Crafty Packets PWN Juniper Routers

"Juniper Networks is warning customers of a critical flaw in its gateway routers that allows attackers to crash the devices by sending them small amounts of easily-spoofed traffic.

"In an advisory sent Wednesday afternoon, the networking company said a variety of devices could be forced to reboot by sending them internet packets with maliciously formed TCP options. The flaw affects versions 3 through 10 of Junos, the operating system that powers devices at ISPs, backbones, and other large networks. Software releases built on or after January 28, 2009 have already fixed the issue.

"`The Junos kernel will crash (i.e. core) when a specifically crafted TCP option is received on a listening TCP port,` the bulletin, which was issued by Juniper's technical assistance center, stated. `The packet cannot be filtered with Junos's firewall filter. A router receiving this specific TCP packet will crash and reboot.`

"There are `no totally effective workarounds,` the bulletin added."

More at The Register...