Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Non-RFC1112 compliant multicast packets sent to management Ethernet port can cause an SRP reset.

0

0
Article ID: JSA10381 SECURITY_ADVISORIES Last Updated: 09 May 2013Version: 5.0 Legacy Advisory Id:
PSN-2008-05-004
Product Affected:
ERX 310/700/705/1410/1440, E320
Problem:

When an E-series router running an affected release of JUNOSe receives a non-RFC1112 compliant multicast packet on the SRP Ethernet port, there is a possibility that the SRP may reset. The SRP Ethernet interface does not support multicast and discards all RFC1112-compliant packets. However, when a non-compliant packet is received, the packet is discarded and the buffer is freed. The problem occurs when the freed pointer to the buffer is incorrectly still sent to the underlying operating system for processing, resulting in the SRP panic in netBufLib.c.

This issue was found initially during System Test, although several cases have subsequently been reported in the field. All reported cases of this issue were determined to be triggered by a misconfigured device with a source MAC address in the reserved multicast MAC address range. The response to the source multicast MAC address from another device on the network, which would then have a valid multicast destination MAC address, did not have an RFC1112-compliant payload. This response packet triggered the reset.

There are no confirmed reports of this issue being triggered by a deliberate attack on the router from an external source.

This issue is tracked internally as CQ 81842.
Solution:

The following JUNOSe software releases (used on E-series routers) contain modified code to handle the non-RFC1112 compliant multicast packet: 7-1-4p0-5, 7-2-3p0-3, 7-2-4, 7-3-2p0-6, 7-3-3, 8-0-1, 8-0-2, 8-0-3, 8-1-0, 8-1-1, 8-2-0.

All follow-on releases of JUNOSe are unaffected by this vulnerability. No other Juniper products are affected by this vulnerability.

Status:
FINAL RELEASE

Juniper Networks is providing this notice on an "AS IS" basis. No warranty or guarantee of any kind is expressed in this notice and none should be implied. Juniper Networks expressly excludes and disclaims any warranties regarding this notice or materials referred to in this notice, including, without limitation, any implied warranty of merchantability, fitness for a particular purpose, absence of hidden defects, or of noninfringement. Your use or reliance on this notice or materials referred to in this notice is at your own risk. Juniper Networks may change this notice at any time.
Severity Level:
Medium
Severity Assessment:
This impact of this vulnerability is minimized by the fact that the issue only occurs when packets reach the management Ethernet port, which should be secured through standard security best common practices (BCPs). Additionally, the result of the SRP reset should only be a momentary interruption of service if redundant SRPs are deployed, and virtually no interruption of service of High Availability (HA) is enabled.

Related Links

 Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search