Juniper router issue

["Bruhn, Mark S." <mbruhn () INDIANA EDU>]

Some of you who are close to your network engineers (or ARE your network
engineers) may have seen this alert from Juniper.  We've been discussing
their release of this information for a couple of days...

The first item is a general notification that we helped them write, and
the second is the email they sent to their customers.  At the URL they
cite, which requires a login, there is very specific technical detail
about what specifically will crash the routers.

M.

-- 
Mark S. Bruhn, CISSP

Chief IT Security and Policy Officer
Interim Directory, Research and Higher Education Information Sharing and
Analysis Center

Office of the Vice President for Information Technology and CIO
Indiana University
812-855-0326

Incidents involving IU IT resources: it-incident () iu edu
Complaints/kudos about OVPIT/UITS services: itombuds () iu edu

Juniper routers which route IPv6 and are running JUNOS releases built
before
January 6, 2003 are vulnerable to a IPv6 packet with a specific
next-header
value which can crash the router.   The packet contains an unsupported
value in
the next-header field of the IPv6 header which may result in a kernel
crash, 
which will cause the router reboot.  The router still forwards the
packet 
towards its destination which could cause other intermediate routers to
crash.

The Abilene network discovered this problem on February 24th when five
of their
core routers crashed between 12:30 and 13:00 EST.   We are aware of a
provider
in Japan and a provider in Europe who saw the same problem at
approximately the
same time.   This leads us to believe the packet that caused this
incident had
a source and destination in Europe and Asia.  There is no indication
that this
was done intentionally.

Juniper was unaware of this particular bug until it was encountered by
Abilene.
Upon further investigation and testing, Juniper determined a fix put in
place
for a related matter alleviated this issue as well.  This fix is
provided in a 
currently available version of code (either 5.5R3 or 5.6R2) and there is
a
workaround available for prior releases of code.


Date: Thu, 13 Mar 2003 10:48:43 -0800 (PST)
From: pa-admin () juniper net
To: XXXX () iu edu
Subject: New Juniper Technical Bulletin - PSN-2003-03-002

The Juniper Networks Technical Assistance Center (JTAC) announces the
following Technical Bulletin that is available on our Customer Support
Center website.

You will need a valid login ID on www.juniper.net in order to view the
full description.

Technical Bulletin Subject: Incorrect parsing of IPv6 packets may cause
the kernel to panic

Detailed information can be found at the following URL (login required):
http://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2003-03-0
02&actionBtn=Search

If you do not have a valid login ID, you can submit your application at
the following URL:
http://www.juniper.net/gainaccess.htm

NOTE: A Technical Bulletin is a formal notice regarding critical and/or
potentially service-affecting hardware and software product issues. The
Technical Bulletin process allows the proactive communication of
pertinent information to both customers and partners.

For further information, please contact the Juniper Technical Assistance
Center(JTAC) by e-mail at support () juniper net, or by phone:

(888) 314-JTAC (within the US)
+1 408-745-2121 (outside the US)

If you have any questions about the review or its process, please email
mailto:pa-admin () juniper net.

If you would like to Edit your Alert Preferences and/or Unsubscribe
yourself from this mailing list please go to the below URL:
http://www.juniper.net/alerts/subscribe.jsp?actionBtn=Modify



**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/memdir/cg/.