[nsp-sec] Junos: rpd crash due to crafted BGP UPDATE (CVE-2017-2313)
Damian Menscher
damian at google.com
Sat Apr 15 11:52:48 EDT 2017
I noticed that Juniper's latest set of advisories includes an rpd crash
with no description of the bug or workaround listed [0]. Does anyone have
more details on this vulnerability? Pushing a new Junos release is risky,
but without any known workaround it doesn't seem like there's an
alternative.
Also, please update this thread if you hear of exploits in the wild (the
advisory says there aren't any, but I assume the patch can be reverse
engineered). Given it's Easter weekend, it wouldn't surprise me if many
networks remain vulnerable for a while.
[0] https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10778
Damian
More information about the nsp-security
mailing list