Knowledge Search


×
 

Non-RFC1112 compliant multicast packets sent to management Ethernet port can cause an SRP reset.

  [JSA10381] Show Article Properties


Legacy Advisory Id:
PSN-2008-05-004
Product Affected:
ERX 310/700/705/1410/1440, E320
Problem:

When an E-series router running an affected release of JUNOSe receives a non-RFC1112 compliant multicast packet on the SRP Ethernet port, there is a possibility that the SRP may reset. The SRP Ethernet interface does not support multicast and discards all RFC1112-compliant packets. However, when a non-compliant packet is received, the packet is discarded and the buffer is freed. The problem occurs when the freed pointer to the buffer is incorrectly still sent to the underlying operating system for processing, resulting in the SRP panic in netBufLib.c.

This issue was found initially during System Test, although several cases have subsequently been reported in the field. All reported cases of this issue were determined to be triggered by a misconfigured device with a source MAC address in the reserved multicast MAC address range. The response to the source multicast MAC address from another device on the network, which would then have a valid multicast destination MAC address, did not have an RFC1112-compliant payload. This response packet triggered the reset.

There are no confirmed reports of this issue being triggered by a deliberate attack on the router from an external source.

This issue is tracked internally as CQ 81842.
Solution:

The following JUNOSe software releases (used on E-series routers) contain modified code to handle the non-RFC1112 compliant multicast packet: 7-1-4p0-5, 7-2-3p0-3, 7-2-4, 7-3-2p0-6, 7-3-3, 8-0-1, 8-0-2, 8-0-3, 8-1-0, 8-1-1, 8-2-0.

All follow-on releases of JUNOSe are unaffected by this vulnerability. No other Juniper products are affected by this vulnerability.

Status:
FINAL RELEASE


Juniper Networks is providing this notice on an "AS IS" basis. No warranty or guarantee of any kind is expressed in this notice and none should be implied. Juniper Networks expressly excludes and disclaims any warranties regarding this notice or materials referred to in this notice, including, without limitation, any implied warranty of merchantability, fitness for a particular purpose, absence of hidden defects, or of noninfringement. Your use or reliance on this notice or materials referred to in this notice is at your own risk. Juniper Networks may change this notice at any time.
Related Links:
Risk Level:
Medium
Risk Assessment:
This impact of this vulnerability is minimized by the fact that the issue only occurs when packets reach the management Ethernet port, which should be secured through standard security best common practices (BCPs). Additionally, the result of the SRP reset should only be a momentary interruption of service if redundant SRPs are deployed, and virtually no interruption of service of High Availability (HA) is enabled.