Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2005.0081 -- US-CERT VU#409555 Juniper Unknown Denial of Service Vulnerability 27 January 2005 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: all Juniper routers running JUNOS Publisher: US-CERT Operating System: JUNOS 5.x, 6.x, 7.x Impact: Denial of Service Access: Remote/Unauthenticated CVE Names: CAN-2004-0467 Original Bulletin: http://www.kb.cert.org/vuls/id/409555 - --------------------------BEGIN INCLUDED TEXT-------------------- OVERVIEW Juniper routers will become severely disrupted when attacked with specially-crafted network packets of an unknown type. I. DESCRIPTION Juniper routers running JUNOS have a vulnerability in which specially-crafted network packets can cause normal operation of affected routers to be severely disrupted. According to Juniper's security bulletin PSN-2005-01-010: This vulnerability could be exploited either by a directly attached neighboring device or by a remote attacker that can deliver certain packets to the router. Routers running vulnerable JUNOS software are susceptible regardless of the router's configuration. It is not possible to use firewall filters to protect vulnerable routers. This vulnerability is specific to Juniper Networks routers running JUNOS software. Routers that do not run JUNOS software are not susceptible to this vulnerability. ... This problem exists in all releases of JUNOS software built prior to January 7, 2005. US-CERT is aware this issue is known to affect M-series & T-series Juniper routers. II. IMPACT A remote, unauthenticated attacker may cause severe operational disruption to affected Juniper routers. Affected routers will suffer an effective denial of routing service when this vulnerability is exploited. III. SOLUTION Please see the vendor statement with relevant patches. Users registered at Juniper's support site should visit https://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2005-01-009&actionBtn=Search According to Juniper, it is not possible to use network filters to protect vulnerable routers. Vulnerable routers must be updated in order to effectively mitigate this vulnerability. CREDIT Juniper has thanked Qwest Communication Software Certification team for bringing this issue to their attention. This document was written by Jeff S Havrilla. - ------------------------------------------------------------------------------- Juniper Networks Information for VU#409555 ========================================== Bulletin Number: PSN-2005-01-010 Title: Security Vulnerability in JUNOS Software (CERT/CC VU#409555) Products Affected: All Juniper routers running JUNOS Software Platforms Affected: JUNOS 5.x, JUNOS 6.x, JUNOS 7.x, Security Issue: Juniper Networks has identified a serious security issue within our JUNOS Software. This vulnerability could be exploited either by a directly attached neighboring device or by a remote attacker that can deliver certain packets to the router. Routers running vulnerable JUNOS software are susceptible regardless of the router's configuration. It is not possible to use firewall filters to protect vulnerable routers. This vulnerability is specific to Juniper Networks routers running JUNOS software. Routers that do not run JUNOS software are not susceptible to this vulnerability. Juniper Networks is not aware of any actual or attempted exploit of this vulnerability. This problem exists in all releases of JUNOS software built prior to January 7, 2005. Juniper Networks would like to thank Qwest Communications and their Software Certification team for bringing this issue to our attention. Solution: JUNOS software has been modified to address this vulnerability. All versions of JUNOS software built on or after January 22, 2005 contain the modified code. Software built between January 7 and January 22 may contain the modified code, depending on the specific JUNOS release. Solution Implementation: All customers are strongly encouraged to upgrade their software to a release that contains the modified code. Pointers to software releases that contain the corrected code can be found in the Related Links section below. Customers can also contact Juniper Network's Technical Assistance Center for download information. Risk Level: High Risk Assessment: Both directly-attached and remote attackers can severely disrupt normal operation of the routing platform. CERT Addendum: Related Links (available to registered Juniper customers only): Juniper Security Bulletin PSN-2005-01-010 Title: Security Vulnerability in JUNOS Software (CERT/CC VU#409555) https://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2005-01-010&actionBtn=Search Software Upgrade Roadmap https://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2005-01-009&actionBtn=Search US-CERT is tracking this issue as VU#409555. CERT/CC has been notified by Juniper that they are tracking this issue internally under PR/8245. Please contact the Juniper Technical Assistance Center (JTAC) for more information: http://www.juniper.net/support/requesting-support.html mailto:support@juniper.net +1-888-314-JTAC (within the United States, Canada, or Mexico) +1-408-745-9500 (from other countries) - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBQfhDryh9+71yA2DNAQJb9wQAliVqFoQO0JLWrGr56nfeutGZpbSV7kRo EBStyRPMabM1sBU6dEEvuh50Y/Y3uFC1wDU5p85HyV200PXsZXyCD2Cp3XBfzic5 cO2y2+KJDf+UAVsDg2In7kHGuC/ajNAU8PMQvFg5iTsHlBGLhxGrJWSPgb+vqjpM 4pFOM//ngOI= =aVzx -----END PGP SIGNATURE-----