Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Security Bugs Bite Juniper, Cisco

A vulnerability in Juniper Networks Inc. (Nasdaq: JNPR)
router software had carriers scrambling to upgrade their networks early this week.

Juniper did not publicly disclose the flaw but did alert customers and posted a warning with the CERT Coordination Center (CERT/CC) at http://www.kb.cert.org/vuls/id/409555. Details of the bug are available on Juniper's Website, but only for the eyes of partners and customers.

Juniper is not commenting, "except to say that we have confirmed a security vulnerability in Junos and [that] a fix is available to our customers," a spokeswoman says.

The bug, discovered by the Qwest Communications International Inc. (NYSE: Q) software certification team, appears to affect all of Juniper's M- and T-series routers. Certain types of packets sent under certain conditions can cause a "severe operational disruption" that can be exploited to create a denial-of-service (DOS) attack, according to the CERT/CC warning. All versions of Junos software built before Jan. 7, 2005, are affected.

Juniper apparently issued a patch to cover the glitch, and reports on the North American Network Operators' Group (NANOG) mailing list said Tier 1 carriers were frantically upgrading their routers last weekend. A BellSouth Corp. (NYSE: BLS) spokesman noted that his company upgraded routers on its internal network and core network but added that no customers were affected by the glitch.

  • 1