Juniper Networks Information for VU#738331

Domain Name System (DNS) resolver libraries vulnerable to read buffer overflow



Vendor Statement

Juniper Networks has determined that its JUNOS Internet Software, used on the M- and T-series of router products, is susceptible to this vulnerability in versions 5.2R1.4, 5.2R2.3, 5.2R3.4, 5.2R4.4, 5.3R1.2, 5.3R2.4, 5.3R3.3, and 5.4R1.4. Customers should contact Juniper or their Juniper reseller to obtain an updated version of JUNOS software.

Juniper Networks has determined that the operating software used on the ERX router products is not susceptible to this vulnerability. No software upgrade is required. However, the SDX-300 Service Deployment system may be susceptible if it is installed on a susceptible host platform. Users of SDX-300 should contact their host operating system vendor regarding this advisory.

The Juniper Networks G10 CMTS product is not susceptible to this vulnerability. No upgrade is required.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.