Operating System:

[Juniper]

Published:

09 October 2014

Protect yourself against future threats.

//Service

Incident Management

Whether it is proactive or reactive services you're after, we will help you detect, interpret and respond to attacks from across the globe.

Read more
Resources > Security Bulletins > ESB-2014.1802 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2014.1802
         JunosE: SRP Reset upon receipt of a malformed ICMP packet
            when icmpTraffic logging is enabled (CVE-2014-6377)
                              9 October 2014

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           JunosE
Publisher:         Juniper Networks
Operating System:  Juniper
Impact/Access:     Denial of Service -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2014-6377  

Original Bulletin: 
   http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10651

- --------------------------BEGIN INCLUDED TEXT--------------------

2014-10 Security Bulletin: JunosE: SRP Reset upon receipt of a malformed ICMP
packet when icmpTraffic logging is enabled (CVE-2014-6377)

Categories:

E-series

JunosE

SIRT Advisory

Security Advisories ID: JSA10651

Last Updated: 08 Oct 2014

Version: 1.0

PRODUCT AFFECTED:

This issue can affect all E Series routers running an affected release that 
are accessible via ICMP.

PROBLEM:

Receipt of a specifically malformed ICMP packet sent to the interface or 
loopback IP address of an E Series router while icmpTraffic logging is enabled
may lead to an SRP reset, type: processor exception 0x300 (data access), in 
task: ip_RxData_8. In a redundant SRP configuration, the system will recover 
immediately. However, additional malformed packets may cause follow-on SRP 
resets and lead to an extended service outage.

Juniper SIRT is not aware of any malicious exploitation of this vulnerability.

No other Juniper Networks products or platforms are affected by this issue.

This issue has been assigned CVE-2014-6377.

SOLUTION:

JunosE releases containing the fix specifically include: 13.3.3p0-1, 14.3.2, 
15.1.0, and all subsequent releases.

This issue is being tracked as CQ 97568 and is visible on the Customer Support
website.

KB16765 - "In which releases are vulnerabilities fixed?" describes which 
release vulnerabilities are fixed as per our End of Engineering and End of 
Life support policies.

WORKAROUND:

Disable icmpTraffic logging if active ICMP troublshooting is not being 
performed.

Use access lists or firewall filters to limit access to the router via ICMP 
only from trusted hosts.

IMPLEMENTATION:

How to obtain fixed software:

Security vulnerabilities in JunosE are fixed in the next available Maintenance
Release of each supported JunosE version. In some cases, a Maintenance Release
is not planned to be available in an appropriate time-frame. For these cases,
JunosE patches are made available in order to be more timely. Security 
Advisory and Security Notices will indicate which Maintenance and patch 
releases contain fixes for the issues described. Upon request to JTAC, 
customers will be provided download instructions for a patch release. Although
Juniper does not provide formal Release Note documentation for a patch 
release, a list of resolved defects are published via Patch Release Histories
available on the download page.

RELATED LINKS:

KB16613: Overview of the Juniper Networks SIRT Monthly Security Bulletin 
Publication Process

KB16765: In which releases are vulnerabilities fixed?

KB16446: Common Vulnerability Scoring System (CVSS) and Juniper's Security 
Advisories

Report a Vulnerability - How to Contact the Juniper Networks Security Incident
Response Team

CVE-2014-6377: SRP Reset upon receipt of a malformed ICMP packet

CVSS SCORE:

7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C)

RISK LEVEL:

High

RISK ASSESSMENT:

Information for how Juniper Networks uses CVSS can be found at KB 16446 
"Common Vulnerability Scoring System (CVSS) and Juniper's Security 
Advisories."

ACKNOWLEDGEMENTS:

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVDXv2hLndAQH1ShLAQKZUw//fEWR9xR189AiMzl3k9FM7v8FE63IOgnO
W/myzHXziQMfKfyeIZKV9WEoo/WX92uO1eZrEEROBgown3kr4kl4QQPvCJFmoFch
qkzs8+rXefuCiMNqBOWcgJspTXM0oTiS88dpQEYbzWIh1vJOsxvuT4e8bzj1CEFQ
5uobn80KQkAIArfwUM5fjo1sb4vs95O9YiEVFad9zZLWFDSwaB016E+s2DZEwbIP
X/ulLPKn6k5DAONg4up+K3JjmyFDdLEq6bsWZ80bm41Hse3h36fT0xzVnUscTpGa
4ITXpMl6S0WnO7m3xJrxAIRjlCH5jiw/0vJQTEQLoGbuXDMZEABaJsXccrCoYrWu
tNpiuB7vqJ8P2YpxX2tBdB2+bzF/okkP8eJDFqYJmb+5IUq2vUuoUe6l0wqCdwAp
QlK1HlvErpfSMKWVvcWZd0Jkt/IJU/UXCWByVV5VCYlKpbQCKPq9i4TmmG5rCGz2
EVxfMxvQlZ2uBlS8ZXEQeRVNjkZmmnH/iVT3TKi1ybPxaEfgEacv6ppLuz0GnWyW
4KtSEsqXYOesDU266ynk2FI3JnaYy6nPUkgN01dcV5j5B+qmFvC8NCvtyXLXQ0rv
YdMbivUaABXsNckcPPD3IpUzXItLTRtnhP6PC1g4jN6f5NKAVJeWABPlRC1V58XD
fV/ZKkA5TS0=
=jNwl
-----END PGP SIGNATURE-----