FW: [SPAM] - [mvpsectalk] RE: VERY serious Juniper router issue - Email found in subject

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Thu, 3 Feb 2005 23:35:33 -0600

Only "hardware" is secure :) 

> Hello all,
> 
> Those who have Juniper routers should know there is a VERY serious 
> vulnerability that Juniper has issued a patch for. I'm reliably told 
> that it's VERY serious and that last Friday the Tier 1 providers were 
> in a frantic race to get the patch installed. They were willing do 
> down parts of the internet backbone *in the middle of the day* because

> of this.
> 
>       http://www.kb.cert.org/vuls/id/409555
> 
> My reliable source tells me:
> 
>       "only a few people at Juniper, DHS, DOE, and an unmentionable
ISP
>        know the whole details"
> and
>       "the engineer we spoke to said when the advisory comes out,
which is
>       very soon, they expect a 30 minute turn-around for an exploit"
> 
> If you have a valid login on the Juniper support site, you can get 
> info on the patch (but not the vuln itself):
> 
>       http://tinyurl.com/4h9fo
> 
>       PSN Issue : Juniper Networks has identified a serious security
>       vulnerability within our JUNOS Software.
> 
>       This vulnerability could be exploited either by a directly-
>       attached neighboring device or by a remote attacker that
>       can deliver certain packets to the router. Routers running
>       vulnerable JUNOS software are susceptible regardless of the
>       router's configuration. It is not possible to use firewall
>       filters to protect vulnerable routers.
> 
>       This vulnerability is specific to Juniper Networks routers
running
>       JUNOS software releases built prior to January 6, 2005. Routers
>       that do not run JUNOS software are not susceptible to this
>       vulnerability. Juniper Networks is not aware of any actual or
>       attempted exploit of this vulnerability.
> 
>       Solution: JUNOS software has been modified to address this
>       vulnerability. All versions of JUNOS software built on or after
>       January 22, 2005 contain the modified code. Software built
>       between January 6 and January 22 may contain the modified code,
>       depending on the specific JUNOS release.
> 
>       Solution Implementation: All customers are strongly encouraged
to
>       upgrade their software to a release that contains the modified
>       code. Pointers to software releases that contain the corrected
>       code can be found in the Related Links section below. Customers
>       can also contact the Juniper Networks Technical Assistance
Center
>       for download information.
> 
> If you have Junipers, run, do not walk, to get this addressed.
> 
> Pass this on.

Other related posts:

• » FW: [SPAM] - [mvpsectalk] RE: VERY serious Juniper router issue - Email found in subject

1. Home
2. isalist
3. Archive
4. 02-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---