Juniper Junos BGP UPDATE Malformed ATTR_SET Attribute Remote DoS (PSN-2012-01-472)
2012-01-23T00:00:00
ID JUNIPER_PSN-2012-01-472.NASL Type nessus Reporter Tenable Modified 2013-10-18T00:00:00
Description
According to its self-reported version number, the version of Junos running on the remote device has a denial of service vulnerability.
Processing a BGP UPDATE containing a corrupted ATTR_SET attribute can result in an rpd crash.
This issue only affects routers configured for BGP running Junos 10.2 or later that do no thave the 'independent-domain' routing option enabled.
A remote, unauthenticated attacker could exploit this to crash the rpd service.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(57637);
script_version("$Revision: 1.5 $");
script_cvs_date("$Date: 2013/10/18 13:33:24 $");
script_osvdb_id(78849);
script_name(english:"Juniper Junos BGP UPDATE Malformed ATTR_SET Attribute Remote DoS (PSN-2012-01-472)");
script_summary(english:"Checks model & version");
script_set_attribute(
attribute:"synopsis",
value:"The remote router has a denial of service vulnerability."
);
script_set_attribute(
attribute:"description",
value:
"According to its self-reported version number, the version of Junos
running on the remote device has a denial of service vulnerability.
Processing a BGP UPDATE containing a corrupted ATTR_SET attribute can
result in an rpd crash.
This issue only affects routers configured for BGP running Junos 10.2
or later that do no thave the 'independent-domain' routing option
enabled.
A remote, unauthenticated attacker could exploit this to crash the
rpd service."
);
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f3a49b99");
script_set_attribute(
attribute:"solution",
value:
"Apply the relevant Junos upgrade referenced in Juniper advisory
PSN-2012-01-472."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
script_set_attribute(attribute:"vuln_publication_date", value:"2012/01/11");
script_set_attribute(attribute:"patch_publication_date", value:"2012/01/11");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/23");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/o:juniper:junos");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Junos Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.");
script_dependencies("junos_version.nasl");
script_require_keys("Host/Juniper/model", "Host/Juniper/JUNOS/Version");
exit(0);
}
include("misc_func.inc");
include("junos.inc");
fixes['10.4'] = '10.4R8';
fixes['11.1'] = '11.1R6';
fixes['11.2'] = '11.2R4';
fixes['11.3'] = '11.3R3';
fixes['11.4'] = '11.4R1';
model = get_kb_item_or_exit('Host/Juniper/model');
ver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');
check_model(model:model, flags:ALL_ROUTERS, exit_on_fail:TRUE);
fix = check_junos(ver:ver, fixes:fixes, exit_on_fail:TRUE);
if (report_verbosity > 0)
{
report = get_report(ver:ver, fix:fix, model:model);
security_warning(port:0, extra:report);
}
else security_warning(0);
{"id": "JUNIPER_PSN-2012-01-472.NASL", "bulletinFamily": "scanner", "title": "Juniper Junos BGP UPDATE Malformed ATTR_SET Attribute Remote DoS (PSN-2012-01-472)", "description": "According to its self-reported version number, the version of Junos running on the remote device has a denial of service vulnerability.\nProcessing a BGP UPDATE containing a corrupted ATTR_SET attribute can result in an rpd crash.\n\nThis issue only affects routers configured for BGP running Junos 10.2 or later that do no thave the 'independent-domain' routing option enabled.\n\nA remote, unauthenticated attacker could exploit this to crash the rpd service.", "published": "2012-01-23T00:00:00", "modified": "2013-10-18T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=57637", "reporter": "Tenable", "references": ["http://www.nessus.org/u?f3a49b99"], "cvelist": [], "type": "nessus", "lastseen": "2017-10-29T13:37:15", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "According to its self-reported version number, the version of Junos running on the remote device has a denial of service vulnerability.\nProcessing a BGP UPDATE containing a corrupted ATTR_SET attribute can result in an rpd crash.\n\nThis issue only affects routers configured for BGP running Junos 10.2 or later that do no thave the 'independent-domain' routing option enabled.\n\nA remote, unauthenticated attacker could exploit this to crash the rpd service.", "edition": 1, "enchantments": {}, "hash": "80e880bfba5e9ff6ed4176dbda024b453a7641e61864d5c3c627ce7c1cb68f09", "hashmap": [{"hash": "876622065d0dc707f239ebe53e1387bf", "key": "title"}, {"hash": "f44fb98241ad612bdd34e6e796e60393", "key": "naslFamily"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "a694efed67e9c021e11763896554a69c", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "959485c199dd202d783ef6b8689dd697", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "8911b89f23a5ba8f9ddc59bfc2c9370e", "key": "href"}, {"hash": "ff9bcc242d3db94c42f116e664599578", "key": "description"}, {"hash": "09c4461041ebddeeafe033ff76f7d8c0", "key": "references"}, {"hash": "55cba0906a756d7bf70fe3271cb9d2e5", "key": "pluginID"}, {"hash": "78153ef0cb035180595f421e0e54f58e", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=57637", "id": "JUNIPER_PSN-2012-01-472.NASL", "lastseen": "2016-09-26T17:24:20", "modified": "2013-10-18T00:00:00", "naslFamily": "Junos Local Security Checks", "objectVersion": "1.2", "pluginID": "57637", "published": "2012-01-23T00:00:00", "references": ["http://www.nessus.org/u?f3a49b99"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(57637);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2013/10/18 13:33:24 $\");\n script_osvdb_id(78849);\n\n script_name(english:\"Juniper Junos BGP UPDATE Malformed ATTR_SET Attribute Remote DoS (PSN-2012-01-472)\");\n script_summary(english:\"Checks model & version\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote router has a denial of service vulnerability.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"According to its self-reported version number, the version of Junos\nrunning on the remote device has a denial of service vulnerability.\nProcessing a BGP UPDATE containing a corrupted ATTR_SET attribute can\nresult in an rpd crash.\n\nThis issue only affects routers configured for BGP running Junos 10.2\nor later that do no thave the 'independent-domain' routing option\nenabled.\n\nA remote, unauthenticated attacker could exploit this to crash the\nrpd service.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f3a49b99\");\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Apply the relevant Junos upgrade referenced in Juniper advisory\nPSN-2012-01-472.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/23\");\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:juniper:junos\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Junos Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.\");\n\n script_dependencies(\"junos_version.nasl\");\n script_require_keys(\"Host/Juniper/model\", \"Host/Juniper/JUNOS/Version\");\n\n exit(0);\n}\n\ninclude(\"misc_func.inc\");\ninclude(\"junos.inc\");\n\nfixes['10.4'] = '10.4R8';\nfixes['11.1'] = '11.1R6';\nfixes['11.2'] = '11.2R4';\nfixes['11.3'] = '11.3R3';\nfixes['11.4'] = '11.4R1';\n\nmodel = get_kb_item_or_exit('Host/Juniper/model');\nver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');\n\ncheck_model(model:model, flags:ALL_ROUTERS, exit_on_fail:TRUE);\nfix = check_junos(ver:ver, fixes:fixes, exit_on_fail:TRUE);\n\nif (report_verbosity > 0)\n{\n report = get_report(ver:ver, fix:fix, model:model);\n security_warning(port:0, extra:report);\n}\nelse security_warning(0);\n\n", "title": "Juniper Junos BGP UPDATE Malformed ATTR_SET Attribute Remote DoS (PSN-2012-01-472)", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:24:20"}], "edition": 2, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "a9dcf995223f353eda7bf326345d8e06"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "ff9bcc242d3db94c42f116e664599578"}, {"key": "href", "hash": "8911b89f23a5ba8f9ddc59bfc2c9370e"}, {"key": "modified", "hash": "a694efed67e9c021e11763896554a69c"}, {"key": "naslFamily", "hash": "f44fb98241ad612bdd34e6e796e60393"}, {"key": "pluginID", "hash": "55cba0906a756d7bf70fe3271cb9d2e5"}, {"key": "published", "hash": "78153ef0cb035180595f421e0e54f58e"}, {"key": "references", "hash": "09c4461041ebddeeafe033ff76f7d8c0"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "959485c199dd202d783ef6b8689dd697"}, {"key": "title", "hash": "876622065d0dc707f239ebe53e1387bf"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "8b31e755feff0600305bb1d8afeb1803bd748e3b3028f29205988c393debaec5", "viewCount": 0, "enchantments": {"vulnersScore": 5.0}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(57637);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2013/10/18 13:33:24 $\");\n script_osvdb_id(78849);\n\n script_name(english:\"Juniper Junos BGP UPDATE Malformed ATTR_SET Attribute Remote DoS (PSN-2012-01-472)\");\n script_summary(english:\"Checks model & version\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote router has a denial of service vulnerability.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"According to its self-reported version number, the version of Junos\nrunning on the remote device has a denial of service vulnerability.\nProcessing a BGP UPDATE containing a corrupted ATTR_SET attribute can\nresult in an rpd crash.\n\nThis issue only affects routers configured for BGP running Junos 10.2\nor later that do no thave the 'independent-domain' routing option\nenabled.\n\nA remote, unauthenticated attacker could exploit this to crash the\nrpd service.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f3a49b99\");\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Apply the relevant Junos upgrade referenced in Juniper advisory\nPSN-2012-01-472.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/23\");\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:juniper:junos\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Junos Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.\");\n\n script_dependencies(\"junos_version.nasl\");\n script_require_keys(\"Host/Juniper/model\", \"Host/Juniper/JUNOS/Version\");\n\n exit(0);\n}\n\ninclude(\"misc_func.inc\");\ninclude(\"junos.inc\");\n\nfixes['10.4'] = '10.4R8';\nfixes['11.1'] = '11.1R6';\nfixes['11.2'] = '11.2R4';\nfixes['11.3'] = '11.3R3';\nfixes['11.4'] = '11.4R1';\n\nmodel = get_kb_item_or_exit('Host/Juniper/model');\nver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');\n\ncheck_model(model:model, flags:ALL_ROUTERS, exit_on_fail:TRUE);\nfix = check_junos(ver:ver, fixes:fixes, exit_on_fail:TRUE);\n\nif (report_verbosity > 0)\n{\n report = get_report(ver:ver, fix:fix, model:model);\n security_warning(port:0, extra:report);\n}\nelse security_warning(0);\n\n", "naslFamily": "Junos Local Security Checks", "pluginID": "57637", "cpe": ["cpe:/o:juniper:junos"]}