[SA21003] Juniper Networks JUNOS IPv6 Packet Handling Denial of Service

Les derniers commentaires publiés sur SecuObs (1-5):

- ESRT @wireheadlance - How to secure a Cisco router - Device Fingerprinting to Fight Real-time Transaction Fraud - Penetrating Intranets through Adobe Flex Applications - Updated the OWASP Fuzzing Code Database - ESRT @jcran - how to convert a NASL check to a NeXpose check Les derniers commentaires publiés sur SecuObs (6-25) Tous les commentaires publiés sur SecuObs avant les 5 derniers

[Message Precedent sur la mailing][Message Suivant sur la mailing][Precedent dans le fil][Prochain dans le fil][Index par Date][Index par fil] [SA21003] Juniper Networks JUNOS IPv6 Packet Handling Denial of Service

Hardcore Disassembler / Reverse Engineer Reversing must be a passion as your skills will be challenged on a daily basis and you will be working several hours everyday in IDA, Ollydbg, and with BinDiff. Often, it is also required that you write a PoC or even a working exploit to prove that an issue is exploitable.

link://[click]

TITLE: Juniper Networks JUNOS IPv6 Packet Handling Denial of Service

SECUNIA ADVISORY ID: SA21003

VERIFY ADVISORY: link://[click]

CRITICAL: Moderately critical

IMPACT: DoS

WHERE: From remote

OPERATING SYSTEM: JUNOS 6.x link://[click] JUNOS 7.x link://[click] JUNOS 8.x link://[click]

DESCRIPTION: A vulnerability has been reported in the M-series, T-series, and J-Series routers, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error when freeing memory after receiving certain IPv6 packets. This can be exploited to cause a exhaust available memory by sending specially crafted IPv6 packets to the vulnerable router.

Successful exploitation crashes the router.

The vulnerability has been reported for routers using a version of the JUNOS Internet Software built before 2006-05-10.

SOLUTION: Apply an updated version of the JUNOS software.

PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.

ORIGINAL ADVISORY: link://[click] link://[click]

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: link://[click]

Definitions: (Criticality, Where etc.) link://[click]

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link.

Secunia NEVER sends attached files with advisories.

Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Precedent par Date: [SA21015] Mambo PccookBook Component File Inclusion Vulnerability
Suivant par Date: [SA20984] Network Appliance Data ONTAP Security Bypass Vulnerability
Precedent par fil : [SA21015] Mambo PccookBook Component File Inclusion Vulnerability
Suivant par fil : [SA20984] Network Appliance Data ONTAP Security Bypass Vulnerability
Index(s):
- Date
- Fil

Archives de la liste de diffusion Secunia
Archives de la liste de diffusion BugTraq
Archives de la liste de diffusion DailyDave
Archives de la liste de diffusion FunSec
Archives de la liste de diffusion Full Disclosure
Archives de la liste de diffusion Focus-IDS (FD)
Archives de la liste de diffusion Webappsec (FD)
Archives de la liste de diffusion Security-basics (FD)
Archives de la liste de diffusion Vulndiscuss
Archives de la liste de diffusion Vulnwatch

Les derniers commentaires publiés sur SecuObs (6-25):

- The New Disclosure Debate and the Evil Mr. Moore - Charlie Miller Will Expose 20 Hackable Apple Security Flaws - Digital Forensics Framework v0.5 released - OSSIM v2.2 Multiple Vulnerabilities - Virtual PC Hypervisor Memory Protection Vulnerability - Virtual machines being used to obfuscate malware - Implement the SSH-2 protocol in pure Java - Video : ESRT @securityshell - Nessus Scan through a Meterpreter Session - ESRT @Jhaddix Man-Just-Left-of-Middle MJLM XSS Phishing Attack Tool - An Analysis of the Skype IMBot Logic and Functionality - sipwitch 0.7.3 - Saint Vulnerability Scanner v7.3 on the wild - JBroFuzz 2.0 Fuzzer Released - Metasploit Oracle Windows - Detecting USB Storage Usage with OSSEC - Vulnerability in phpAdsNew, OpenAds and OpenX - ESRT @devilok - Buck Security - Collection of security checks for Linux - WhatWeb v0.4 - released - SQLmap 0.8 has been Released - Video : Discovering CSRF with OWASP's CSRFTester Tool Les cinq derniers commentaires publiés sur SecuObs Tous les commentaires publiés sur SecuObs avant les 25 derniers

SecuToolBox :

Bluetooth Stack Smasher v0.6 / Bluetooth Stack Smasher v0.8 / Slides Bluetooth Eurosec 2006 / Exposé vidéo Windows Shellcode - Kostya Kortchinsky / Exposé audio Reverse Engineering - Nicolas Brulez / Exposé vidéo Securitech - Pierre Betouin / WEP aircrack + Ubiquiti (MadWifi) 300 mW + Yagi / Secure WIFI WPA + EAP-TLS + Freeradius / Audit Windows / Captive Password Windows / USBDumper / USBDumper 2 / Hacking Hardware / WishMaster backdoor / DNS Auditing Tool / Ettercap SSL MITM / Exploit vulnérabilités Windows / Memory Dumper Kernel Hardening / Reverse Engineering / Scapy / SecUbuLIVE CD / Metasploit / eEye Blink Sec Center / eEye Retina Scanner + d'outils / + de tutoriels

Mini-Tagwall des articles publiés sur SecuObs :

sécurité, exploit, windows, microsoft, réseau, attaque, outil, vulnérabilité, audit, système, virus, internet, données, présentation, metasploit, linux, bluetooth, protocol, vista, scanner, réseaux, shell, engineering, rootkit, paquet, conférence, trames, wishmaster, téléphone, source, sysun, noyau, mobile, https, mémoire, rapport, botnet, téléphones, libre, reverse, navigateur, patch, snort, scapy, intel + de mots clés avec l'annuaire des articles publiés sur SecuObs

Archives Failles Secunia :

- SA38986 Red Hat update for cpio - SA38936 Red Hat update for cpio - SA39002 Fedora update for viewvc - SA38923 Red Hat update for cpio - SA38997 Web Wiz Forums Cross-Site Request Forgery + d'archives failles avec Secunia et SecuMail

Archives Mailing Full Disclosure :

- Full-disclosure Claude Mercier/CLSC-CHSLD BVLV/Reg03/SSSS est absent(e). - Re: Full-disclosure SecurityFocus to partially shut down - Full-disclosure Wordpad Command line argument vulnerability is it known ? - Full-disclosure Decrypting MPPE / PPTP network traffic - Full-disclosure USN-914-1 Linux kernel vulnerabilities + d'archives Full Disclosure avec SecuMail

Archives Mailing Bugtraq :

- Miranda IM silent TLS failure - Vulnerabilities in VXDate for Joomla - CORELAN-10-13 - Windisc Local Stack BOF - security bulletin HPSBGN02511 SSRT100022 rev.2 - HP Small Form Factor or Microtower PC with Broadcom Integrated NIC Firmware, Remote Execution of Arbitrary Code - CORE-2010-0311 - eFront-learning PHP file inclusion vulnerability - CORE-2009-0803: Virtual PC Hypervisor Memory Protection Vulnerability + d'archives Bugtraq avec SecuMail

Mini-Tagwall de l'annuaire video :

vmware, security, virus, biometric, windows, lockpicking, password, botnet, metasploit, tutorial, attack, crypt, linux, network, iphone, server, exploit, conficker, wimax, virtu, virtual, engineering, reverse, cisco, shmoocon, ettercap, wireshark, hacker, firewall, internet, knoppix, rootkit, arduino, source, wireless, conference, backtrack, brucon, openbsd, systm, openssh, overflow, buffer, access, remote + de mots clés avec l'annuaire des videos

Mini-Tagwall des articles de la revue de presse :

security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité + de mots clés avec l'annuaire de la revue de presse

Mini-Tagwall des Tweets de la revue Twitter :

security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack + de mots clés avec l'annuaire de la revue Twitter