Remote Security Restriction Bypass for multiple Juniper Products

Release date:
Updated on:

Affected Systems:
Juniper Networks JUNOS <13.x
Juniper Networks screnos <6.3.0
Juniper Networks JUNOSe
Description:
--------------------------------------------------------------------------------
Bugtraq id: 65169
CVE (CAN) ID: CVE-2013-7313

Juniper Networks is a network communication equipment company founded in February 1996. It mainly supplies IP Networks and information security solutions.

Juniper Junos 13. in OSPF implementation in versions earlier than x, JunosE, and screano6.3.x, the duplicate link status ID value in the Link Status advertisement (LSA) packet is not considered before LSA database operations are performed, this allows remote attackers to use specially crafted LSA data packets, resulting in denial of service (route interruption) or sensitive data packet information.

<* Source: Dr. Gabi Nakibly
Eitan Menahem
Ariel Waizel
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Juniper Networks
----------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://kb.juniper.net/InfoCenter

Reference: http://kb.juniper.net/InfoCenter/index? Page = content & id = JSA10582 & cat = SIRT_1 & actp =
LIST