On Tue, 08 Nov 2011 09:21:37 +0100, Stephane Bortzmeyer said:
I disagree. The official bug statement from Juniper in August was trying very hard to downplay the importance of the bug ("Given the complexity of conditions required to trigger this issue, the probability of exploiting this defect is extremely low"). No wonder so few people (and not only at Level-3) did not upgrade.
August (and if that's when the *fix* came out, the bug is even older). September. October. November. So maybe the probability *is* low. And if JunOS is anything like CIsco IOS, a lot of shops didn't upgrade because the newer release has *other* issues in their environments. Nobody wants to upgrade to fix a once-ever-few-months bug if it also buys them a daily crash in something else.