ID CVE-2017-2313 Type cve Reporter cve@mitre.org Modified 2017-07-11T01:33:00
Description
Juniper Networks devices running affected Junos OS versions may be impacted by the receipt of a crafted BGP UPDATE which can lead to an rpd (routing process daemon) crash and restart. Repeated crashes of the rpd daemon can result in an extended denial of service condition. The affected Junos OS versions are: 15.1 prior to 15.1F2-S15, 15.1F5-S7, 15.1F6-S5, 15.1F7, 15.1R4-S7, 15.1R5-S2, 15.1R6; 15.1X49 prior to 15.1X49-D78, 15.1X49-D80; 15.1X53 prior to 15.1X53-D230, 15.1X53-D63, 15.1X53-D70; 16.1 prior to 16.1R3-S3, 16.1R4; 16.2 prior to 16.2R1-S3, 16.2R2; Releases prior to Junos OS 15.1 are unaffected by this vulnerability. 17.1R1, 17.2R1, and all subsequent releases have a resolution for this vulnerability.
{"openvas": [{"lastseen": "2019-05-29T18:33:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-2313"], "description": "Junos OS is prone to denial of service vulnerability when receiving BGP\nUPDATE messages.", "modified": "2018-10-26T00:00:00", "published": "2017-04-13T00:00:00", "id": "OPENVAS:1361412562310106752", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310106752", "type": "openvas", "title": "Junos BGP UPDATE DoS Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_junos_jsa10778.nasl 12106 2018-10-26 06:33:36Z cfischer $\n#\n# Junos BGP UPDATE DoS Vulnerability\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = 'cpe:/o:juniper:junos';\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.106752\");\n script_version(\"$Revision: 12106 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 08:33:36 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-04-13 08:24:49 +0200 (Thu, 13 Apr 2017)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_cve_id(\"CVE-2017-2313\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Junos BGP UPDATE DoS Vulnerability\");\n\n script_category(ACT_GATHER_INFO);\n\n script_family(\"JunOS Local Security Checks\");\n script_copyright(\"This script is Copyright (C) 2017 Greenbone Networks GmbH\");\n script_dependencies(\"gb_ssh_junos_get_version.nasl\", \"gb_junos_snmp_version.nasl\");\n script_mandatory_keys(\"Junos/Version\");\n\n script_tag(name:\"summary\", value:\"Junos OS is prone to denial of service vulnerability when receiving BGP\nUPDATE messages.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable OS build is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Junos OS 15.1 and later releases may be impacted by the receipt of a\ncrafted BGP UPDATE which can lead to an rpd (routing process daemon) crash and restart. Repeated crashes of the\nrpd daemon can result in an extended denial of service condition.\");\n\n script_tag(name:\"impact\", value:\"An attacker may cause a denial of service condition.\");\n\n script_tag(name:\"affected\", value:\"Junos OS 15.1, 16.1 and 16.2\");\n\n script_tag(name:\"solution\", value:\"New builds of Junos OS software are available from Juniper.\");\n\n script_xref(name:\"URL\", value:\"http://kb.juniper.net/JSA10778\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"revisions-lib.inc\");\ninclude(\"version_func.inc\");\n\nif (!version = get_app_version(cpe: CPE, nofork: TRUE))\n exit(0);\n\nif (version =~ \"^15\") {\n if ((revcomp(a: version, b: \"15.1F2-S15\") < 0) &&\n (revcomp(a: version, b: \"15.1F\") >= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"15.1F2-S15\");\n security_message(port: 0, data: report);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"15.1R6\") < 0) &&\n (revcomp(a: version, b: \"15.1R\") >= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"15.1R6\");\n security_message(port: 0, data: report);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"15.1X49-D78\") < 0) &&\n (revcomp(a: version, b: \"15.1X49\") >= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"15.1X49-D78\");\n security_message(port: 0, data: report);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"15.1X53-D63\") < 0) &&\n (revcomp(a: version, b: \"15.1X53\") >= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"15.1X53-D63\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nif (version =~ \"^16\") {\n if (revcomp(a: version, b: \"16.1R3-S3\") < 0) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"16.1R3-S3\");\n security_message(port: 0, data: report);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"16.2R2\") < 0) &&\n (revcomp(a: version, b: \"16.2\") >= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"16.2R2\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nexit(99);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2020-09-14T15:43:03", "description": "According to its self-reported version and configuration, the remote\nJuniper Junos device is affected by a denial of service vulnerability\nin the routing protocol daemon (rpd) when handling a specially crafted\nBGP UPDATE. An unauthenticated, remote attacker can exploit this to\nrepeatedly crash and restart the rpd daemon.\n\nNessus has not tested for this issue but has instead relied only on\nthe device's self-reported version and current configuration.", "edition": 12, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-04-20T00:00:00", "title": "Juniper Junos Routing Process Daemon BGP UPDATE DoS (JSA10778)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-2313"], "modified": "2017-04-20T00:00:00", "cpe": ["cpe:/o:juniper:junos"], "id": "JUNIPER_JSA10778.NASL", "href": "https://www.tenable.com/plugins/nessus/99525", "sourceData": "#TRUSTED 5b9bf7aa0b98e9faf60caf8adf90a136e0cbd3d2e6a0e6b99b395eda8be20ea679ec40bac7cd86506c9921c0bb2bbc762457716957794532d7a93b4906b28b29fceeb330fcd8641f1f8ff723a35cc804eb003d420112df680d4cf0c56baead3c27066af5488c38ae2a12776a66ec1fb23b507b861b768113ea4062a5c88f7f4b44f731484bfb8d0d4da816d923985a51cec1885ecae60be7219ee4e24a2090db33c3f9ac62c852478ce7f09379b4ccbc20c38ec8ea34bf39b572f67fef84bf3886a5035b1de54a5b55d7c78db8eb74ece544c87aa68916db9d236e292b0cdba751296b373b3d56fc77f3f257412ab7366f40325748de41c06ba3bda16aece7567b35bf74d0104b68665196057bf208c263738d5fc94c63cff2732cd9634ef123e4c06efb01b08e6c9f82108b4e988abf8bceea65bb8ca52ceef2c9d1ca37e5cb618abf0c10d0a2b63a1bc0d9875c33cacab8226a38e519a53c8b432234c1eb5f7c740001c9852e227311c02e51b05a2b25207c024a086691e1da39a9a8efa6cb1bfc8936ea854f0dc4a51263f8a19d1b56c315a79063fca067d3230b366aaa1927922ed499aeb7bb09ea6e1925e6aac38a1e0ebc0ad7ea2d5fa851b61923d51707d644e96c5f276d5a22850f5f73cf12aae4cdc79ad65132cc6f284781160aa7d7b1b86429482dbcb1e101e08c601576410be7b2e57e9dc23efc18e957b02b21\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99525);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2018/08/10\");\n\n script_cve_id(\"CVE-2017-2313\");\n script_bugtraq_id(97606);\n script_xref(name:\"JSA\", value:\"JSA10778\");\n\n script_name(english:\"Juniper Junos Routing Process Daemon BGP UPDATE DoS (JSA10778)\");\n script_summary(english:\"Checks the Junos version and configuration.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is affected by a denial of service vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version and configuration, the remote\nJuniper Junos device is affected by a denial of service vulnerability\nin the routing protocol daemon (rpd) when handling a specially crafted\nBGP UPDATE. An unauthenticated, remote attacker can exploit this to\nrepeatedly crash and restart the rpd daemon.\n\nNessus has not tested for this issue but has instead relied only on\nthe device's self-reported version and current configuration.\");\n # https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10778&actp=METADATA\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?910a6d37\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the relevant Junos software release or workaround referenced in\nJuniper advisory JSA10778.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:juniper:junos\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Junos Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"junos_version.nasl\");\n script_require_keys(\"Host/Juniper/JUNOS/Version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"junos_kb_cmd_func.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');\n# Commands ran may not be available on all models\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nfixes = make_array();\n\nfixes['15.1F2'] = '15.1F2-S15';\nfixes['15.1F5'] = '15.1F5-S7';\nfixes['15.1F6'] = '15.1F6-S5';\nfixes['15.1F'] = '15.1F7';\nfixes['15.1R4'] = '15.1R4-S7';\nfixes['15.1R5'] = '15.1R5-S2';\nfixes['15.1R'] = '15.1R6';\nfixes['15.1X49'] = '15.1X49-D78'; # or 15.1X49-D80\nfixes['15.1X53'] = '15.1X53-D63'; # or 15.1X53-D70 or 15.1X53-D230\nfixes['16.1R3'] = '16.1R3-S3';\nfixes['16.1'] = '16.1R4';\nfixes['16.2R1'] = '16.2R1-S3';\nfixes['16.2'] = '16.2R2';\nfixes['17.1'] = '17.1R1';\nfixes['17.2'] = '17.2R1';\n\nfix = check_junos(ver:ver, fixes:fixes, exit_on_fail:TRUE);\n\noverride = TRUE;\nbuf = junos_command_kb_item(cmd:\"show bgp neighbor\");\nif (buf)\n{\n if (preg(string:buf, pattern:\"BGP.* instance is not running\", icase:TRUE, multiline:TRUE))\n audit(AUDIT_HOST_NOT, \"affected because BGP is not enabled\"); \n else\n override = FALSE;\n}\n\njunos_report(ver:ver, fix:fix, override:override, severity:SECURITY_HOLE);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}]}
