Details of VAR-200412-0096

ID

VAR-200412-0096

CVE

CVE-2004-0467

TITLE

Juniper JunOS Routing Engine MPLS denial of service

Trust: 0.8

sources: CERT/CC: VU#409555

DESCRIPTION

Juniper JUNOS 5.x through JUNOS 7.x allows remote attackers to cause a denial of service (routing disabled) via a large number of MPLS packets, which are not filtered or verified before being sent to the Routing Engine, which reduces the speed at which other packets are processed. Juniper routers will become severely disrupted when attacked with specially-crafted MPLS packets. Juniper Routers receive a spoofed packet to disrupt service operation (DoS) You can be attacked.Serious denial of service by remote third party (DoS) You can be attacked. The attack could result in a routing service outage on a router affected by this issue. It is reported that this vulnerability exists in all releases of Juniper JUNOS that were built prior to January 7th 2005. A remote attacker may exploit this vulnerability to effectively deny network-based services to legitimate users. This BID will be updated as soon as further information regarding this vulnerability is made public. Juniper Networks Routers is a router product developed by Juniper Networks in the United States. According to the description of Juniper Security Bulletin PSN-2005-01-010: This vulnerability can be triggered by a directly attached neighbor device or a remote attacker who can send some communication packets to the router. Routers running Junos software with this vulnerability exist. Vulnerability that prevents the use of firewall filtering to protect affected routers. TITLE: Juniper JUNOS Unspecified Packet Processing Denial of Service SECUNIA ADVISORY ID: SA14049 VERIFY ADVISORY: http://secunia.com/advisories/14049/ CRITICAL: Moderately critical IMPACT: DoS WHERE: >From remote OPERATING SYSTEM: JUNOS 6.x http://secunia.com/product/3418/ DESCRIPTION: A vulnerability has been reported in JUNOS, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error within the processing of certain network packets. This can be exploited to disrupt the operation of a vulnerable device via some specially crafted network packets. SOLUTION: See the vendor advisory for information about patches. PROVIDED AND/OR DISCOVERED BY: Qwest Communication Software Certification ORIGINAL ADVISORY: Juniper Networks: https://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2005-01-009&actionBtn=Search OTHER REFERENCES: US-CERT VU#409555: http://www.kb.cert.org/vuls/id/409555 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.79

sources: NVD: CVE-2004-0467 // CERT/CC: VU#409555 // JVNDB: JVNDB-2004-000625 // BID: 12379 // VULHUB: VHN-8897 // PACKETSTORM: 35928

AFFECTED PRODUCTS

vendor:	juniper	model:	junos	scope:	eq	version:	6.2	Trust: 1.9
vendor:	juniper	model:	junos	scope:	eq	version:	6.1	Trust: 1.9
vendor:	juniper	model:	junos	scope:	eq	version:	5.7	Trust: 1.9
vendor:	juniper	model:	junos	scope:	eq	version:	5.6	Trust: 1.9
vendor:	juniper	model:	junos	scope:	eq	version:	5.5	Trust: 1.9
vendor:	juniper	model:	junos	scope:	eq	version:	5.4	Trust: 1.9
vendor:	juniper	model:	junos	scope:	eq	version:	5.3	Trust: 1.9
vendor:	juniper	model:	junos	scope:	eq	version:	5.2	Trust: 1.9
vendor:	juniper	model:	junos	scope:	eq	version:	5.1	Trust: 1.9
vendor:	juniper	model:	junos	scope:	eq	version:	5.0	Trust: 1.9
vendor:	juniper	model:	junos	scope:	eq	version:	6.3	Trust: 1.3
vendor:	juniper	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	5.x to 7.x	Trust: 0.8

sources: CERT/CC: VU#409555 // BID: 12379 // JVNDB: JVNDB-2004-000625 // CNNVD: CNNVD-200412-703 // NVD: CVE-2004-0467

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-0467
value:	MEDIUM
Trust: 1.0
CARNEGIE MELLON:	VU#409555
value:	7.09
Trust: 0.8
NVD:	CVE-2004-0467
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200412-703
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-8897
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2004-0467
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-8897
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#409555 // VULHUB: VHN-8897 // JVNDB: JVNDB-2004-000625 // CNNVD: CNNVD-200412-703 // NVD: CVE-2004-0467

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-0467

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200412-703

TYPE

Unknown

Trust: 0.9

sources: BID: 12379 // CNNVD: CNNVD-200412-703

CONFIGURATIONS

sources: JVNDB: JVNDB-2004-000625

PATCH

title:

Top Page

url:

http://www.juniper.net/

Trust: 0.8

sources: JVNDB: JVNDB-2004-000625

EXTERNAL IDS

db:	CERT/CC	id:	VU#409555	Trust: 3.7
db:	BID	id:	12379	Trust: 2.8
db:	NVD	id:	CVE-2004-0467	Trust: 2.8
db:	SECUNIA	id:	14049	Trust: 2.7
db:	SECTRACK	id:	1013039	Trust: 2.5
db:	XF	id:	19094	Trust: 1.4
db:	AUSCERT	id:	ESB-2005.0081	Trust: 0.8
db:	JVNDB	id:	JVNDB-2004-000625	Trust: 0.8
db:	CERT/CC	id:	HTTP://WWW.KB.CERT.ORG/VULS/ID/JSHA-68ZJCQ	Trust: 0.6
db:	REDHAT	id:	RHSA-2005:081	Trust: 0.6
db:	NSFOCUS	id:	7380	Trust: 0.6
db:	CNNVD	id:	CNNVD-200412-703	Trust: 0.6
db:	VULHUB	id:	VHN-8897	Trust: 0.1
db:	PACKETSTORM	id:	35928	Trust: 0.1

sources: CERT/CC: VU#409555 // VULHUB: VHN-8897 // BID: 12379 // JVNDB: JVNDB-2004-000625 // PACKETSTORM: 35928 // CNNVD: CNNVD-200412-703 // NVD: CVE-2004-0467

REFERENCES

url:	http://www.kb.cert.org/vuls/id/409555	Trust: 2.9
url:	http://www.securityfocus.com/bid/12379	Trust: 2.5
url:	http://securitytracker.com/id?1013039	Trust: 2.5
url:	http://secunia.com/advisories/14049	Trust: 2.5
url:	http://www.kb.cert.org/vuls/id/jsha-68zjcq	Trust: 1.7
url:	http://www.niscc.gov.uk/niscc/docs/al-20050126-00067.html?lang=en	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2005-081.html	Trust: 1.7
url:	http://xforce.iss.net/xforce/xfdb/19094	Trust: 1.4
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/19094	Trust: 1.1
url:	http://www.securityfocus.net/bid/12379/	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu%23409555/	Trust: 0.8
url:	http://www.niscc.gov.uk/niscc/docs/al-20050126-00067.html	Trust: 0.8
url:	http://www.auscert.org.au/render.html?it=4757	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0467	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu409555/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2004-0467	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/7380	Trust: 0.6
url:	https://www.juniper.net/alerts/viewalert.jsp?txtalertnumber=psn-2004-06-009&actionbtn=search	Trust: 0.3
url:	http://www.juniper.net/	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	https://www.juniper.net/alerts/viewalert.jsp?txtalertnumber=psn-2005-01-009&actionbtn=search	Trust: 0.1
url:	http://secunia.com/advisories/14049/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/product/3418/	Trust: 0.1

sources: CERT/CC: VU#409555 // VULHUB: VHN-8897 // BID: 12379 // JVNDB: JVNDB-2004-000625 // PACKETSTORM: 35928 // CNNVD: CNNVD-200412-703 // NVD: CVE-2004-0467

CREDITS

US-CERT Qwest Communication Software Certification group

Trust: 0.6

sources: CNNVD: CNNVD-200412-703

SOURCES

db:	CERT/CC	id:	VU#409555
db:	VULHUB	id:	VHN-8897
db:	BID	id:	12379
db:	JVNDB	id:	JVNDB-2004-000625
db:	PACKETSTORM	id:	35928
db:	CNNVD	id:	CNNVD-200412-703
db:	NVD	id:	CVE-2004-0467

LAST UPDATE DATE

2024-08-14T12:48:37.389000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#409555	date:	2006-05-01T00:00:00
db:	VULHUB	id:	VHN-8897	date:	2017-07-11T00:00:00
db:	BID	id:	12379	date:	2009-07-12T10:06:00
db:	JVNDB	id:	JVNDB-2004-000625	date:	2008-11-21T00:00:00
db:	CNNVD	id:	CNNVD-200412-703	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2004-0467	date:	2017-07-11T01:30:10.980

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#409555	date:	2005-01-26T00:00:00
db:	VULHUB	id:	VHN-8897	date:	2004-12-31T00:00:00
db:	BID	id:	12379	date:	2005-01-27T00:00:00
db:	JVNDB	id:	JVNDB-2004-000625	date:	2008-11-21T00:00:00
db:	PACKETSTORM	id:	35928	date:	2005-01-28T05:28:42
db:	CNNVD	id:	CNNVD-200412-703	date:	2004-12-31T00:00:00
db:	NVD	id:	CVE-2004-0467	date:	2004-12-31T05:00:00