SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Router/Bridge/Hub)  >   Juniper Junos Vendors:   Juniper
Juniper Junos BGP UPDATE Processing Flaw Lets Remote Users Deny Service
SecurityTracker Alert ID:  1031009
SecurityTracker URL:  http://securitytracker.com/id/1031009
CVE Reference:   CVE-2014-3818   (Links to External Site)
Date:  Oct 14 2014
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9.1 and later
Description:   A vulnerability was reported in Juniper Junos. A remote user can cause denial of service conditions.

A remote user can send a specially crafted BGP UPDATE to trigger a memory corruption error and cause the target routing protocol daemon (rpd) to crash and restart.

A specially crafted set of transitive attributes can trigger the flaw.

Only routers supporting 4-byte AS numbers are affected if the BGP peer does not support 4-byte AS numbers.

The vendor has assigned PR 953037 to this vulnerability.

Impact:   A remote user can cause the target rpd to crash and restart.
Solution:   The vendor has issued a fix (11.4R11, 12.1R10, 12.1X44-D40, 12.1X46-D30, 12.1X47-D11, 12.1X47-D15, 12.1X48-D41, 12.1X48-D62, 12.2R8, 12.2X50-D70, 12.3R6, 13.1R4-S2, 13.1X49-D49, 13.1X50-D30, 13.2R4, 13.2X50-D20, 13.2X51-D25, 13.2X52-D15, 13.3R2, 14.1R1).

The vendor's advisory is available at:

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10653

Vendor URL:  kb.juniper.net/InfoCenter/index?page=content&id=JSA10653 (Links to External Site)
Cause:   State error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC