Information Security News mailing list archives
Easily spoofed traffic can crash routers, Juniper warns
From: InfoSec News <alerts () infosecnews org>
Date: Fri, 8 Jan 2010 04:47:48 -0600 (CST)
http://www.theregister.co.uk/2010/01/07/juniper_critical_router_bug/ By Dan Goodin in San Francisco The Register 7th January 2010 Juniper Networks is warning customers of a critical flaw in its gateway routers that allows attackers to crash the devices by sending them small amounts of easily-spoofed traffic. In an advisory sent Wednesday afternoon, the networking company said a variety of devices could be forced to reboot by sending them internet packets with maliciously formed TCP options. The flaw affects versions 3 through 10 of Junos, the operating system that powers devices at ISPs, backbones, and other large networks. Software releases built on or after January 28, 2009 have already fixed the issue. "The Junos kernel will crash (i.e. core) when a specifically crafted TCP option is received on a listening TCP port," the bulletin, which was issued by Juniper's technical assistance center, stated. "The packet cannot be filtered with Junos's firewall filter. A router receiving this specific TCP packet will crash and reboot." There are "no totally effective workarounds," the bulletin added. [...] ________________________________________ Did a friend send you this? From now on, be the first to find out! Subscribe to InfoSec News http://www.infosecnews.org
Current thread:
- Easily spoofed traffic can crash routers, Juniper warns InfoSec News (Jan 08)