their network?
We (qwest) tested 9.4r3 and found no major problems with it (it passed our testing with no show stoppers).


(coffee != sleep) & (!coffee == sleep)
Donald.Smith at qwest.com gcia

> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net
> [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of
> Barry Raveendran Greene
> Sent: Wednesday, January 06, 2010 5:45 PM
> To: nsp-security at puck.nether.net
> Subject: [nsp-sec] Juniper Security Advisories - please check
> if you are a customer and not received E-mails
>
> ----------- nsp-security Confidential --------
>
> [Sent from my senki.org account.]
>
> Juniper posted today seven security advisories to our
> customers.  These are
> all scheduled security advisories as part of a monthly
> schedule (similar to
> Microsoft's Patch Tuesday).  All have fixed code available
> and feasible
> workarounds which can be used and deployed immediately by our
> customers.
> Because of Juniper's "Entitled Disclosure Policy," only our
> customers and
> partners are allowed access to the details of the Security Advisory.
>
> You can access the Security Advisories via our Tech Bulletins:
> https://www.juniper.net/alerts/
>
> The title of the advisories and PSN numbers are:
>
>     * as-path-prepend and specific length AS_PATH we can
> cause a Juniper to
> send corrupted update packets to eBGP neighbors (PSN-2010-01-622)
>     * Invalid RSVP packet causes RPD process busy loop and
> router becomes
> unresponsive (PSN-2010-01-625)
>     * RPD cores when injected with malformed PIM messages
> (PSN-2010-01-627)
>     * Malformed AS-4 Byte Transitive Attributes Drop BGP Sessions
> (PSN-2010-01-626)
>     * Kernel cores when it receives a crafted TCP option
> (PSN-2010-01-623)
>     * Unauthorized user can obtain root access using cli
> (PSN-2010-01-624)
>     * Sending a Crafted RSVP Path Object Overloads the RPD Process
> (PSN-2010-01-621)
>
> While many of these have high CVSS Base scores, they should
> _NOT_ trigger
> anyone to do any "rapid upgrading." PSN-2010-01-623 is the
> one with the most
> direct impact. That one can have risk reduced with narrowing
> the attack
> surface with good packet filtering and anti-spoofing for all
> the network's
> infrastructure addresses. We know that "rapid upgrading" is
> 100% guaranteed
> to cause collateral damage in a network while the active
> exploitation of
> network vendor vulnerabilities are "iffy." Be paranoid and
> cautions, but
> please don't overreact.
>
> Please ping me if you have any questions,
>
> Barry
>
> Barry Raveendran Greene
> Director, Juniper Security Incident Response Team (SIRT)
>
> Tel (Office): +1 408 936-6887
> Tel (Cell): +1 408 218-4669
> E-mail: bgreene at juniper.net
> !
> Chat Locations:
> AIM: Barry R Greene
> MSN: BarryRGreene
> Yahoo: BarryRGreene
> Skype: barrygreene
> Jabber: barryrgreene at jabber.tisf.net
> MSN: BarryRGreene at hotmail.com
>
> PGP: 0x16BF45F3
>
>
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the
> nsp-security
> community. Confidentiality is essential for effective
> Internet security counter-measures.
> _______________________________________________
>

This communication is the property of Qwest and may contain confidential or
privileged information. Unauthorized use of this communication is strictly
prohibited and may be unlawful.  If you have received this communication
in error, please immediately notify the sender by reply e-mail and destroy
all copies of the communication and any attachments.