Juniper did not publicly disclose the flaw but did alert customers and posted a warning with the CERT Coordination Center (CERT/CC) at http://www.kb.cert.org/vuls/id/409555. Details of the bug are available on Juniper's Website, but only for the eyes of partners and customers.
Juniper is not commenting, "except to say that we have confirmed a security vulnerability in Junos and [that] a fix is available to our customers," a spokeswoman says.
The bug, discovered by the Qwest Communications International Inc. (NYSE: Q) software certification team, appears to affect all of Juniper's M- and T-series routers. Certain types of packets sent under certain conditions can cause a "severe operational disruption" that can be exploited to create a denial-of-service (DOS) attack, according to the CERT/CC warning. All versions of Junos software built before Jan. 7, 2005, are affected.
Juniper apparently issued a patch to cover the glitch, and reports on the North American Network Operators' Group (NANOG) mailing list said Tier 1 carriers were frantically upgrading their routers last weekend. A BellSouth Corp. (NYSE: BLS) spokesman noted that his company upgraded routers on its internal network and core network but added that no customers were affected by the glitch.
The problem goes to show that vulnerabilities can crop up in any software, no matter how carefully controlled the release process is. Unlike Cisco Systems Inc. (Nasdaq: CSCO), which supports multiple "trains" of its Internetwork Operating System (IOS), Juniper keeps all of its M- and T-series routers on the same version of the Junos software. Junos updates are released once per quarter, without exception; any features that aren't fully tested or debugged are put off until the next release.
As for Cisco, the company revealed this week that it had discovered three more glitches in IOS that could leave routers prone to DOS attacks. In each case, the problem affects only certain versions of IOS. The three latest discoveries are:
- MPLS: If an interface not configured for MPLS receives an MPLS packet, the port could reset "and may take several minutes to become fully functional," the Cisco advisory reads. The problem goes away if every port has MPLS for IP enabled, or if MPLS traffic engineering is turned on. This glitch affects only a subset of Cisco's smaller routers, including the 2600, 2800, and 3800. Cisco's Catalyst line is unaffected, as are the 7200, 7500, and GRS 12000.
- BGP: If a BGP neighbor change is logged, and a "malformed" BGP packet is in queue at the time, a reset could occur. This flaw affects any Cisco box running IOS with BGP configured.
- IPv6: Cisco has discovered a processing flaw related to logical interfaces, such as IPv6-to-IPv4 tunnels. "Crafted" packets sent repeatedly across such an interface can trigger a system reload, according to the advisory.
A Cisco spokesman notes the company doesn't typically comment on IOS glitches beyond what's mentioned in the security advisories, which are posted at http://www.cisco.com/en/US/products/products_security_advisories_listing.html.
— Craig Matsumoto, Senior Editor, Light Reading