SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips
 

Vulnerability Note VU#409555

Juniper JunOS Routing Engine MPLS denial of service

Overview

Juniper routers will become severely disrupted when attacked with specially-crafted MPLS packets.

I. Description

Juniper routers running JUNOS have a vulnerability in which specially-crafted MPLS packets can cause normal operation of affected routers to be severely disrupted.

According to Juniper's security bulletin PSN-2005-02-004:

    When an M-series or T-series Juniper routing platform receives
    certain MPLS packets, the packets are immediately delivered to the
    Routing Engine (RE) for further processing.  This occurs even if
    packets are received on an interface which is not enabled for MPLS
    processing, or if the router is not configured to process MPLS
    packets at all.  Furthermore, these MPLS packets are delivered without
    any further processing by the hardware, thus bypassing all
    attempts at limiting the number of, or otherwise filtering, the
    packets.  A large stream of these MPLS packets can overload
    internal communication paths and interfere with the timely
    processing of other packets.


It is important to note an attacker does not need to directly connected to a router in order to exploit this vulnerability. According to PSN-2005-02-004:

    This vulnerability can be exploited by an attacker directly
    attached to a Juniper Networks M-series or T-series routing
    platform, even if the interface to which the attacker is attached
    is not enabled for MPLS.  An attacker not directly attached to the
    routing platform can exploit this vulnerability on transit Label
    Switch Routers within an Internet Service Provider's MPLS-enabled
    core network.  

Please see the Juniper Vendor statement document for additional configuration changes that may provide partial mitigation of one potential attack vector.

II. Impact

A remote, unauthenticated attacker may cause severe operational disruption to affected Juniper routers. Affected routers will suffer an effective denial of routing service when this vulnerability is exploited.

III. Solution

Please see the vendor statement with relevant patches. Users registered at Juniper's support site should visit https://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2005-02-004&actionBtn=Search

This vulnerability is present in all JUNOS software releases built prior to January 6, 2005.
According to Juniper, it is not possible to use network filters to protect vulnerable routers. Vulnerable routers must be updated in order to completely mitigate this vulnerability.

Systems Affected

VendorStatusDate Updated
Juniper Networks, Inc.Vulnerable1-May-2006

References


http://www.securityfocus.net/bid/12379/
http://jvn.jp/cert/JVNVU%23409555/
http://www.niscc.gov.uk/niscc/docs/al-20050126-00067.html
http://www.auscert.org.au/render.html?it=4757

Credit

Juniper has thanked Qwest Communication Software Certification team for bringing this issue to their attention.

This document was written by Jeffrey S. Havrilla.

Other Information

Date Public01/26/2005
Date First Published01/26/2005 11:30:56 AM
Date Last Updated05/01/2006
CERT Advisory 
CVE-ID(s)CVE-2004-0467
NVD-ID(s)CVE-2004-0467
US-CERT Technical Alerts 
Metric7.09
Document Revision10

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2005 Carnegie Mellon University
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader