Junos Oversized BGP UPDATE DoS Vulnerability Network Vulnerability

Summary

Denial of Service vulnerability in routing daemon from oversized BGP UPDATE message.

Impact

Remote attackers can cause a denial of service condition on the device.

Solution

New builds of Junos OS software are available from Juniper. For a workaround restrict received communities and/or create an import policy to drop updates with AS_PATH longer than a specified number. See security bulletin from Juniper for further details.

Insight

A large BGP UPDATE message which immediately triggers a withdraw message to be sent, as demonstrated by a long AS_PATH and a large number of BGP Communities, cause the routing daemon to crash. This vulnerability can be triggered in both IPv4 and IPv6 environments.

Affected

Junos OS i10.4, 11.4, 12.1, 12.2, 12.3, 13.1, 13.2

Detection

Check the OS build.

References

http://kb.juniper.net/JSA10609
http://www.securityfocus.com/bid/64766

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-0616
CVSS Base Score: 7.1
AV:N/AC:M/Au:N/C:N/I:N/A:C

Related Vulnerabilities

Junos GNU libc GLOB_LIMIT DoS Vulnerability
Junos DoS Vulnerability in XNM Command Processor
Junos FPC Denial of Service Vulnerability
Junos NAT Protocol Translation Denial of Service Vulnerability
Junos Oversized BGP UPDATE DoS Vulnerability

Take action and discover your vulnerabilities