JUNOS (Juniper) Flaw Exposes Core Routers to Kernel Crash

Number: AV10-002
Date: 08 January 2010

Purpose

The purpose of this advisory is to bring attention to a vulnerability which affects JUNOS (Juniper).

Assessment

Crafted packets containing malformed TCP header options can be sent by remote attackers which may crash Juniper kernels or cause JUNOS devices to reboot. JUNOS firewalls are unable to filter the malformed data.

CCIRC is not aware of any reports indicating that this vulnerability is being exploited, or that exploit code is available in the wild.

The vendor does not release vulnerability news publicly, but their advisory and updates are available to Juniper customers.

Affected versions include:
JUNOS 9.x
JUNOS 7.x
JUNOS 8.x

Devices with JUNOS later than 1/28/09 already have the fix.

Suggested Action

CCIRC recommends that administrators identify affected products, then test and apply patches or workaround as appropriate.

References:

http://securitytracker.com/alerts/2010/Jan/1023417.html
http://praetorianprefect.com/archives/2010/01/junos-juniper-flaw-exposes-core-routers-to-kernal-crash/
http://www.juniper.net/

Note to Readers

The Canadian Cyber Incident Response Centre (CCIRC) provides a focal point for Canada's cyber threat and vulnerability warning, analysis and response. CCIRC is responsible for assuring the resilience of national critical infrastructure through monitoring threats and coordinating a federal response to cyber security incidents of national interest. CCIRC operates in conjunction with the Government Operations Centre (GOC) within Public Safety Canada and is a key component of the government's all-hazards approach to emergency management and national security.

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589
E-mail: communications@ps-sp.gc.ca