Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Archive] Firewall filters applied to loopback interface do not affect traffic on other interfaces

0

0

Article ID: JSA10317 SECURITY_ADVISORIES Last Updated: 22 Mar 2018Version: 5.0
Legacy Advisory Id:
PSN-2003-11-001
Product Affected:
This Product Support Notice affects all T-series routers running Junos Release 5.7 and later
Problem:
In Junos Release 5.7, firewall filters applied to the loopback interface on T-series routers do not affect traffic on other interfaces. Therefore, firewall filters designed to protect the Route Engine are ineffective.

This problem was documented in PR/40451.
Solution:
Junos Internet software was modified to ensure that filters applied to the loopback interface control traffic on all interfaces on the router.

The fix is available in Junos 5.7R4, 6.0R3, and 6.1R2 and later releases.
Workaround:
Any firewall filters applied to the loopback interface should be explicitly applied to all interfaces on the router.
Implementation:
Juniper has corrected the problem in Junos 5.7R4, 6.0R3, and 6.1R2 and later releases. 
 
Modification History:
2018-03-22: update article with fix information.
CVSS Score:
n/a
Severity Level:
Critical
Severity Assessment:
Firewall filters applied to the loopback interface are ineffective in controlling traffic on other interfaces. If no firewall filter is explicitly applied to the other interfaces on the router, the router is vulnerable to numerous forms of attack.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search