Rapid7 Vulnerability & Exploit Database

Juniper Junos OS: BGP UPDATE with malformed Path Attribute tears down BGP session (JSA10458)

Back to Search

Juniper Junos OS: BGP UPDATE with malformed Path Attribute tears down BGP session (JSA10458)

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
10/01/2010
Created
07/25/2018
Added
05/07/2014
Modified
05/07/2014

Description

Per RFC 4271, Junos will tear down a BGP session upon receiving a malformed UPDATE. The issue is that Junos may recognize optional, transitive attributes that are not yet recognized by other vendors' routers. In this case, non-Junos routers which don't recognize the attribute just pass the UPDATE through with the Partial bit ON. Junos, however, would recognize the path attribute and perform validation. If the packet has errors, a Junos router will send a NOTIFICATION (Error code = 3, UPDATE message error, possible subcodes: 1, 5, or 11) and tear down the BGP session.

Solution(s)

  • juniper-junos-os-upgrade-latest

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;