Critical vulnerability in all versions of JunOS since 7.6R1
Greetings,
Juniper has published PR839412, which describes a vulnerability that exists in all versions of JunOS since 7.6R1. A specially crafted TCP packet aimed at the router's RE (Routing Engine) can lead to a kernel crash. Details about exactly what the TCP packet should be are not provided. There are currently no known public exploits.
To exploit the vulnerability, there is no need to establish a TCP session, only one packet is enough, but this packet must be allowed by filters. That is, if you are listening on any TCP service (for example: BGP, SSH) and the attacker knows the IP addresses that are allowed in the filters - theoretically he can form a packet that will lead to a denial of service for the router.
There are two ways to close a vulnerability:
- Deny access to all TCP services, including BGP.
- Upgrade to the JunOS version in which the vulnerability is closed.
The vulnerability is currently fixed in the following versions:
9.1R4 9.3R4 9.5R3 9.6R2 9.6R3 9.6R4 10.1R1 10.1R4 10.1R5 10.2R1 10.2R2 10.2R3 10.2R4 10.3R1 10.3R2 10.4R1 10.4R2 10.4R3 10.4R4 10.4R5 10.4 R6 10.4R7 10.4R8 10.4R9 10.4R10 10.4R11 10.4R12 10.4R13 11.1R1 11.1R2 11.1R3 11.1R4 11.1R5 11.1R6 11.2R1 11.2R2 11.2R3 11.2R4 11.2R5 11.2R6 11.2R7 11.3R1 11.3R2 11.3R3 11.3R3 11.3R3 11.3R3 11.3R3 11.3R3 11.3R3 R5 11.3R6 11.3R7 11.4R1 11.4R2 11.4R3 11.4R3-S1 11.4R3-S3 11.4R4 11.4R4-S2 11.4R5 11.4R5-S1 11.4R5-S3 11.4R6 11.4R7 12.1R1 12.1R2 12.1R2-S2 12.1R3 12.1 R3-S1 12.1R4 12.1R5 12.2R1 12.2R1-S3 12.2R2 12.2R3
Update!
Juniper has published PR839412, which describes a vulnerability that exists in all versions of JunOS since 7.6R1. A specially crafted TCP packet aimed at the router's RE (Routing Engine) can lead to a kernel crash. Details about exactly what the TCP packet should be are not provided. There are currently no known public exploits.
To exploit the vulnerability, there is no need to establish a TCP session, only one packet is enough, but this packet must be allowed by filters. That is, if you are listening on any TCP service (for example: BGP, SSH) and the attacker knows the IP addresses that are allowed in the filters - theoretically he can form a packet that will lead to a denial of service for the router.
There are two ways to close a vulnerability:
- Deny access to all TCP services, including BGP.
- Upgrade to the JunOS version in which the vulnerability is closed.
The vulnerability is currently fixed in the following versions:
9.1R4 9.3R4 9.5R3 9.6R2 9.6R3 9.6R4 10.1R1 10.1R4 10.1R5 10.2R1 10.2R2 10.2R3 10.2R4 10.3R1 10.3R2 10.4R1 10.4R2 10.4R3 10.4R4 10.4R5 10.4 R6 10.4R7 10.4R8 10.4R9 10.4R10 10.4R11 10.4R12 10.4R13 11.1R1 11.1R2 11.1R3 11.1R4 11.1R5 11.1R6 11.2R1 11.2R2 11.2R3 11.2R4 11.2R5 11.2R6 11.2R7 11.3R1 11.3R2 11.3R3 11.3R3 11.3R3 11.3R3 11.3R3 11.3R3 11.3R3 R5 11.3R6 11.3R7 11.4R1 11.4R2 11.4R3 11.4R3-S1 11.4R3-S3 11.4R4 11.4R4-S2 11.4R5 11.4R5-S1 11.4R5-S3 11.4R6 11.4R7 12.1R1 12.1R2 12.1R2-S2 12.1R3 12.1 R3-S1 12.1R4 12.1R5 12.2R1 12.2R1-S3 12.2R2 12.2R3
Update!