Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Junos LDP DoS Vulnerability

Information

Severity

Severity

Medium

Family

Family

JunOS Local Security Checks

CVSSv2 Base

CVSSv2 Base

6.8

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:S/C:N/I:N/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

6 years ago

Modified

Modified

5 years ago

Summary

Junos OS is prone to denial of service vulnerability when receiving crafted LDP packets.

Insight

Insight

A specific LDP packet destined to the RE (Routing Engine) will consume a small amount of the memory allocated for the rpd process. Over time, repeatedly receiving this type of LDP packet(s) will cause the memory to exhaust and the rpd process to crash and restart. It is not possible to free up the memory that has been consumed without restarting the rpd process. This issue affects Junos OS based devices with either IPv4 or IPv6 LDP enabled via the [protocols ldp] configuration. The interface on which the packet arrives needs to have LDP enabled.

Affected Software

Affected Software

Junos OS 13.3, 14.1, 14.2, 15.1 and 16.1

Detection Method

Detection Method

Checks if a vulnerable OS build is present on the target host.

Solution

Solution

New builds of Junos OS software are available from Juniper. As a workaround use access lists or firewall filters to limit access to the device via LDP only from trusted networks or hosts, or enable MD5 authentication on all authorized LDP sessions.

Common Vulnerabilities and Exposures (CVE)