Juniper Networks has issued seven security advisories for its products, including a fix for a nasty bug that could be used to crash the company’s routers.
The number-two router vendor isn’t releasing a public security advisory on any of the bugs — that information is available to registered customers only — but the problem is now being patched by telecommunications companies that use Juniper’s high-end routers, according to security consultancy Praetorian Prefect.
“This was a serious issue which appears to have been averted through a coordinated response,” the company wrote in a blog post at its Web site.
Though the bug was first identified early last year, security experts only recently figured out how it could be exploited in Internet-based attacks, making it a much more critical issue. By sending a specially crafted packet to the router, an attacker could cause it to crash and then reboot, Juniper said in the Tuesday advisory that was seen by the IDG News Service.
“The fact that you can start [rebooting] high-end equipment is a big thing,” Praetorian’s Daniel Kennedy said in an interview. “Some of those big routers handle a lot of traffic.”
Kennedy said he didn’t know of any public attacks that exploited the flaw.
All routers that use the JunOS operating system are affected, but any version of the OS built after Jan 28., 2009, includes the patch, the Juniper advisory said.
A Juniper spokeswoman declined to provide more technical details on the issue, saying that the company only passes on this information to customers and partners. The advisory was one of seven issued recently by the company, she said via e-mail.