Critical vulnerability in all versions of JunOS since 7.6R1
Greetings
Juniper has published PR839412, which describes a vulnerability that exists in all versions of JunOS since 7.6R1. A specially-formed TCP packet directed to the router’s RE (Routing Engine) may crash the kernel. Details about exactly what the TCP packet should be - not provided. Currently there are no known public exploits.
To exploit the vulnerability, there is no need to set up a TCP session; one packet is enough, but this packet must be allowed by filters. That is, if you listen to any TCP service (for example: BGP, SSH) and the attacker knows the IP addresses that are allowed in the filters — in theory, he can form a packet that will result in denial of service to the router.
There are two ways to close a vulnerability:
- Deny access to all TCP services, including BGP.
- Upgrade to the JunOS version in which the vulnerability is closed.
')
Currently, the vulnerability is fixed in the following versions:
9.1R4 9.3R4 9.5R3 9.6R2 9.6R3 9.6R4 10.1R1 10.1R4 10.1R5 10.2R1 10.2R2 10.2R3 10.2R4 10.3R1 10.3R2 10.4R1 10.4R2 10.4R3 10.4R4 10.4R5 10.4R6 10.4R7 10.4R8 10.4R9 10.4R10 10.4R11 10.4R12 10.4R13 11.1R1 11.1R2 11.1R3 11.1R4 11.1R5 11.1R6 11.2R1 11.2R2 11.2R3 11.2R4 11.2R5 11.2R6 11.2R7 11.3R1 11.3R2 11.3R3 11.3R4 11.3R5 11.3R6 11.3R7 11.4R1 11.4R2 11.4R3 11.4R3-S1 11.4R3-S3 11.4R4 11.4R4-S2 11.4R5 11.4R5-S1 11.4R5-S3 11.4R6 11.4R7 12.1R1 12.1R2 12.1R2-S2 12.1R3 12.1R3-S1 12.1R4 12.1R5 12.2R1 12.2R1-S3 12.2R2 12.2R3
Get updated!
Juniper has published PR839412, which describes a vulnerability that exists in all versions of JunOS since 7.6R1. A specially-formed TCP packet directed to the router’s RE (Routing Engine) may crash the kernel. Details about exactly what the TCP packet should be - not provided. Currently there are no known public exploits.
To exploit the vulnerability, there is no need to set up a TCP session; one packet is enough, but this packet must be allowed by filters. That is, if you listen to any TCP service (for example: BGP, SSH) and the attacker knows the IP addresses that are allowed in the filters — in theory, he can form a packet that will result in denial of service to the router.
There are two ways to close a vulnerability:
- Deny access to all TCP services, including BGP.
- Upgrade to the JunOS version in which the vulnerability is closed.
')
Currently, the vulnerability is fixed in the following versions:
9.1R4 9.3R4 9.5R3 9.6R2 9.6R3 9.6R4 10.1R1 10.1R4 10.1R5 10.2R1 10.2R2 10.2R3 10.2R4 10.3R1 10.3R2 10.4R1 10.4R2 10.4R3 10.4R4 10.4R5 10.4R6 10.4R7 10.4R8 10.4R9 10.4R10 10.4R11 10.4R12 10.4R13 11.1R1 11.1R2 11.1R3 11.1R4 11.1R5 11.1R6 11.2R1 11.2R2 11.2R3 11.2R4 11.2R5 11.2R6 11.2R7 11.3R1 11.3R2 11.3R3 11.3R4 11.3R5 11.3R6 11.3R7 11.4R1 11.4R2 11.4R3 11.4R3-S1 11.4R3-S3 11.4R4 11.4R4-S2 11.4R5 11.4R5-S1 11.4R5-S3 11.4R6 11.4R7 12.1R1 12.1R2 12.1R2-S2 12.1R3 12.1R3-S1 12.1R4 12.1R5 12.2R1 12.2R1-S3 12.2R2 12.2R3
Get updated!
Source: https://habr.com/ru/post/167765/
All Articles