Juniper fixes router DoS vulnerability
Networking supplier Juniper has released an update to fix a DoS vulnerability in its routers. The vulnerability can reportedly be exploited to force a router reboot using specially crafted TCP packets. For a successful attack, the packet must include a specific combination of TPC options and must be addressed to a service that is running on the router. However, the first TCP packet sent apparently already triggers the flaw. A full 3-way handshake is not required. Transient packages which are only being forwarded don't cause the router to crash and reboot.
Since Juniper only makes advisories available to its customers and partners, no further details have officially become available. The independent "Praetorian Prefect" blog, however, offers information about the vulnerable versions. According to the blog, routers running JUNOS 9.x, 8.x or 7.x with a release date before the 28th of January 2009 are vulnerable. While versions 3.x, 4.x, 5.x and 6.x are also thought to be affected, these versions are no longer officially supported by the vendor.
No fully functional workaround apart from installing the update is said to be available – simply filtering TCP packets via the firewall is reportedly insufficient. Juniper recommends that customers implement anti-spoofing measures to detect packets with a bogus sender address. Various ISPs reportedly already updated their core routers at the beginning of January.