Mageni Mageni Security LLC

Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Junos DNSSEC validation Denial of Service

Information

Severity

Severity

High

Family

Family

JunOS Local Security Checks

CVSSv2 Base

CVSSv2 Base

7.8

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

10 years ago

Modified

Modified

5 years ago

Share

Summary

Heavy DNSSEC validation load can cause assertion failure in Bind of Junos OS.

Insight

Insight

BIND stores a cache of query names that are known to be failing due to misconfigured name servers or a broken chain of trust. Under high query loads, when DNSSEC validation is active, it is possible for a condition to arise in which data from this cache of failing queries could be used before it was fully initialized, triggering an assertion failure.

Affected Software

Affected Software

Junos OS software build before 2013-02-13.

Detection Method

Detection Method

Checks if a vulnerable OS build is present on the target host.

Solution

Solution

New builds of Junos OS software are available from Juniper. As a workaround disable the security extension if DNSSEC is not required by typing delete system services dns dnssec.

Common Vulnerabilities and Exposures (CVE)

References