Only "hardware" is secure :) > Hello all, > > Those who have Juniper routers should know there is a VERY serious > vulnerability that Juniper has issued a patch for. I'm reliably told > that it's VERY serious and that last Friday the Tier 1 providers were > in a frantic race to get the patch installed. They were willing do > down parts of the internet backbone *in the middle of the day* because > of this. > > http://www.kb.cert.org/vuls/id/409555 > > My reliable source tells me: > > "only a few people at Juniper, DHS, DOE, and an unmentionable ISP > know the whole details" > and > "the engineer we spoke to said when the advisory comes out, which is > very soon, they expect a 30 minute turn-around for an exploit" > > If you have a valid login on the Juniper support site, you can get > info on the patch (but not the vuln itself): > > http://tinyurl.com/4h9fo > > PSN Issue : Juniper Networks has identified a serious security > vulnerability within our JUNOS Software. > > This vulnerability could be exploited either by a directly- > attached neighboring device or by a remote attacker that > can deliver certain packets to the router. Routers running > vulnerable JUNOS software are susceptible regardless of the > router's configuration. It is not possible to use firewall > filters to protect vulnerable routers. > > This vulnerability is specific to Juniper Networks routers running > JUNOS software releases built prior to January 6, 2005. Routers > that do not run JUNOS software are not susceptible to this > vulnerability. Juniper Networks is not aware of any actual or > attempted exploit of this vulnerability. > > Solution: JUNOS software has been modified to address this > vulnerability. All versions of JUNOS software built on or after > January 22, 2005 contain the modified code. Software built > between January 6 and January 22 may contain the modified code, > depending on the specific JUNOS release. > > Solution Implementation: All customers are strongly encouraged to > upgrade their software to a release that contains the modified > code. Pointers to software releases that contain the corrected > code can be found in the Related Links section below. Customers > can also contact the Juniper Networks Technical Assistance Center > for download information. > > If you have Junipers, run, do not walk, to get this addressed. > > Pass this on.