HomeNetworking

US-CERT Warns on IPv6 Routing Software

Colin C. Haley
By Colin C. Haley

Some versions of Juniper’s JUNOS router software, which helps direct network
traffic using the next-generation IPv6 Internet standard,
contain a flaw that can be exploited to cause a Denial of Service attack.

The vulnerability results from a memory leak within the IPv6 Packet
Forwarding Engine (PFE) when processing certain IPv6 packets, according to
the company, the United States Computer Emergency Readiness Team (US-CERT)
and the security firm Secunia.

“If an attacker submits multiple packets to a vulnerable router running an
IPv6-enabled PFE, the router can be repeatedly rebooted, essentially
creating a denial of service for the router,” US-CERT said in an advisory.

The problem affects all Juniper routers running JUNOS with a PFE released
between Feb. 24 and June 20. Products produced on or after June 21 contain
corrected code. Secunia classifies the problem as “moderately critical.”

Registered Juniper customers and partners can find a fix through the
support section
of the company’s site.

IPv6 is in line to succeed IPv4, which has been in use for almost 30 years
and cannot support emerging requirements for address space, mobility and
security in peer-to-peer networking.

IPv6 is designed to overcome these shortcomings. It also adds improvements,
such as routing and networking auto-configuration. IPv6 will coexist with
IPv4 and eventually provide better internetworking capabilities than those
currently available with IPv4.

Europe and the Pacific Rim have been developing
advanced services, particularly in the mobile computing sector, for the new
protocol while interest in this country has lagged. That changed last year when the
Pentagon announced it would convert to IPv6
within the next three years. In support of the Pentagon’s efforts, the IPv6
Task Force announced in October the launch of North America’s largest IPv6
pilot network.

The Juniper alert is the latest hit for the network equipment industry. Last
week, Cisco
flagged
a vulnerability in its flagship Collaboration Server (CCS) that could put users at risk
of malicious code execution.

Cisco, which dominates the market for switching and routing equipment used
to link networks, said it discovered the vulnerability in versions that ship with the ServletExec subcomponent.

Two months ago, Cisco confirmed
that hackers broke into its corporate network and stole chunks of the
source code for the popular IOS operating system.

Although the company doesn’t believe any customer information was stolen and
stressed that a product flaw was not to blame, the breach was nonetheless
embarrassing for a company that’s been touting security.

Colin C. Haley
Colin C. Haley
Previous article
A Rational Approach to Quality Software
Next article
VERITAS to Miss Revenue Mark

Similar Posts

Get the Free Newsletter!

Subscribe to our newsletter.

Subscribe to Daily Tech Insider for top news, trends & analysis

News Around the Web

InternetNews is a source of industry news and intelligence for IT professionals from all branches of the technology world. InternetNews focuses on helping professionals grow their knowledge base and authority in their field with the top news and trends in Software, IT Management, Networking & Communications, and Small Business.

Advertisers

Advertise with TechnologyAdvice on InternetNews and our other IT-focused platforms.

Advertise with Us

Menu

Our Brands

Property of TechnologyAdvice.
© 2021 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.