VERY serious Juniper router vulnerability

Author	All Replies
Steve I'm a PC, so shut up Consultant join:2001-03-10 Yorba Linda, CA 2 edits	VERY serious Juniper router vulnerability It seems that Juniper - who makes high-end, carrier-class routers - has identified a very serious DoS issue in their software, and though I don't know the details, I have it on good authority that the big ISPs are in a frantic rush right now to do emergency upgrades on their equipment. Those who have access to the Juniper customer-support site (requires an account) can view the advisory (but no tech details), and the US-CERT advisory here. If you have a Juniper, run, do not walk, to address this. -- Stephen J. Friedl • Unix Wizard • Microsoft Security MVP • Tustin, California USA • my web site
	to forum · permalink · · 2005-01-26 19:26:05 ·
BeesTea Network Janitor Premium,VIP join:2003-03-08 00000	I'll second that recommendation. -BeesT
	to forum · permalink · · 2005-01-26 19:44:39 ·
nonymous join:2003-09-08 Glendale, AZ	reply to Steve "Routers running vulnerable JUNOS software are susceptible regardless of the router's configuration. It is not possible to use firewall filters to protect vulnerable routers. This vulnerability is specific to Juniper Networks routers running JUNOS software. Routers that do not run JUNOS software are not susceptible to this vulnerability. ..." not very encouraging wording.
	to forum · permalink · · 2005-01-26 21:28:55 ·
TakeTheFifth join:2004-04-20 Anjou, QC	reply to Steve Well, CISCO might charge an arm and a leg for support, but since Juniper goes for all the limbs, they'd better fix this in a hurry
	to forum · permalink · · 2005-01-26 21:39:16 ·
B Premium,MVM join:2000-10-28	Credit Juniper has thanked Qwest Communication Software Certification team for bringing this issue to their attention. I just love it when people do good work. There's one lonely geek over at Qwest who deserves a big fat raise. -- B -- In a realm outside causality and function
	to forum · permalink · · 2005-01-26 22:06:37 ·
Daniel Premium,MVM join:2000-06-26 Pleasanton, CA clubs: 1 edit	reply to Steve said by Steve : It seems that Juniper - who makes high-end, carrier-class routers - has identified a very serious DoS issue in their software, and though I don't know the details, I have it on good authority that the big ISPs are in a frantic rush right now to do emergency upgrades on their equipment. In other news, a whole lot of Cisco sales reps are very happy right now, and are working on how to incorporate this into casual conversation over lunch with clients. -- grep understanding knowledge
	to forum · permalink · · 2005-01-27 00:03:55 ·
3Ciscos @fuse.net	Cisco released three advisories today on MPLS, BGP and IPv6 IOS routers. All DOS. So I somehow doubt their sales reps will be dancing on tables. Open mouth, remove foot.
	to forum · permalink · · 2005-01-27 02:26:42 ·
Steve I'm a PC, so shut up Consultant join:2001-03-10 Yorba Linda, CA	reply to Steve You gotta imagine that somebody is reverse engineering the patch to find out what the vulnerability is - anybody taking bets on vuln-details-to-exploit time? Steve -- Stephen J. Friedl • Unix Wizard • Microsoft Security MVP • Tustin, California USA • my web site
	to forum · permalink · · 2005-01-27 12:57:02 ·
Daniel Premium,MVM join:2000-06-26 Pleasanton, CA clubs:	said by Steve : You gotta imagine that somebody is reverse engineering the patch to find out what the vulnerability is - anybody taking bets on vuln-details-to-exploit time? 5 days. -- grep understanding knowledge
	to forum · permalink · · 2005-01-27 13:08:29 ·
Steve I'm a PC, so shut up Consultant join:2001-03-10 Yorba Linda, CA	said by Daniel : 5 days. I think it's going to be a lot less than that. "Crafting a raw IP packet" is really not that difficult. Time will tell... Steve -- Stephen J. Friedl • Unix Wizard • Microsoft Security MVP • Tustin, California USA • my web site
	to forum · permalink · · 2005-01-27 13:12:09 ·
Daniel Premium,MVM join:2000-06-26 Pleasanton, CA clubs:	reply to 3Ciscos said by 3Ciscos: Cisco released three advisories today on MPLS, BGP and IPv6 IOS routers. All DOS. So I somehow doubt their sales reps will be dancing on tables. Open mouth, remove foot. Doh! -- grep understanding knowledge
	to forum · permalink · · 2005-01-27 13:19:01 ·
jdir join:2001-05-04 Santa Clara, CA	reply to Steve Yeah - just use NET sniffer tool, you can send raw IP packet anyway you want
	to forum · permalink · · 2005-01-28 03:30:49 ·
novaflare The Dragon Was Here Premium join:2002-01-24 Barberton, OH	reply to Steve No account with them but curious. Is this just a dos attack meaning the router goes boom and reboots? Or is this dos attack crash router router reboot to some default setting where a hacker/script kiddie can take over the router thorugh another vunrability? Some time ago with the no infamous 9.99 door routers one of their frmwares allowed a remote attacker to dos the router causeing it to reboot and factory defaults to be restored. Once restored to factory defaults remote admin was enabled and the admin username and pass word defaulted to admin un admin pw. Essentialy giveing the attacker full control over the host network. Basicall you could take over 2 computers at a atime gaining full access to them. DMZ one and forward a expploitable port or 3 to another comp on the network. Obviously this is a very serious isue no matter what far more serious than the cheapo router one. -- new 3d chat comunity at »planetvirtuel.com my site »spellbound.valshea.com/news.php
	to forum · permalink · · 2005-01-28 10:32:25 ·
Cudni La Merma - Vigilado Premium,MVM join:2003-12-20 Someshire	reply to Steve from »www.techworld.com/security/news/···sID=3053 ".. Juniper has been understandably coy about the precise form that an attack would take. In its website advisory, which can only be seen by registered customers, it offered the following crumb. "This vulnerability could be exploited either by a directly attached neighboring device or by a remote attacker that can deliver certain packets to the router," from which it is clear that the vulnerability involves an attacker interfering with packet form and order so as to bring routing to a halt. The fact that the problem is rated as moderate by independent sources, as well as Juniper, suggests that an exploit is possible but tricky. .." Cudni -- Whether you think that you can, or that you can't, you are usually right. Help yourself so God can help you..it does exactly what it says on the sig
	to forum · permalink · · 2005-02-01 17:25:20 ·
foo2 @stsn.com	reply to novaflare Saying "just a dos attack" you obviously don't understand how critical some routers can be. In some cases, availability is paramount.
	to forum · permalink · 2005-02-01 19:33:24 ·
foo2 @stsn.com	reply to Cudni You should RTFA on the juniper site -- it is rated as HIGH risk. ...from the juniper announcement: Risk Level High Risk Assessment Both directly-attached and remote attackers can severely disrupt normal operation of the routing platform.
	to forum · permalink · 2005-02-01 19:56:57 ·


Thursday, 26-Nov 16:51:01	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com.republican-creole page compression OFF