CVE-2014-0616

Name of the Vulnerable Software and Affected Versions Juniper Junos versions 10.4 before 10.4R16 Juniper Junos versions 11.4 before 11.4R10 Juniper Junos versions 12.1R before 12.1R8-S2 Juniper Junos versions 12.1X44 before 12.1X44-D30 Juniper Junos versions 12.1X45 before 12.1X45-D20 Juniper Junos versions 12.1X46 before 12.1X46-D10 Juniper Junos versions 12.2 before 12.2R7 Juniper Junos versions 12.3 before 12.3R4-S2 Juniper Junos versions 13.1 before 13.1R3-S1 Juniper Junos versions 13.2 before 13.2R2 Juniper Junos versions 13.3 before 13.3R1

Description The issue allows remote attackers to cause a denial of service via a large BGP UPDATE message, which immediately triggers a withdraw message to be sent. This can be demonstrated by a long AS PATH and a large number of BGP Communities.

Recommendations For Juniper Junos versions 10.4 before 10.4R16, update to version 10.4R16 or later. For Juniper Junos versions 11.4 before 11.4R10, update to version 11.4R10 or later. For Juniper Junos versions 12.1R before 12.1R8-S2, update to version 12.1R8-S2 or later. For Juniper Junos versions 12.1X44 before 12.1X44-D30, update to version 12.1X44-D30 or later. For Juniper Junos versions 12.1X45 before 12.1X45-D20, update to version 12.1X45-D20 or later. For Juniper Junos versions 12.1X46 before 12.1X46-D10, update to version 12.1X46-D10 or later. For Juniper Junos versions 12.2 before 12.2R7, update to version 12.2R7 or later. For Juniper Junos versions 12.3 before 12.3R4-S2, update to version 12.3R4-S2 or later. For Juniper Junos versions 13.1 before 13.1R3-S1, update to version 13.1R3-S1 or later. For Juniper Junos versions 13.2 before 13.2R2, update to version 13.2R2 or later. For Juniper Junos versions 13.3 before 13.3R1, update to version 13.3R1 or later.