& cplSiteName &

Security Bugs Bite Juniper, Cisco

Light Reading
News Analysis
Light Reading
1/28/2005

A vulnerability in Juniper Networks Inc. (Nasdaq: JNPR) router software had carriers scrambling to upgrade their networks early this week.

Juniper did not publicly disclose the flaw but did alert customers and posted a warning with the CERT Coordination Center (CERT/CC) at http://www.kb.cert.org/vuls/id/409555. Details of the bug are available on Juniper's Website, but only for the eyes of partners and customers.

Juniper is not commenting, "except to say that we have confirmed a security vulnerability in Junos and [that] a fix is available to our customers," a spokeswoman says.

The bug, discovered by the Qwest Communications International Inc. (NYSE: Q) software certification team, appears to affect all of Juniper's M- and T-series routers. Certain types of packets sent under certain conditions can cause a "severe operational disruption" that can be exploited to create a denial-of-service (DOS) attack, according to the CERT/CC warning. All versions of Junos software built before Jan. 7, 2005, are affected.

Juniper apparently issued a patch to cover the glitch, and reports on the North American Network Operators' Group (NANOG) mailing list said Tier 1 carriers were frantically upgrading their routers last weekend. A BellSouth Corp. (NYSE: BLS) spokesman noted that his company upgraded routers on its internal network and core network but added that no customers were affected by the glitch.

The problem goes to show that vulnerabilities can crop up in any software, no matter how carefully controlled the release process is. Unlike Cisco Systems Inc. (Nasdaq: CSCO), which supports multiple "trains" of its Internetwork Operating System (IOS), Juniper keeps all of its M- and T-series routers on the same version of the Junos software. Junos updates are released once per quarter, without exception; any features that aren't fully tested or debugged are put off until the next release.

As for Cisco, the company revealed this week that it had discovered three more glitches in IOS that could leave routers prone to DOS attacks. In each case, the problem affects only certain versions of IOS. The three latest discoveries are:

  • MPLS: If an interface not configured for MPLS receives an MPLS packet, the port could reset "and may take several minutes to become fully functional," the Cisco advisory reads. The problem goes away if every port has MPLS for IP enabled, or if MPLS traffic engineering is turned on. This glitch affects only a subset of Cisco's smaller routers, including the 2600, 2800, and 3800. Cisco's Catalyst line is unaffected, as are the 7200, 7500, and GRS 12000.
  • BGP: If a BGP neighbor change is logged, and a "malformed" BGP packet is in queue at the time, a reset could occur. This flaw affects any Cisco box running IOS with BGP configured.
  • IPv6: Cisco has discovered a processing flaw related to logical interfaces, such as IPv6-to-IPv4 tunnels. "Crafted" packets sent repeatedly across such an interface can trigger a system reload, according to the advisory.


A Cisco spokesman notes the company doesn't typically comment on IOS glitches beyond what's mentioned in the security advisories, which are posted at http://www.cisco.com/en/US/products/products_security_advisories_listing.html.

— Craig Matsumoto, Senior Editor, Light Reading

(4)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
Goeran
Goeran
12/5/2012 | 3:28:19 AM
re: Security Bugs Bite Juniper, Cisco
"A memorandum of understanding has been signed and the two companies intend to sign a joint-distribution agreement."

What's the value of a "memorandum of understanding" in the networking world? Any insights?
Goeran
Goeran
12/5/2012 | 3:28:19 AM
re: Security Bugs Bite Juniper, Cisco
"Marconi is set to announce a strategic tie-up with Huawei, ChinaGÇÖs biggest telecoms-equipment company. The deal, which is likely to be unveiled tomorrow, will enable the British group to sell its products in China and the rest of Asia, and will accelerate HuaweiGÇÖs aggressive international expansion."

source: http://china-netinvestor.blogs...
OldPOTS
OldPOTS
12/5/2012 | 3:28:16 AM
re: Security Bugs Bite Juniper, Cisco
Both can begin the process for finalize negotiations and creating business structures.

It enables them to tell their customers about potentially new products from the deal and begins the process to share information. Generally both visit potential customers together, one with a lead sales, other marketing and tech person. This can start the sales process and the customer to view them as at least partnering to deliver needed products in the network vs competitor.

OldPOTS
Goeran
Goeran
12/5/2012 | 3:28:16 AM
re: Security Bugs Bite Juniper, Cisco
"Both can begin the process for finalize negotiations and creating business structures.

It enables them to tell their customers about potentially new products from the deal and begins the process to share information. Generally both visit potential customers together, one with a lead sales, other marketing and tech person. This can start the sales process and the customer to view them as at least partnering to deliver needed products in the network vs competitor.

OldPOTS"

Thanks!
Featured Video
Upcoming Live Events
October 22, 2019, Los Angeles, CA
November 5, 2019, London, England
November 7, 2019, London, UK
November 14, 2019, Maritim Hotel, Berlin
December 3-5, 2019, Vienna, Austria
December 3, 2019, New York, New York
March 16-18, 2020, Embassy Suites, Denver, Colorado
May 18-20, 2020, Irving Convention Center, Dallas, TX
All Upcoming Live Events