[j-nsp] JUNOS Vulnerability

[Eric Van Tol]

Phil,
When I originally emailed out, I was merely conveying our experience
thus far with the newest release, I didn't realize that there would be
so many questions about it!  In any case, yes, it is just a mere
annoyance. 

Again, everything else appears to be working just fine.  I would still
like to know, though, if the vulnerability was in fact a BGP-related
vulnerability like the recently released Cisco notification, although I
fully understand that confirming or denying this on a public forum will
most likely not occur.  Do the SEs and/or Sales team have more details
on the exact nature of the vulnerability?

-evt

-----Original Message-----
From: Phil Shafer [mailto:phil at juniper.net] 
Sent: Thursday, January 27, 2005 11:12 AM
To: Eric Van Tol
Cc: juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] JUNOS Vulnerability 

Eric Van Tol writes:
>## Warning: missing mandatory statement(s): 'members'

The bug is when the foreground config is missing a mandatory
statement, we report it without checking to see if the statement
will be inherited at commit time from an applied group.  The
commit succeeds, but "show" output is annotated with the
warning.

[edit]
root at dent# show 
groups {
    super {
        system {
            login {
                user <*> {
                    class super-user;
                }
            }
        }
    }
}
system {
    login {
        user phil {
            apply-groups super;
            full-name Super-Phil;
            ## Warning: missing mandatory statement(s): 'class'
        }
    }
}

We were trying to avoid incurring the inheritance tax while doing
simple "show" output, but you're right that it's annoying to
see inaccurate warnings.  It's now PR 56101.

Thanks,
 Phil