[nsp-sec] Crafted bgp update msg may cause slave re to crashJunOS.

Thu Sep 18 17:17:39 EDT 2008

maybe paul can shed some light? or barry?? I've seen a few RE crashes on 
our side that ended up looking like some wierd routing update thing :(

-Chris

On Thu, 18 Sep 2008, Smith, Donald wrote:

> ----------- nsp-security Confidential --------
>
> I have not tried to recreate this in the lab.
> Because I don't have any detailed information.
>
> donald.smith at qwest.com giac
>
> ________________________________
>
> From: Rob Thomas [mailto:robt at cymru.com]
> Sent: Thu 9/18/2008 2:59 PM
> To: Smith, Donald
> Cc: nsp-security at puck.nether.net
> Subject: Re: [nsp-sec] Crafted bgp update msg may cause slave re to crashJunOS.
>
>
>
> Are there any specific packet characteristics (number of octets, flags,
> something) on which flow queries could be based?  :)
>
>
> Smith, Donald wrote:
>> ----------- nsp-security Confidential --------
>>
>> Most of you should have already seen this.
>>
>> Subject: New Juniper Technical Bulletin - PSN-2008-09-005
>>
>> The Juniper Networks Technical Assistance Center (JTAC) announces the
>> following Technical Bulletin that is available on our Customer Support
>> Center website.
>>
>> You will need a valid login ID on www.juniper.net in order to view the
>> full description.
>>
>> Technical Bulletin Subject: Crafted BGP UPDATE messages can cause slave
>> Routing Engines to crash
>>
>> Detailed information can be found at the following URL (login required):
>> http://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2008-09-0
>> 05&actionBtn=Search
>>
>> If you do not have a valid login ID, you can submit your application at
>> the following URL:
>> http://www.juniper.net/registration/register.jsp
>>
>> NOTE: A Technical Bulletin is a formal notice regarding critical and/or
>> potentially service-affecting hardware and software product issues. The
>> Technical Bulletin process allows the proactive communication of
>> pertinent information to both customers and partners.
>>
>> For further information, please contact the Juniper Technical Assistance
>> Center(JTAC) by e-mail at support at juniper.net, or by phone:
>>
>> (888) 314-JTAC (within the US)
>> +1 408-745-2121 (outside the US)
>>
>>
>>
>> H8Hz
>> Donald.Smith at qwest.com giac
>>
>>
>> This communication is the property of Qwest and may contain confidential or
>> privileged information. Unauthorized use of this communication is strictly
>> prohibited and may be unlawful.  If you have received this communication
>> in error, please immediately notify the sender by reply e-mail and destroy
>> all copies of the communication and any attachments.
>>
>>
>> _______________________________________________
>> nsp-security mailing list
>> nsp-security at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/nsp-security
>>
>> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
>> community. Confidentiality is essential for effective Internet security counter-measures.
>> _______________________________________________
>
> --
> Rob Thomas
> Team Cymru
> http://www.team-cymru.org/
> cmn_err(CEO_PANIC, "Out of coffee!");
>
>
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
>