Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > January 2005 > Security Vulnerability in JUNOS Software (CERT/CC VU#409555)

January 2005

Security Vulnerability in JUNOS Software (CERT/CC VU#409555)

ID: 00067
Ref: 05/2005
Date: 26 January 2005:16:19:19
Version: 1
Title: Security Vulnerability in JUNOS Software (CERT/CC VU#409555)
Abstract:
Vendors affected: Juniper
Operating systems affected: Juniper
Applications affected: Juniper
VU#409555 - Juniper unknown denial of service vulnerability

CVE: CAN-2004-0467

KEYWORDS:
Juniper
Unknown
denial of service
DoD

OVERVIEW

Juniper routers will become severely disrupted when attacked with specially-crafted network packets of an unknown type.

DESCRIPTION

Juniper routers running JUNOS have a vulnerability in which specially-crafted network packets can cause normal operation of affected routers to be severely disrupted.

According to Juniper's security bulletin PSN-2005-01-010:

This vulnerability could be exploited either by a directly attached
neighboring device or by a remote attacker that can deliver certain
packets to the router. Routers running vulnerable JUNOS software
are susceptible regardless of the router's configuration. It is
not possible to use firewall filters to protect vulnerable routers.

This vulnerability is specific to Juniper Networks routers running
JUNOS software. Routers that do not run JUNOS software are not
susceptible to this vulnerability. ...

This problem exists in all releases of JUNOS software built prior
to January 7, 2005.



US-CERT is aware this issue is known to affect M-series & T-series Juniper routers.

IMPACT

A remote, unauthenticated attacker may cause severe operational disruption to affected Juniper routers. Affected routers will suffer an effective denial of routing service when this vulnerability is exploited.

SOLUTION

Please see the vendor statement with relevant patches. Users registered at Juniper's support site should visit https://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2005-0
1-009&actionBtn=Search

According to Juniper, it is not possible to use network filters to protect vulnerable routers. Vulnerable routers must be updated in order to effectively mitigate this vulnerability.

VENDORS

Name: Juniper Networks
Status: Vulnerable
Date Notified: 1/26/2005
Statement:
Bulletin Number: PSN-2005-01-010

Title: Security Vulnerability in JUNOS Software (CERT/CC VU#409555)

Products Affected: All Juniper routers running JUNOS Software

Platforms Affected: JUNOS 5.x, JUNOS 6.x, JUNOS 7.x, Security

Issue:
Juniper Networks has identified a serious security issue within
our JUNOS Software.

This vulnerability could be exploited either by a directly attached
neighboring device or by a remote attacker that can deliver certain
packets to the router. Routers running vulnerable JUNOS software
are susceptible regardless of the router's configuration. It is
not possible to use firewall filters to protect vulnerable routers.

This vulnerability is specific to Juniper Networks routers running
JUNOS software. Routers that do not run JUNOS software are not
susceptible to this vulnerability. Juniper Networks is not aware
of any actual or attempted exploit of this vulnerability.

This problem exists in all releases of JUNOS software built prior
to January 7, 2005. Juniper Networks would like to thank Qwest
Communications and their Software Certification team for bringing
this issue to our attention.


Solution:
JUNOS software has been modified to address this vulnerability.
All versions of JUNOS software built on or after January 22, 2005
contain the modified code. Software built between January 7 and
January 22 may contain the modified code, depending on the
specific JUNOS release.

Solution Implementation:
All customers are strongly encouraged to upgrade their software to
a release that contains the modified code. Pointers to software
releases that contain the corrected code can be found in the Related
Links section below. Customers can also contact Juniper Network's
Technical Assistance Center for download information.

Risk Level: High

Risk Assessment:
Both directly-attached and remote attackers can severely disrupt
normal operation of the routing platform.


CERT Addendum:

Related Links (available to registered Juniper customers only):

Juniper Security Bulletin PSN-2005-01-010

Title: Security Vulnerability in JUNOS Software (CERT/CC VU#409555)

https://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2005-0
1-010&actionBtn=Search

Software Upgrade Roadmap

https://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2005-0
1-009&actionBtn=Search


US-CERT is tracking this issue as VU#409555. CERT/CC has been notified by Juniper that they are tracking this issue internally under PR/8245. Please contact the Juniper Technical Assistance Center
(JTAC) for more information:

http://www.juniper.net/support/requesting-support.html
mailto:support@juniper.net
+1-888-314-JTAC (within the United States, Canada, or Mexico)
+1-408-745-9500 (from other countries)

REFERENCES



CREDIT

Juniper has thanked Qwest Communication Software Certification team for bringing this issue to their attention.

This document was written by Jeff S Havrilla.
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |