[j-nsp] CVE-2023-4481
Tobias Heister
lists at tobias-heister.de
Sun Sep 17 09:07:26 EDT 2023
Hi,
On 11.09.2023 19:55, Tom Beecher wrote:
> Which in theory opens a new attack vector for the future.
>
>
> What is the attack vector you foresee for a route sitting as hidden with
> the potentially offending attributes stripped off?
It is theoretical, but if you do $something with a prefix and maybe even
the "malformed" attribute and do not throw the prefix away completely
$something in parsing and keeping the prefix further down the line could
stumble over $whatever else makes the prefix special.
This implies "problems"/bugs in the code parsing the prefix and its
attributes, which can be assumed to not exist, but doing $something is
more likely to hit a problem than not doing $something.
By keeping the prefix and doing $something with it you do more than
before and might hit a code path that was not hit before when the
session was reseted or when the prefixes are just discarded.
In an ideal world where all code and parsing is perfect all is fine.
Do i think this is likely or a real world problem we will hit soon?
Probably not. Do i think that it is a theoretic vector to hit problems
not yet seen in the wild at some point? Yes I do.
So, like with all features and knobs, you might want to consider whether
it brings you any benefit to keep the prefixes in hidden state or
"minimize" processing of things you will maybe never look at.
regards
Tobias
More information about the juniper-nsp
mailing list