Juniper Networks, Inc. Information for VU#222750

TCP/IP implementations do not adequately validate ICMP error messages



Vendor Statement

Juniper Networks M-series and T-series routers running software built prior to August 18, 2004, are susceptible to this vulnerability. Software built on or after that date disables processing of ICMP Source Quench messages, permits the user to disable Path MTU Discovery, and has additional verification enabled for PMTUD. The various forms of ICMP Unreachable messages are already ignored except during session establishment.

Other Juniper Networks products are not susceptible to this vulnerability. Customers should visit the Juniper Networks Customer Service Center web-site for further information: