Vigil@nce - Juniper JunOS: NULL pointer dereference via RPD
September 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can force a NULL pointer to be dereferenced in RPD of
Juniper JunOS, in order to trigger a denial of service.
– Impacted products: Juniper J-Series, JUNOS.
– Severity: 2/4.
– Creation date: 09/07/2015.
DESCRIPTION OF THE VULNERABILITY
The Juniper JunOS product includes an rpd server process, which
handles IBGS network traffic.
However, while exchanging labels for MPLS, this daemon may
dereference a NULL pointer, which leads to server termination.
An attacker can therefore force a NULL pointer to be dereferenced
in RPD of Juniper JunOS, in order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Juniper-JunOS-NULL-pointer-dereference-via-RPD-17335