5 July 2004 A weakness has been discovered in some Juniper Networks routers that run the ‘next-generation’ Internet Protocol, called IPv6.
The US Computer Emergency Readiness Team (CERT) and Secunia, a security advisory company, issued a warning on Wednesday after discovering that Juniper M-series and T-series routers built between 24 February and 20 June have faults in their code.
The vulnerability is caused by a ‘memory leak’, which saps the router’s performance when IPv6 packets are sent in a certain order. Memory leaks occur when a computer – or in this case a router – fails to reclaim memory that has been used to run an operation.
As a result, more and more memory is tied up until the router runs out entirely. As a result, the router will crash and automatically reboot. This can cause major service outages or, at the very least, a significant reduction in network performance.
Internet Protocol (IP), which provides unique addresses available for connecting PCs to the Internet, has been running on the same technology, IPv4, for twenty years. However, there is a growing shortage of IPv4 addresses, particularly for the fast growing economies of China and India.
A Juniper spokesperson said that all routers built from 20 June 2004 onwards contain the correct code.
Analysts say that the vulnerability will not have a profound impact on the Internet, since few networks around the world currently employ IPv6. However, the transition to IPv6 is expected nevertheless to occur before the end of the decade.