Date: 27 January 2005
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2005.0081 -- US-CERT VU#409555
Juniper Unknown Denial of Service Vulnerability
27 January 2005
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: all Juniper routers running JUNOS
Publisher: US-CERT
Operating System: JUNOS 5.x, 6.x, 7.x
Impact: Denial of Service
Access: Remote/Unauthenticated
CVE Names: CAN-2004-0467
Original Bulletin: http://www.kb.cert.org/vuls/id/409555
- --------------------------BEGIN INCLUDED TEXT--------------------
OVERVIEW
Juniper routers will become severely disrupted when attacked with
specially-crafted network packets of an unknown type.
I. DESCRIPTION
Juniper routers running JUNOS have a vulnerability in which specially-crafted
network packets can cause normal operation of affected routers to be severely
disrupted.
According to Juniper's security bulletin PSN-2005-01-010:
This vulnerability could be exploited either by a directly attached
neighboring device or by a remote attacker that can deliver certain
packets to the router. Routers running vulnerable JUNOS software
are susceptible regardless of the router's configuration. It is
not possible to use firewall filters to protect vulnerable routers.
This vulnerability is specific to Juniper Networks routers running
JUNOS software. Routers that do not run JUNOS software are not
susceptible to this vulnerability. ...
This problem exists in all releases of JUNOS software built prior
to January 7, 2005.
US-CERT is aware this issue is known to affect M-series & T-series Juniper
routers.
II. IMPACT
A remote, unauthenticated attacker may cause severe operational disruption
to affected Juniper routers. Affected routers will suffer an effective denial
of routing service when this vulnerability is exploited.
III. SOLUTION
Please see the vendor statement with relevant patches. Users registered at
Juniper's support site should visit
https://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2005-01-009&actionBtn=Search
According to Juniper, it is not possible to use network filters to protect
vulnerable routers. Vulnerable routers must be updated in order to effectively
mitigate this vulnerability.
CREDIT
Juniper has thanked Qwest Communication Software Certification team for
bringing this issue to their attention.
This document was written by Jeff S Havrilla.
- -------------------------------------------------------------------------------
Juniper Networks Information for VU#409555
==========================================
Bulletin Number: PSN-2005-01-010
Title: Security Vulnerability in JUNOS Software (CERT/CC VU#409555)
Products Affected: All Juniper routers running JUNOS Software
Platforms Affected: JUNOS 5.x, JUNOS 6.x, JUNOS 7.x, Security
Issue:
Juniper Networks has identified a serious security issue within
our JUNOS Software.
This vulnerability could be exploited either by a directly attached
neighboring device or by a remote attacker that can deliver certain
packets to the router. Routers running vulnerable JUNOS software
are susceptible regardless of the router's configuration. It is
not possible to use firewall filters to protect vulnerable routers.
This vulnerability is specific to Juniper Networks routers running
JUNOS software. Routers that do not run JUNOS software are not
susceptible to this vulnerability. Juniper Networks is not aware
of any actual or attempted exploit of this vulnerability.
This problem exists in all releases of JUNOS software built prior
to January 7, 2005. Juniper Networks would like to thank Qwest
Communications and their Software Certification team for bringing
this issue to our attention.
Solution:
JUNOS software has been modified to address this vulnerability.
All versions of JUNOS software built on or after January 22, 2005
contain the modified code. Software built between January 7 and
January 22 may contain the modified code, depending on the
specific JUNOS release.
Solution Implementation:
All customers are strongly encouraged to upgrade their software to
a release that contains the modified code. Pointers to software
releases that contain the corrected code can be found in the Related
Links section below. Customers can also contact Juniper Network's
Technical Assistance Center for download information.
Risk Level: High
Risk Assessment:
Both directly-attached and remote attackers can severely disrupt
normal operation of the routing platform.
CERT Addendum:
Related Links (available to registered Juniper customers only):
Juniper Security Bulletin PSN-2005-01-010
Title: Security Vulnerability in JUNOS Software (CERT/CC VU#409555)
https://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2005-01-010&actionBtn=Search
Software Upgrade Roadmap
https://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2005-01-009&actionBtn=Search
US-CERT is tracking this issue as VU#409555. CERT/CC has been notified by
Juniper that they are tracking this issue internally under PR/8245. Please
contact the Juniper Technical Assistance Center (JTAC) for more information:
http://www.juniper.net/support/requesting-support.html
mailto:support@juniper.net
+1-888-314-JTAC (within the United States, Canada, or Mexico)
+1-408-745-9500 (from other countries)
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBQfhDryh9+71yA2DNAQJb9wQAliVqFoQO0JLWrGr56nfeutGZpbSV7kRo
EBStyRPMabM1sBU6dEEvuh50Y/Y3uFC1wDU5p85HyV200PXsZXyCD2Cp3XBfzic5
cO2y2+KJDf+UAVsDg2In7kHGuC/ajNAU8PMQvFg5iTsHlBGLhxGrJWSPgb+vqjpM
4pFOM//ngOI=
=aVzx
-----END PGP SIGNATURE-----
|