Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2014.1802 JunosE: SRP Reset upon receipt of a malformed ICMP packet when icmpTraffic logging is enabled (CVE-2014-6377) 9 October 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: JunosE Publisher: Juniper Networks Operating System: Juniper Impact/Access: Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2014-6377 Original Bulletin: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10651 - --------------------------BEGIN INCLUDED TEXT-------------------- 2014-10 Security Bulletin: JunosE: SRP Reset upon receipt of a malformed ICMP packet when icmpTraffic logging is enabled (CVE-2014-6377) Categories: E-series JunosE SIRT Advisory Security Advisories ID: JSA10651 Last Updated: 08 Oct 2014 Version: 1.0 PRODUCT AFFECTED: This issue can affect all E Series routers running an affected release that are accessible via ICMP. PROBLEM: Receipt of a specifically malformed ICMP packet sent to the interface or loopback IP address of an E Series router while icmpTraffic logging is enabled may lead to an SRP reset, type: processor exception 0x300 (data access), in task: ip_RxData_8. In a redundant SRP configuration, the system will recover immediately. However, additional malformed packets may cause follow-on SRP resets and lead to an extended service outage. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. No other Juniper Networks products or platforms are affected by this issue. This issue has been assigned CVE-2014-6377. SOLUTION: JunosE releases containing the fix specifically include: 13.3.3p0-1, 14.3.2, 15.1.0, and all subsequent releases. This issue is being tracked as CQ 97568 and is visible on the Customer Support website. KB16765 - "In which releases are vulnerabilities fixed?" describes which release vulnerabilities are fixed as per our End of Engineering and End of Life support policies. WORKAROUND: Disable icmpTraffic logging if active ICMP troublshooting is not being performed. Use access lists or firewall filters to limit access to the router via ICMP only from trusted hosts. IMPLEMENTATION: How to obtain fixed software: Security vulnerabilities in JunosE are fixed in the next available Maintenance Release of each supported JunosE version. In some cases, a Maintenance Release is not planned to be available in an appropriate time-frame. For these cases, JunosE patches are made available in order to be more timely. Security Advisory and Security Notices will indicate which Maintenance and patch releases contain fixes for the issues described. Upon request to JTAC, customers will be provided download instructions for a patch release. Although Juniper does not provide formal Release Note documentation for a patch release, a list of resolved defects are published via Patch Release Histories available on the download page. RELATED LINKS: KB16613: Overview of the Juniper Networks SIRT Monthly Security Bulletin Publication Process KB16765: In which releases are vulnerabilities fixed? KB16446: Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories Report a Vulnerability - How to Contact the Juniper Networks Security Incident Response Team CVE-2014-6377: SRP Reset upon receipt of a malformed ICMP packet CVSS SCORE: 7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C) RISK LEVEL: High RISK ASSESSMENT: Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories." ACKNOWLEDGEMENTS: - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVDXv2hLndAQH1ShLAQKZUw//fEWR9xR189AiMzl3k9FM7v8FE63IOgnO W/myzHXziQMfKfyeIZKV9WEoo/WX92uO1eZrEEROBgown3kr4kl4QQPvCJFmoFch qkzs8+rXefuCiMNqBOWcgJspTXM0oTiS88dpQEYbzWIh1vJOsxvuT4e8bzj1CEFQ 5uobn80KQkAIArfwUM5fjo1sb4vs95O9YiEVFad9zZLWFDSwaB016E+s2DZEwbIP X/ulLPKn6k5DAONg4up+K3JjmyFDdLEq6bsWZ80bm41Hse3h36fT0xzVnUscTpGa 4ITXpMl6S0WnO7m3xJrxAIRjlCH5jiw/0vJQTEQLoGbuXDMZEABaJsXccrCoYrWu tNpiuB7vqJ8P2YpxX2tBdB2+bzF/okkP8eJDFqYJmb+5IUq2vUuoUe6l0wqCdwAp QlK1HlvErpfSMKWVvcWZd0Jkt/IJU/UXCWByVV5VCYlKpbQCKPq9i4TmmG5rCGz2 EVxfMxvQlZ2uBlS8ZXEQeRVNjkZmmnH/iVT3TKi1ybPxaEfgEacv6ppLuz0GnWyW 4KtSEsqXYOesDU266ynk2FI3JnaYy6nPUkgN01dcV5j5B+qmFvC8NCvtyXLXQ0rv YdMbivUaABXsNckcPPD3IpUzXItLTRtnhP6PC1g4jN6f5NKAVJeWABPlRC1V58XD fV/ZKkA5TS0= =jNwl -----END PGP SIGNATURE-----