[nsp-sec] Crafted bgp update msg may cause slave reto crashJunOS.

Barry Raveendran Greene bgreene at senki.org
Fri Sep 19 11:08:49 EDT 2008 

The Security Bulleting/PSN - 2008-09-005 is different and some would say
very low risk. Ping me with your PGP if you would like clarity on this one.

This would save time getting the details through your SE or JTAC engineer.
 

> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net 
> [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of Jared Mauch
> Sent: Thursday, September 18, 2008 3:27 PM
> To: Sayadian, Greg
> Cc: Donald.Smith at qwest.com; robt at cymru.com; 
> nsp-security at puck.nether.net
> Subject: Re: [nsp-sec] Crafted bgp update msg may cause slave 
> reto crashJunOS.
> 
> ----------- nsp-security Confidential --------
> 
> 	Cisco posted what this was a few days ago, I asked 
> PSIRT to comment and they did not.
> 
> 
> CSCsk69927 Resolved in 12.2(18)SXF15
> 
> Symptoms:
> 
> All the BGP routes are dropped when IOS device receives BGP 
> update with atomic-aggregate length as 254 (0xfe).
> 
> Conditions: The topology consists of two eBGP peers with test 
> traffic across the link.
> 
> The BGP process does not crash, and routes are not restored 
> after the event.
> 
> Workaround: None
> 
> More info: This is a PSIRT issue which exists in almost all 
> the releases/branches 
> 	
> On Thu, Sep 18, 2008 at 06:14:50PM -0400, Sayadian, Greg wrote:
> > ----------- nsp-security Confidential --------
> > 
> > Does md5 hashing save you?
> > ------Original Message------
> > From: Chris Morrow
> > To: Smith, Donald
> > Cc: Rob Thomas
> > Cc: nsp-security at puck.nether.net
> > Sent: Sep 18, 2008 5:17 PM
> > Subject: Re: [nsp-sec] Crafted bgp update msg may cause 
> slave re to crashJunOS.
> > 
> > ----------- nsp-security Confidential --------
> > 
> > maybe paul can shed some light? or barry?? I've seen a few 
> RE crashes 
> > on our side that ended up looking like some wierd routing 
> update thing 
> > :(
> > 
> > -Chris
> > 
> > On Thu, 18 Sep 2008, Smith, Donald wrote:
> > 
> > > ----------- nsp-security Confidential --------
> > >
> > > I have not tried to recreate this in the lab.
> > > Because I don't have any detailed information.
> > >
> > > donald.smith at qwest.com giac
> > >
> > > ________________________________
> > >
> > > From: Rob Thomas [mailto:robt at cymru.com]
> > > Sent: Thu 9/18/2008 2:59 PM
> > > To: Smith, Donald
> > > Cc: nsp-security at puck.nether.net
> > > Subject: Re: [nsp-sec] Crafted bgp update msg may cause 
> slave re to crashJunOS.
> > >
> > >
> > >
> > > Are there any specific packet characteristics (number of octets, 
> > > flags,
> > > something) on which flow queries could be based?  :)
> > >
> > >
> > > Smith, Donald wrote:
> > >> ----------- nsp-security Confidential --------
> > >>
> > >> Most of you should have already seen this.
> > >>
> > >> Subject: New Juniper Technical Bulletin - PSN-2008-09-005
> > >>
> > >> The Juniper Networks Technical Assistance Center (JTAC) 
> announces 
> > >> the following Technical Bulletin that is available on 
> our Customer 
> > >> Support Center website.
> > >>
> > >> You will need a valid login ID on www.juniper.net in 
> order to view 
> > >> the full description.
> > >>
> > >> Technical Bulletin Subject: Crafted BGP UPDATE messages 
> can cause 
> > >> slave Routing Engines to crash
> > >>
> > >> Detailed information can be found at the following URL 
> (login required):
> > >> 
> http://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2008
> > >> -09-0
> > >> 05&actionBtn=Search
> > >>
> > >> If you do not have a valid login ID, you can submit your 
> > >> application at the following URL:
> > >> http://www.juniper.net/registration/register.jsp
> > >>
> > >> NOTE: A Technical Bulletin is a formal notice regarding critical 
> > >> and/or potentially service-affecting hardware and 
> software product 
> > >> issues. The Technical Bulletin process allows the proactive 
> > >> communication of pertinent information to both customers 
> and partners.
> > >>
> > >> For further information, please contact the Juniper Technical 
> > >> Assistance
> > >> Center(JTAC) by e-mail at support at juniper.net, or by phone:
> > >>
> > >> (888) 314-JTAC (within the US)
> > >> +1 408-745-2121 (outside the US)
> > >>
> > >>
> > >>
> > >> H8Hz
> > >> Donald.Smith at qwest.com giac
> > >>
> > >>
> > >> This communication is the property of Qwest and may contain 
> > >> confidential or privileged information. Unauthorized use of this 
> > >> communication is strictly prohibited and may be 
> unlawful.  If you 
> > >> have received this communication in error, please immediately 
> > >> notify the sender by reply e-mail and destroy all copies 
> of the communication and any attachments.
> > >>
> > >>
> > >> _______________________________________________
> > >> nsp-security mailing list
> > >> nsp-security at puck.nether.net
> > >> https://puck.nether.net/mailman/listinfo/nsp-security
> > >>
> > >> Please do not Forward, CC, or BCC this E-mail outside of the 
> > >> nsp-security community. Confidentiality is essential for 
> effective Internet security counter-measures.
> > >> _______________________________________________
> > >
> > > --
> > > Rob Thomas
> > > Team Cymru
> > > http://www.team-cymru.org/
> > > cmn_err(CEO_PANIC, "Out of coffee!");
> > >
> > >
> > >
> > >
> > >
> > > _______________________________________________
> > > nsp-security mailing list
> > > nsp-security at puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/nsp-security
> > >
> > > Please do not Forward, CC, or BCC this E-mail outside of the 
> > > nsp-security community. Confidentiality is essential for 
> effective Internet security counter-measures.
> > > _______________________________________________
> > >
> > 
> > 
> > _______________________________________________
> > nsp-security mailing list
> > nsp-security at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/nsp-security
> > 
> > Please do not Forward, CC, or BCC this E-mail outside of the 
> > nsp-security community. Confidentiality is essential for 
> effective Internet security counter-measures.
> > _______________________________________________
> > 
> > 
> > <><
> > Greg Sayadian
> > IT Security
> > 
> > 
> > _______________________________________________
> > nsp-security mailing list
> > nsp-security at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/nsp-security
> > 
> > Please do not Forward, CC, or BCC this E-mail outside of the 
> > nsp-security community. Confidentiality is essential for 
> effective Internet security counter-measures.
> > _______________________________________________
> 
> --
> Jared Mauch | I work for but do not always represent NTT 
> America list admin  | +1 313 506 4307 * send list policy questions to 
>             | nsp-security-owner at puck.nether.net
> 
> 
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
> 
> Please do not Forward, CC, or BCC this E-mail outside of the 
> nsp-security
> community. Confidentiality is essential for effective 
> Internet security counter-measures.
> _______________________________________________
>

More information about the nsp-security mailing list