Knowledge Search


×
 

Line card may reset on receiving a crafted BFD Control packet

  [JSA10409] Show Article Properties


Legacy Advisory Id:
PSN-2009-09-513
Product Affected:
ERX 310/700/705/1410/1440, E320
Problem:
When an E-series router running an affected release of JUNOSe receives a crafted BFD Control packet there is a possibility that the line card may reset. Note that it is not necessary to enable BFD to hit this defect - running BGP and/or RSVP is sufficient for a line card to be vulnerable. Please refer to the attached PDF for additional details.

This issue was found internally during testing. There are no confirmed reports of this issue being triggered by a deliberate attack on the router from an external source.

This issue is tracked internally as CQ 89062.
Solution:
The following JUNOSe software releases (used on E-series routers) contain modified code to handle illegal values in BFD Control packets: 10.1.0, 10.0.1, 10.2.0, 9.3.1, 10.0.0p0-2, 9.2.2, 9.1.2p0-2, 9.0.2p0-3, 9.0.3, 9.0.1p0-7-5.

All follow-on releases of JUNOSe are unaffected by this vulnerability. No other Juniper products are affected by this vulnerability.
Related Links:
Severity Level:
Low
Severity Assessment:
There are no confirmed reports of this issue being triggered by a deliberate attack on the router from an external source.
Attachment File: