Juniper patches router-crashing bug

Juniper Networks has issued seven safety recommendations for its products, including a fix for a nasty bug that could be used to crash the company’s routers.

The number two provider router does not release a security advisory published in any of the errors – the information is available to registered customers – but the problem is being patched by telecommunications companies that use Juniper routers in high-end , as prefect of Praetorian Security Consulting.

“This was a serious problem that seems to have been averted by a coordinated response,” the company wrote in a blog on his Web site.

Although the bug was first identified early last year, security experts recently discovered how it could be exploited in Internet-based attacks, so it is a much more critical. By sending a specially crafted packet to the router, an attacker could cause it to crash and then restart Juniper said in the announcement on Tuesday that was seen by IDG News Service.

“The fact that you can begin to [restart] high-end equipment is a great thing,” said Daniel Praetorian Kennedy in an interview. “Some of the routers to handle a large amount of traffic.”

Kennedy said he knew of no public attack that exploited the bug.

All routers using the JUNOS operating system are affected, but any operating system version built after 28 January. 2009, includes the patch, the advice of Juniper, said.

A Juniper spokesman declined to provide further technical details on the issue, saying the company just passes this information to customers and partners. The warning was one of seven recently published by the company, said via e-mail.