Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

JUNOS 7.3R1.5 exposure to MD5 authentication mismatch

0

0

Article ID: JSA10352 SECURITY_ADVISORIES Last Updated: 09 May 2013Version: 2.0
Legacy Advisory Id:
PSN-2005-08-003
Product Affected:
All Juniper Networks M/T/J-series routers.
Problem:
JUNOS software release 7.3R1.5 has been found to be vulnerable to attacks using TCP-based protocol packets. Any mismatch in MD5 authentication for packets sent to either configured or unconfigured TCP-based protocol peers on a Juniper Networks router running JUNOS Release 7.3R1.5 can result in a memory leak, which over time can cause a router restart.

This issue is tracked internally as PR/61535 for JUNOS software.

Solution:
Changes have been made in JUNOS 7.3R1.6 software to mitigate the potential vulnerability of receiving packets with mismatched MD5 authentication to either configured or unconfigured TCP-based protocol peers.

Implementation:
JUNOS Release 7.3R1.6 contains modified code that provides expanded TCP and MD5 authentication checks.

Severity Level:
High
Severity Assessment:
An attacker can severely disrupt normal operation of the routing platform by injecting mismatched MD5 authentication packets to either configured or unconfigured TCP-based protocol peers.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search