Knowledge Search


NISCC Vulnerability #144154: PROTOS c09-dns-response test tool (144154/NISCC/DNS)

  [JSA10360] Show Article Properties

Legacy Advisory Id:
Product Affected:
ERX 310/700/705/1410/1440, E320

When executing the OUSPG PROTOS Test Suite for DNS, certain tests in the suite can cause the SRP on an E-series router to reset. In order for the router to be affected, the running configuration must be modified to point to a DNS server running the test suite. While it is conceivably possible to have a production DNS server compromised in such a way as to cause these illegal responses to be sent to an E-series router, no known occurrence of this exists. Still, this issue is considered high priority by the Juniper Networks Security Incident Response Team (SIRT) and fixes have been made available for all supported releases.

This issue is tracked internally as CQ 72492.

All other products and platforms are unaffected.

The following JUNOSe software releases (used on E-series routers) contain modified code to handle the malformed DNS responses generated by the OUSPG test tool: 5-3-5p0-2, 6-0-3p0-6, 6-0-4, 6-1-3p0-1, 7-0-1p0-7, 7-0-2, 7-1-0p0-1, 7-1-1


Juniper Networks is providing this notice on an "AS IS" basis. No warranty or guarantee of any kind is expressed in this notice and none should be implied. Juniper Networks expressly excludes and disclaims any warranties regarding this notice or materials referred to in this notice, including, without limitation, any implied warranty of merchantability, fitness for a particular purpose, absence of hidden defects, or of noninfringement. Your use or reliance on this notice or materials referred to in this notice is at your own risk. Juniper Networks may change this notice at any time.
Related Links:
Risk Level:
Risk Assessment:
Juniper Networks JUNOSe software is susceptible to certain malformed DNS server responses as exposed by the OUSPG PROTOS c09-dns-response test suite. Risk assessment is medium for Juniper Networks E-series routers.