Vigil@nce - Junos: denial of service via regcomp
January 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can trigger a vulnerability in regcomp() of Junos, in
order to trigger a denial of service.
Impacted products: Juniper J-Series, JUNOS
Severity: 2/4
Creation date: 08/01/2014
DESCRIPTION OF THE VULNERABILITY
The bulletin VIGILANCE-VUL-10183 (https://vigilance.fr/tree/1/10183?w=66901)
describes a vulnerability which allows an attacker to stop an
application using the regcomp() function, when he can transmit a
special regular expression to this application.
Parameters given to some CLI commands of Junos are regular
expressions.
An attacker can therefore trigger a vulnerability in regcomp() of
Junos, in order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Junos-denial-of-service-via-regcomp-14043