SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Router/Bridge/Hub)  >   Juniper Junos Vendors:   Juniper
Juniper JUNOS/JUNOSe IKE Processing Lets Remote Users Deny Service
SecurityTracker Alert ID:  1015203
SecurityTracker URL:  http://securitytracker.com/id/1015203
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Nov 14 2005
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Juniper's JUNOS and JUNOSe in the processing of IPSec Internet Key Exchange (IKE) packets. A remote user can cause denial of service conditions.

The University of Oulu Secure Programming Group (OUSPG) "PROTOS" Test Suite for IPSec can be used to cause denial of service conditions on Juniper routers.

A remote user can send certain specially crafted ISAKMP Phase 1 packets to cause denial of service conditions. The specific impact was not disclosed.

Juniper JUNOS and JUNOSe are affected.

Juniper has assigned issue number CQ/68020 for JUNOSe and issue numbers PR/61076 and PR/61779 for JUNOS to these vulnerabilities.

The original advisory from CERT-FI and NISCC is available at:

http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en

Impact:   A remote user can cause denial of service conditions.
Solution:   The vendor has issued fixed versions for JUNOSe software: 5-2-4p0-8, 5-2-5, 5-3-4p0-5, 6-0-2p0-5, 6-0-3, 6-1-1p0-7, 6-1-2, 7-0-0p0-1, 7-0-1, 7-1-0.

The vendor has issued a fixed version for JUNOS software: Releases 6.4 and later releases built on or after July 28, 2005.

[Editor's note: The vendor has or plans to issue bulletin PSN-2005-11-007 regarding this vulnerability. However, the bulletin was not available on the vendor's web site at the time of this entry.

Vendor URL:  www.juniper.net/ (Links to External Site)
Cause:   Exception handling error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC