ID

VAR-200712-0088

CVE

CVE-2007-6372

TITLE

BGP implementations do not properly handle UPDATE messages

DESCRIPTION

Unspecified vulnerability in Juniper JUNOS 7.3 through 8.4 allows remote attackers to cause a denial of service (crash) via malformed BGP packets, possibly BGP UPDATE packets that trigger session flapping. BGP implementations from multiple vendors including Juniper may not properly handle specially crafted BGP UPDATE messages. These vulnerabilities could allow an unauthenticated, remote attacker to cause a denial of service. Disrupting BGP communication could lead to routing instability. BGP implementations from multiple vendors including Juniper may not properly handle specially crafted BGP UPDATE messages. These vulnerabilities could allow an unauthenticated, remote attacker to cause a denial of service. Disrupting BGP communication could lead to routing instability. Border Gateway Protocol (BGP) Is AS (Autonomous System) A widely used routing protocol. Between peer routers BGP The exchange of route information by means of is important in the stable operation of the Internet. Versions of JUNOS from 7.3 to 8.4 are reported vulnerable. NOTE: Multiple sources report that upgrading to JUNOS 8.5R1 or above will solve this issue, but this could not be confirmed at the time of writing. It has been assigned its own record because details regarding what technologies are vulnerable and how the various vendors have implemented BGP are not currently available. As more information emerges, we will create individual records to further document the vulnerability for the various vulnerable technologies. AlaxalA Networks AX series and Hitachi GR series are reported vulnerable to this issue. Unspecified technologies from Avici Systems, Inc., Century Systems Inc., and Yamaha Corporation are also reported vulnerable. Juniper Networks Juniper Junos is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware system. The operating system provides a secure programming interface and Junos SDK. There is a loophole in the implementation of the BGP protocol in JUNOS, and a remote attacker may take advantage of this loophole. ---------------------------------------------------------------------- Secunia Network Software Inspector 2.0 (NSI) - Public Beta The Public Beta has ended. Thanks to all that participated. Learn more: http://secunia.com/network_software_inspector_2/ ---------------------------------------------------------------------- TITLE: ALAXALA Networks AX Series BGP UPDATE Message Processing Denial of Service SECUNIA ADVISORY ID: SA30054 VERIFY ADVISORY: http://secunia.com/advisories/30054/ CRITICAL: Moderately critical IMPACT: DoS WHERE: >From remote OPERATING SYSTEM: ALAXALA Networks AX7800S Series http://secunia.com/product/5125/ ALAXALA Networks AX7800R Series http://secunia.com/product/5124/ ALAXALA Networks AX7700R http://secunia.com/product/11176/ ALAXALA Networks AX5400S Series http://secunia.com/product/5126/ ALAXALA Networks AX3600S Series http://secunia.com/product/11174/ ALAXALA Networks AX2400S Series http://secunia.com/product/11175/ ALAXALA Networks AX2000R Series http://secunia.com/product/11177/ DESCRIPTION: A vulnerability has been reported in ALAXALA Networks AX series, which can be exploited by malicious people to cause a DoS (Denial of Service). SOLUTION: Restrict network access on affected systems. PROVIDED AND/OR DISCOVERED BY: Reported via US-CERT. ORIGINAL ADVISORY: US-CERT VU#929656: http://www.kb.cert.org/vuls/id/929656 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. SOLUTION: Apply updates (contact the vendor for more information)

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

network

TYPE

Design Error

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Juniper Networks

SOURCES

LAST UPDATE DATE

2024-11-23T21:48:34.117000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE