cnvd - cnvd-2017-06042

cnvd-2017-06042

Vulnerability from cnvd

Title

Juniper Junos拒绝服务漏洞（NVD-C-2017-52652）

Description

Juniper Junos是美国瞻博网络（Juniper Networks）公司的一套专用于该公司的硬件系统的网络操作系统。该操作系统提供了安全编程接口和Junos SDK。 Juniper Junos存在拒绝服务漏洞。攻击者可以利用漏洞来崩溃并重新启动受影响的设备，拒绝对合法用户的服务。

Severity

中

Patch Name

Juniper Junos拒绝服务漏洞（NVD-C-2017-52652）的补丁

Patch Description

Juniper Junos是美国瞻博网络（Juniper Networks）公司的一套专用于该公司的硬件系统的网络操作系统。该操作系统提供了安全编程接口和Junos SDK。 Juniper Junos存在拒绝服务漏洞。攻击者可以利用漏洞来崩溃并重新启动受影响的设备，拒绝对合法用户的服务。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下供应商提供的安全公告获得补丁信息： https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10777&actp=METADATA

Reference

http://securitytracker.com/id/1038252

Impacted products

Name
['Juniper Networks, Inc. JUNOS 15.1X53-D30', 'Juniper Networks, Inc. JUNOS 15.1X53-D20', 'Juniper Networks, Inc. JUNOS 15.1X49-D20', 'Juniper Networks, Inc. JUNOS 15.1X49-D15', 'Juniper Networks, Inc. JUNOS 15.1X49-D10', 'Juniper Networks, Inc. JUNOS 15.1R2', 'Juniper Networks, Inc. JUNOS 15.1R1', 'Juniper Networks, Inc. JUNOS 15.1F5-S2', 'Juniper Networks, Inc. JUNOS 15.1F5', 'Juniper Networks, Inc. JUNOS 15.1F4-S2', 'Juniper Networks, Inc. JUNOS 15.1F4', 'Juniper Networks, Inc. JUNOS 15.1F3', 'Juniper Networks, Inc. JUNOS 15.1F2-S5', 'Juniper Networks, Inc. JUNOS 15.1F2-S2', 'Juniper Networks, Inc. JUNOS 15.1F2', 'Juniper Networks, Inc. JUNOS 15.1F1', 'Juniper Networks, Inc. JUNOS 14.1R7', 'Juniper Networks, Inc. JUNOS 14.1R6-S1', 'Juniper Networks, Inc. JUNOS 14.1R6', 'Juniper Networks, Inc. JUNOS 14.1R5', 'Juniper Networks, Inc. JUNOS 14.1R4-S7', 'Juniper Networks, Inc. JUNOS 14.1R4', 'Juniper Networks, Inc. JUNOS 14.1R3-S9', 'Juniper Networks, Inc. JUNOS 14.1R3-S2', 'Juniper Networks, Inc. JUNOS 14.1R3', 'Juniper Networks, Inc. JUNOS 14.1R2', 'Juniper Networks, Inc. JUNOS 14.1R1', 'Juniper Networks, Inc. JUNOS 13.3R9', 'Juniper Networks, Inc. JUNOS 13.3R8', 'Juniper Networks, Inc. JUNOS 13.3R7-S3', 'Juniper Networks, Inc. JUNOS 13.3R7', 'Juniper Networks, Inc. JUNOS 13.3R6', 'Juniper Networks, Inc. JUNOS 13.3R5', 'Juniper Networks, Inc. JUNOS 13.3R4.6', 'Juniper Networks, Inc. JUNOS 13.3R4', 'Juniper Networks, Inc. JUNOS 13.3R3-S3', 'Juniper Networks, Inc. JUNOS 13.3R3', 'Juniper Networks, Inc. JUNOS 13.3R2-S3', 'Juniper Networks, Inc. JUNOS 13.3R2-S2', 'Juniper Networks, Inc. JUNOS 13.3R2', 'Juniper Networks, Inc. JUNOS 13.3R1.8', 'Juniper Networks, Inc. JUNOS 13.3R1.7', 'Juniper Networks, Inc. JUNOS 13.3R1', 'Juniper Networks, Inc. JUNOS 15.1R3', 'Juniper Networks, Inc. JUNOS 15.1R4', 'Juniper Networks, Inc. JUNOS 15.1X49-D60', 'Juniper Networks, Inc. JUNOS 15.1X49-D40', 'Juniper Networks, Inc. JUNOS 15.1X49-D30', 'Juniper Networks, Inc. JUNOS 16.1R1', 'Juniper Networks, Inc. JUNOS 15.1X53-D60', 'Juniper Networks, Inc. JUNOS 15.1X53-D40', 'Juniper Networks, Inc. JUNOS 15.1X53-D35']

Name

['Juniper Networks, Inc. JUNOS 15.1X53-D30', 'Juniper Networks, Inc. JUNOS 15.1X53-D20', 'Juniper Networks, Inc. JUNOS 15.1X49-D20', 'Juniper Networks, Inc. JUNOS 15.1X49-D15', 'Juniper Networks, Inc. JUNOS 15.1X49-D10', 'Juniper Networks, Inc. JUNOS 15.1R2', 'Juniper Networks, Inc. JUNOS 15.1R1', 'Juniper Networks, Inc. JUNOS 15.1F5-S2', 'Juniper Networks, Inc. JUNOS 15.1F5', 'Juniper Networks, Inc. JUNOS 15.1F4-S2', 'Juniper Networks, Inc. JUNOS 15.1F4', 'Juniper Networks, Inc. JUNOS 15.1F3', 'Juniper Networks, Inc. JUNOS 15.1F2-S5', 'Juniper Networks, Inc. JUNOS 15.1F2-S2', 'Juniper Networks, Inc. JUNOS 15.1F2', 'Juniper Networks, Inc. JUNOS 15.1F1', 'Juniper Networks, Inc. JUNOS 14.1R7', 'Juniper Networks, Inc. JUNOS 14.1R6-S1', 'Juniper Networks, Inc. JUNOS 14.1R6', 'Juniper Networks, Inc. JUNOS 14.1R5', 'Juniper Networks, Inc. JUNOS 14.1R4-S7', 'Juniper Networks, Inc. JUNOS 14.1R4', 'Juniper Networks, Inc. JUNOS 14.1R3-S9', 'Juniper Networks, Inc. JUNOS 14.1R3-S2', 'Juniper Networks, Inc. JUNOS 14.1R3', 'Juniper Networks, Inc. JUNOS 14.1R2', 'Juniper Networks, Inc. JUNOS 14.1R1', 'Juniper Networks, Inc. JUNOS 13.3R9', 'Juniper Networks, Inc. JUNOS 13.3R8', 'Juniper Networks, Inc. JUNOS 13.3R7-S3', 'Juniper Networks, Inc. JUNOS 13.3R7', 'Juniper Networks, Inc. JUNOS 13.3R6', 'Juniper Networks, Inc. JUNOS 13.3R5', 'Juniper Networks, Inc. JUNOS 13.3R4.6', 'Juniper Networks, Inc. JUNOS 13.3R4', 'Juniper Networks, Inc. JUNOS 13.3R3-S3', 'Juniper Networks, Inc. JUNOS 13.3R3', 'Juniper Networks, Inc. JUNOS 13.3R2-S3', 'Juniper Networks, Inc. JUNOS 13.3R2-S2', 'Juniper Networks, Inc. JUNOS 13.3R2', 'Juniper Networks, Inc. JUNOS 13.3R1.8', 'Juniper Networks, Inc. JUNOS 13.3R1.7', 'Juniper Networks, Inc. JUNOS 13.3R1', 'Juniper Networks, Inc. JUNOS 15.1R3', 'Juniper Networks, Inc. JUNOS 15.1R4', 'Juniper Networks, Inc. JUNOS 15.1X49-D60', 'Juniper Networks, Inc. JUNOS 15.1X49-D40', 'Juniper Networks, Inc. JUNOS 15.1X49-D30', 'Juniper Networks, Inc. JUNOS 16.1R1', 'Juniper Networks, Inc. JUNOS 15.1X53-D60', 'Juniper Networks, Inc. JUNOS 15.1X53-D40', 'Juniper Networks, Inc. JUNOS 15.1X53-D35']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "97611"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-2312",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2312"
    }
  },
  "description": "Juniper Junos\u662f\u7f8e\u56fd\u77bb\u535a\u7f51\u7edc\uff08Juniper Networks\uff09\u516c\u53f8\u7684\u4e00\u5957\u4e13\u7528\u4e8e\u8be5\u516c\u53f8\u7684\u786c\u4ef6\u7cfb\u7edf\u7684\u7f51\u7edc\u64cd\u4f5c\u7cfb\u7edf\u3002\u8be5\u64cd\u4f5c\u7cfb\u7edf\u63d0\u4f9b\u4e86\u5b89\u5168\u7f16\u7a0b\u63a5\u53e3\u548cJunos SDK\u3002\r\n\r\nJuniper Junos\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u6765\u5d29\u6e83\u5e76\u91cd\u65b0\u542f\u52a8\u53d7\u5f71\u54cd\u7684\u8bbe\u5907\uff0c\u62d2\u7edd\u5bf9\u5408\u6cd5\u7528\u6237\u7684\u670d\u52a1\u3002",
  "discovererName": "Juniper Networks, Inc.",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10777\u0026actp=METADATA",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-06042",
  "openTime": "2017-05-06",
  "patchDescription": "Juniper Junos\u662f\u7f8e\u56fd\u77bb\u535a\u7f51\u7edc\uff08Juniper Networks\uff09\u516c\u53f8\u7684\u4e00\u5957\u4e13\u7528\u4e8e\u8be5\u516c\u53f8\u7684\u786c\u4ef6\u7cfb\u7edf\u7684\u7f51\u7edc\u64cd\u4f5c\u7cfb\u7edf\u3002\u8be5\u64cd\u4f5c\u7cfb\u7edf\u63d0\u4f9b\u4e86\u5b89\u5168\u7f16\u7a0b\u63a5\u53e3\u548cJunos SDK\u3002\r\n\r\nJuniper Junos\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u6765\u5d29\u6e83\u5e76\u91cd\u65b0\u542f\u52a8\u53d7\u5f71\u54cd\u7684\u8bbe\u5907\uff0c\u62d2\u7edd\u5bf9\u5408\u6cd5\u7528\u6237\u7684\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Juniper Junos\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08NVD-C-2017-52652\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Juniper Networks, Inc. JUNOS  15.1X53-D30",
      "Juniper Networks, Inc. JUNOS  15.1X53-D20",
      "Juniper Networks, Inc. JUNOS  15.1X49-D20",
      "Juniper Networks, Inc. JUNOS  15.1X49-D15",
      "Juniper Networks, Inc. JUNOS  15.1X49-D10",
      "Juniper Networks, Inc. JUNOS  15.1R2",
      "Juniper Networks, Inc. JUNOS  15.1R1",
      "Juniper Networks, Inc. JUNOS  15.1F5-S2",
      "Juniper Networks, Inc. JUNOS  15.1F5",
      "Juniper Networks, Inc. JUNOS  15.1F4-S2",
      "Juniper Networks, Inc. JUNOS  15.1F4",
      "Juniper Networks, Inc. JUNOS  15.1F3",
      "Juniper Networks, Inc. JUNOS  15.1F2-S5",
      "Juniper Networks, Inc. JUNOS  15.1F2-S2",
      "Juniper Networks, Inc. JUNOS  15.1F2",
      "Juniper Networks, Inc. JUNOS  15.1F1",
      "Juniper Networks, Inc. JUNOS  14.1R7",
      "Juniper Networks, Inc. JUNOS  14.1R6-S1",
      "Juniper Networks, Inc. JUNOS  14.1R6",
      "Juniper Networks, Inc. JUNOS  14.1R5",
      "Juniper Networks, Inc. JUNOS  14.1R4-S7",
      "Juniper Networks, Inc. JUNOS  14.1R4",
      "Juniper Networks, Inc. JUNOS  14.1R3-S9",
      "Juniper Networks, Inc. JUNOS 14.1R3-S2",
      "Juniper Networks, Inc. JUNOS  14.1R3",
      "Juniper Networks, Inc. JUNOS  14.1R2",
      "Juniper Networks, Inc. JUNOS  14.1R1",
      "Juniper Networks, Inc. JUNOS  13.3R9",
      "Juniper Networks, Inc. JUNOS  13.3R8",
      "Juniper Networks, Inc. JUNOS  13.3R7-S3",
      "Juniper Networks, Inc. JUNOS  13.3R7",
      "Juniper Networks, Inc. JUNOS  13.3R6",
      "Juniper Networks, Inc. JUNOS  13.3R5",
      "Juniper Networks, Inc. JUNOS  13.3R4.6",
      "Juniper Networks, Inc. JUNOS  13.3R4",
      "Juniper Networks, Inc. JUNOS  13.3R3-S3",
      "Juniper Networks, Inc. JUNOS  13.3R3",
      "Juniper Networks, Inc. JUNOS  13.3R2-S3",
      "Juniper Networks, Inc. JUNOS  13.3R2-S2",
      "Juniper Networks, Inc. JUNOS  13.3R2",
      "Juniper Networks, Inc. JUNOS  13.3R1.8",
      "Juniper Networks, Inc. JUNOS  13.3R1.7",
      "Juniper Networks, Inc. JUNOS  13.3R1",
      "Juniper Networks, Inc. JUNOS 15.1R3",
      "Juniper Networks, Inc. JUNOS  15.1R4",
      "Juniper Networks, Inc. JUNOS 15.1X49-D60",
      "Juniper Networks, Inc. JUNOS  15.1X49-D40",
      "Juniper Networks, Inc. JUNOS  15.1X49-D30",
      "Juniper Networks, Inc. JUNOS 16.1R1",
      "Juniper Networks, Inc. JUNOS  15.1X53-D60",
      "Juniper Networks, Inc. JUNOS  15.1X53-D40",
      "Juniper Networks, Inc. JUNOS  15.1X53-D35"
    ]
  },
  "referenceLink": "http://securitytracker.com/id/1038252",
  "serverity": "\u4e2d",
  "submitTime": "2017-04-20",
  "title": "Juniper Junos\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08NVD-C-2017-52652\uff09"
}

CVE-2017-2312 (GCVE-0-2017-2312)

Vulnerability from cvelistv5

Published

2017-04-24 15:00

Modified

2024-08-05 13:48

Severity ?

CWE

denial of service vulnerability due to memory leak

Summary

On Juniper Networks devices running Junos OS affected versions and with LDP enabled, a specific LDP packet destined to the RE (Routing Engine) will consume a small amount of the memory allocated for the rpd (routing protocol daemon) process. Over time, repeatedly receiving this type of LDP packet(s) will cause the memory to exhaust and the rpd process to crash and restart. It is not possible to free up the memory that has been consumed without restarting the rpd process. This issue affects Junos OS based devices with either IPv4 or IPv6 LDP enabled via the [protocols ldp] configuration (the native IPv6 support for LDP is available in Junos OS 16.1 and higher). The interface on which the packet arrives needs to have LDP enabled. The affected Junos versions are: 13.3 prior to 13.3R10; 14.1 prior to 14.1R8; 14.2 prior to 14.2R7-S6 or 14.2R8; 15.1 prior to 15.1F2-S14, 15.1F6-S4, 15.1F7, 15.1R4-S7, 15.1R5; 15.1X49 before 15.1X49-D70; 15.1X53 before 15.1X53-D230, 15.1X53-D63, 15.1X53-D70; 16.1 before 16.1R2. 16.2R1 and all subsequent releases have a resolution for this vulnerability.

References

URL

Tags

	http://www.securityfocus.com/bid/97611	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1038252	vdb-entry, x_refsource_SECTRACK
	https://kb.juniper.net/JSA10777	x_refsource_CONFIRM