Rapid7 Vulnerability & Exploit Database

Juniper Junos OS: Mitigation techniques for BGP updates containing malformed attributes (JSA10491)

Back to Search

Juniper Junos OS: Mitigation techniques for BGP updates containing malformed attributes (JSA10491)

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
09/01/2011
Created
07/25/2018
Added
05/07/2014
Modified
05/07/2014

Description

Recently, there have been a number of occurrences of corrupt optional, transitive attributes being sent via BGP into the Internet. Routers that do not recognize the optional attribute ignore them and pass them along. The first router along the path that does understand the attribute and determines it to be corrupt will send a NOTIFICATION and close the BGP session. One such type of optional, transitive attribute with sparse vendor support is ATTR_SET (type code 128), as defined in draft-ietf-l3vpn-ibgp. Note that Junos 8.x and earlier does not include support for 4-byte ASNs and therefore would not recognize corruption in attributes specific to 4-byte ASNs.

Solution(s)

  • juniper-junos-os-upgrade-latest

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;