JUNOS TCP Option Processing Bug Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1023417 |
|
SecurityTracker URL: http://securitytracker.com/id/1023417
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Updated: Jan 8 2010
|
Original Entry Date: Jan 7 2010
|
Impact:
Denial of service via network
|
Vendor Confirmed: Yes
|
Version(s): 7.x, 8.x, 9.x
|
Description:
A vulnerability was reported in JUNOS. A remote user can cause denial of service conditions.
A remote user can send a single TCP packet with a specially crafted TCP field option value to a listening port on the target device to cause the target device to crash.
[Editor's note: Juniper no longer makes vulnerability reports public.]
|
Impact:
A remote user can cause the target device to crash.
|
Solution:
The vendor has issued an advisory, available to customers. See vendor bulletin number PSN-2010-01-623.
Builds dated January 28, 2009 and later include the fix.
[Editor's note: The vulnerability was corrected about a year ago but apparently was not considered to be security relevant at the time. The security relevance was just recently identified.]
|
Vendor URL: www.juniper.net/ (Links to External Site)
|
Cause:
Not specified
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Thu, 07 Jan 2010 18:47:37 +0000
Subject: Juniper JUNOS
|
http://isc.sans.org/diary.html?n&storyid=7909
|
|
