Rapid7 Vulnerability & Exploit Database

Juniper Junos OS: Corrupted MPLS payload causing in_checksum() errors leading to RE switchover (JSA10504)

Back to Search

Juniper Junos OS: Corrupted MPLS payload causing in_checksum() errors leading to RE switchover (JSA10504)

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
04/01/2012
Created
07/25/2018
Added
05/07/2014
Modified
05/07/2014

Description

Receipt of a high rate of corrupted Pseudo Wire (l2vpn or l2circuit) control words from an adjacent node, which are diverted to the RE without policing, can cause the RE to become overloaded, resulting in an RE switchover (or in single RE environments, a reboot). In extreme cases, the corrupted stream can also trigger sudden FPC reboots due to keepalive failure. Receipt of a high rate of Router Alert (label = 1) MPLS packets with a corrupted payload -- which are typically constrained within an MPLS domain but can traverse multiple physical hops -- can also cause an RE switchover or FPC reboot.

Solution(s)

  • juniper-junos-os-upgrade-latest

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;