Juniper JUNOS Unspecified Packet Processing Error Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1013039 |
|
SecurityTracker URL: http://securitytracker.com/id/1013039
|
|
CVE Reference:
CAN-2004-0467
(Links to External Site)
|
Date: Jan 30 2005
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): JUNOS 5.x, JUNOS 6.x, JUNOS 7.x
|
Description:
A vulnerability was reported in Juniper's JUNOS router software. A remote user can cause denial of service conditions.
A remote user can send specially crafted packets to the target device to disrupt normal router operations.
The vendor characterizes the flaw as 'serious' and indicates that firewall filters cannot protect a vulnerable device.
A versions built prior to January 7, 2005 are affected and some versions built prior to January 22, 2005 are affected.
The vendor credits Qwest Communications with reporting this flaw.
|
Impact:
A remote user can disrupt normal router operations.
|
Solution:
The vendor has released fixed versions, described at:
https://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2005-01-010&actionBtn=Search
All versions of JUNOS software built on or after January 22, 2005 include the fix.
|
Vendor URL: www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2005-01-010&actionBtn=Search (Links to External Site)
|
Cause:
Not specified
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Sun, 30 Jan 2005 17:19:43 -0500
Subject: [none]
|
Bulletin Number: PSN-2005-01-010
Title: Security Vulnerability in JUNOS Software (CERT/CC VU#409555)
Products Affected: All Juniper routers running JUNOS Software
Platforms Affected: JUNOS 5.x, JUNOS 6.x, JUNOS 7.x, Security
Issue:
Juniper Networks has identified a serious security issue within
our JUNOS Software.
This vulnerability could be exploited either by a directly attached
neighboring device or by a remote attacker that can deliver certain
packets to the router. Routers running vulnerable JUNOS software
are susceptible regardless of the router's configuration. It is
not possible to use firewall filters to protect vulnerable routers.
This vulnerability is specific to Juniper Networks routers running
JUNOS software. Routers that do not run JUNOS software are not
susceptible to this vulnerability. Juniper Networks is not aware
of any actual or attempted exploit of this vulnerability.
This problem exists in all releases of JUNOS software built prior
to January 7, 2005. Juniper Networks would like to thank Qwest
Communications and their Software Certification team for bringing
this issue to our attention.
Solution:
JUNOS software has been modified to address this vulnerability.
All versions of JUNOS software built on or after January 22, 2005
contain the modified code. Software built between January 7 and
January 22 may contain the modified code, depending on the
specific JUNOS release.
Solution Implementation:
All customers are strongly encouraged to upgrade their software to
a release that contains the modified code. Pointers to software
releases that contain the corrected code can be found in the Related
Links section below. Customers can also contact Juniper Network's
Technical Assistance Center for download information.
Risk Level: High
Risk Assessment:
Both directly-attached and remote attackers can severely disrupt
normal operation of the routing platform.
Juniper Security Bulletin PSN-2005-01-010
Title: Security Vulnerability in JUNOS Software (CERT/CC VU#409555)
https://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2005-01-010&actionBtn=Search
|
|
