Juniper has fired off fixes for eight security vulnerabilities. The company has been running Junos OS through the security mill since late last year, when its now-notorious backdoor hit the headlines. Junos OS systems running either generic routing encapsulation (GRE) or IP-in-IP (IPIP) tunnels are vulnerable to a kernel crash triggered by a crafted ICMP packet. The resulting denial of service attack, CVE-2016-1277, is rated high, and present in a bunch of Junos OS revisions – three in the version 12.1 series, 13.3R9, three version 14 flavours, three version 15 flavours, and all subsequent to 15.1X49-D40. Absent the patch, users can filter out untrusted ICMP traffic.
View full story
ORIGINAL SOURCE: The Register
