Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

NISCC Vulnerability #144154: PROTOS c09-dns-response test tool (144154/NISCC/DNS)



Article ID: JSA10360 SECURITY_ADVISORIES Last Updated: 09 May 2013Version: 2.0
Legacy Advisory Id:
Product Affected:
ERX 310/700/705/1410/1440, E320

When executing the OUSPG PROTOS Test Suite for DNS, certain tests in the suite can cause the SRP on an E-series router to reset. In order for the router to be affected, the running configuration must be modified to point to a DNS server running the test suite. While it is conceivably possible to have a production DNS server compromised in such a way as to cause these illegal responses to be sent to an E-series router, no known occurrence of this exists. Still, this issue is considered high priority by the Juniper Networks Security Incident Response Team (SIRT) and fixes have been made available for all supported releases.

This issue is tracked internally as CQ 72492.

All other products and platforms are unaffected.

The following JUNOSe software releases (used on E-series routers) contain modified code to handle the malformed DNS responses generated by the OUSPG test tool: 5-3-5p0-2, 6-0-3p0-6, 6-0-4, 6-1-3p0-1, 7-0-1p0-7, 7-0-2, 7-1-0p0-1, 7-1-1


Juniper Networks is providing this notice on an "AS IS" basis. No warranty or guarantee of any kind is expressed in this notice and none should be implied. Juniper Networks expressly excludes and disclaims any warranties regarding this notice or materials referred to in this notice, including, without limitation, any implied warranty of merchantability, fitness for a particular purpose, absence of hidden defects, or of noninfringement. Your use or reliance on this notice or materials referred to in this notice is at your own risk. Juniper Networks may change this notice at any time.
Severity Level:
Severity Assessment:
Juniper Networks JUNOSe software is susceptible to certain malformed DNS server responses as exposed by the OUSPG PROTOS c09-dns-response test suite. Risk assessment is medium for Juniper Networks E-series routers.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search