[j-nsp] JUNOS Vulnerability

Phil Shafer phil at juniper.net
Thu Jan 27 13:29:15 EST 2005

Richard A Steenbergen writes:
>... have a simple junoscript based system for pushing out 
>new code so that it is easy to manage changes across all routers.

Yah, yah!  More junoscript.  Rah!

>You probably don't 
>want to be sticking random junk in your communities just to work around a 
>silly config parser that makes invalid assumptions.

In general, we try to balance against allowing users to do anything
(including creating empty prefix-lists) with helping users avoid
and detect misconfigurations (such as empty prefix-lists ;^).  It's
not always an easy call, given that one users's meat is another
user's poison.   It's not always an easy call.

In this specific case, it's clearly just a bug.  If the UI lets you
make an empty prefix-list, BGP should honor it.  It's now PR 56110.


More information about the juniper-nsp mailing list