Security flaw in Juniper's JunOS can be used to crash routers

Powered by SC Magazine

Crafted packets roger routers.

A serious flaw in the operating system running Juniper routers can make them crash and reboot, the network equipment vendor has advised.

By sending a specially crafted transmission control protocol (TCP) packet to a listening port on a Juniper Routing Engine, it's possible to make the kernel in JunOS crash, and cause them to swich over or reboot.

The chief technical officer at New Zealand ISP and Juniper Elite partner Snap Internet, Sam Brock-Smith labelled the flaw "nasty".

"It has the potential to crash or lock up core Juniper routers," Brock-Smith said.

Snap Internet uses Juniper switches and routers extensively on its national network and at overseas locations, Brock-Smith said, adding that the provider's engineering team is working with the Juniper Technical Assistance Centre (JTAC) to ensure it is protected against the vulnerability.


Juniper T4000. Source: vendor

While specific details of what triggers the flaw weren't given, versions of JunOS older than January 17 are affected, Juniper said, with newer ones containing a fix for the problem.

A Juniper spokesperson confirmed the vulnerability to iTnews.

"During routine internal product testing, Juniper discovered a potential TCP vulnerability that affects certain releases of JunOS software," the spokesperson said.

"The Juniper Networks Security Incident Response Team (SIRT) is not aware of any malicious exploitation of this vulnerability.

"We are encouraging our customers to contact Juniper's Customer Support Center for a detailed advisory and solution implementation."

The spokesperson said the vendor was "committed to the responsible disclosure of security vulnerabilities."

Apart from getting a fixed version of JunOS, Juniper suggests in an advisory using access lists or firewall filters for the routers, deployed on both the edge and control plane, and source address anti-spoofing to prevent traffic from bogus addresses reaching the devices.

Unicast reverse path forwarding — which checks if the IP address in a packet is reachable and if not, drops it —  can also be utilised to mitigate against the attack, together with RFC 3682 time-to-live security.

Juniper had approximately 20 percent of the router and switch market in 2012, according to a Bloomberg report.

Update, 5/2: A spokesperson told iTnews that "fixes are available for all affected platforms."

Copyright © . All rights reserved.

Security flaw in Juniper's JunOS can be used to crash routers
Top Stories
Meet FABACUS, Westpac's first computer
GE225 operators celebrate gold anniversary.
NSW Govt gets ready to throw out the floppy disks
[Opinion] Dominic Perrottet says its time for government to catch up.
iiNet facing new copyright battle with Hollywood
Fighting to protect customer details.
Sign up to receive iTnews email bulletins
Latest Comments
In which area is your IT shop hiring the most staff?

   |   View results
IT security and risk
Sourcing and strategy
IT infrastructure (servers, storage, networking)
End user computing (desktops, mobiles, apps)
Software development

Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results