Re. the critical vulnerability in Juniper Installer Service published last Feb (http://www.juniper.net/security/auto/vulnerabilities/vuln38232.html) and first publicly reported in Dec 2009 (http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=850), there is a patch linked from that page and that page states that the affected version of Installer Service is 184.108.40.206. I am evaluating SA 6.5R4-1 which comes with version 220.127.116.1131 of Installer Service. Although logically I would absolutely expect Juniper to have fixed the vulnerability by now, I cannot for the life of me find any mention of this fix in any of the SA versions' release notes dated Dec 2009 or later. Can anyone point me to some clear documentation that addresses the vulnerability and (patch aside) says the vulnerability is fixed from version X forward?
... View more