{"vuid":"VU#409555","idnumber":"409555","name":"Juniper JunOS Routing Engine MPLS denial of service","keywords":["Juniper","MPLS","denial of service","DoD"],"overview":"Juniper routers will become severely disrupted when attacked with specially crafted MPLS packets.","clean_desc":"Juniper routers running JUNOS have a vulnerability in which specially-crafted MPLS packets can cause normal operation of affected routers to be severely disrupted. According to Juniper's security bulletin PSN-2005-02-004: When an M-series or T-series Juniper routing platform receives\n    certain MPLS packets, the packets are immediately delivered to the \n    Routing Engine (RE) for further processing. This occurs even if \n    packets are received on an interface which is not enabled for MPLS \n    processing, or if the router is not configured to process MPLS \n    packets at all. Furthermore, these MPLS packets are delivered without\n    any further processing by the hardware, thus bypassing all \n    attempts at limiting the number of, or otherwise filtering, the \n    packets. A large stream of these MPLS packets can overload \n    internal communication paths and interfere with the timely \n    processing of other packets. It is important to note an attacker does not need to directly connected to a router in order to exploit this vulnerability. According to PSN-2005-02-004: This vulnerability can be exploited by an attacker directly \n    attached to a Juniper Networks M-series or T-series routing\n    platform, even if the interface to which the attacker is attached\n    is not enabled for MPLS. An attacker not directly attached to the\n    routing platform can exploit this vulnerability on transit Label\n    Switch Routers within an Internet Service Provider's MPLS-enabled\n    core network. Please see the Juniper Vendor statement document for additional configuration changes that may provide partial mitigation of one potential attack vector.","impact":"A remote, unauthenticated attacker may cause severe operational disruption to affected Juniper routers. Affected routers will suffer an effective denial of routing service when this vulnerability is exploited.","resolution":"Please see the vendor statement with relevant patches. Users registered at Juniper's support site should visit  https://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2005-02-004&actionBtn=Search\nThis vulnerability is present in all JUNOS software releases built prior to January 6, 2005.","workarounds":"According to Juniper, it is not possible to use network filters to protect vulnerable routers. Vulnerable routers must be updated in order to completely mitigate this vulnerability.","sysaffected":"","thanks":"Juniper has thanked Qwest Communication Software Certification team for bringing this issue to their attention.","author":"This document was written by Jeffrey S. Havrilla.","public":["http://www.securityfocus.net/bid/12379/","http://jvn.jp/cert/JVNVU%23409555/","http://www.niscc.gov.uk/niscc/docs/al-20050126-00067.html","http://www.auscert.org.au/render.html?it=4757"],"cveids":["CVE-2004-0467"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2005-01-19T15:44:46Z","publicdate":"2005-01-26T00:00:00Z","datefirstpublished":"2005-01-26T16:30:57Z","dateupdated":"2006-05-01T20:04:12Z","revision":11,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"10","cam_exploitation":"0","cam_internetinfrastructure":"20","cam_population":"20","cam_impact":"18","cam_easeofexploitation":"5","cam_attackeraccessrequired":"7","cam_scorecurrent":"7.0875","cam_scorecurrentwidelyknown":"9.45","cam_scorecurrentwidelyknownexploited":"14.175","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":7.0875,"vulnote":null}