var-200712-0088
Vulnerability from variot
Unspecified vulnerability in Juniper JUNOS 7.3 through 8.4 allows remote attackers to cause a denial of service (crash) via malformed BGP packets, possibly BGP UPDATE packets that trigger session flapping. BGP implementations from multiple vendors including Juniper may not properly handle specially crafted BGP UPDATE messages. These vulnerabilities could allow an unauthenticated, remote attacker to cause a denial of service. Disrupting BGP communication could lead to routing instability. BGP implementations from multiple vendors including Juniper may not properly handle specially crafted BGP UPDATE messages. These vulnerabilities could allow an unauthenticated, remote attacker to cause a denial of service. Disrupting BGP communication could lead to routing instability. Border Gateway Protocol (BGP) Is AS (Autonomous System) A widely used routing protocol. Between peer routers BGP The exchange of route information by means of is important in the stable operation of the Internet. Versions of JUNOS from 7.3 to 8.4 are reported vulnerable. NOTE: Multiple sources report that upgrading to JUNOS 8.5R1 or above will solve this issue, but this could not be confirmed at the time of writing. It has been assigned its own record because details regarding what technologies are vulnerable and how the various vendors have implemented BGP are not currently available. As more information emerges, we will create individual records to further document the vulnerability for the various vulnerable technologies. AlaxalA Networks AX series and Hitachi GR series are reported vulnerable to this issue. Unspecified technologies from Avici Systems, Inc., Century Systems Inc., and Yamaha Corporation are also reported vulnerable. Juniper Networks Juniper Junos is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware system. The operating system provides a secure programming interface and Junos SDK. There is a loophole in the implementation of the BGP protocol in JUNOS, and a remote attacker may take advantage of this loophole. ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
The Public Beta has ended. Thanks to all that participated.
Learn more: http://secunia.com/network_software_inspector_2/
TITLE: ALAXALA Networks AX Series BGP UPDATE Message Processing Denial of Service
SECUNIA ADVISORY ID: SA30054
VERIFY ADVISORY: http://secunia.com/advisories/30054/
CRITICAL: Moderately critical
IMPACT: DoS
WHERE:
From remote
OPERATING SYSTEM: ALAXALA Networks AX7800S Series http://secunia.com/product/5125/ ALAXALA Networks AX7800R Series http://secunia.com/product/5124/ ALAXALA Networks AX7700R http://secunia.com/product/11176/ ALAXALA Networks AX5400S Series http://secunia.com/product/5126/ ALAXALA Networks AX3600S Series http://secunia.com/product/11174/ ALAXALA Networks AX2400S Series http://secunia.com/product/11175/ ALAXALA Networks AX2000R Series http://secunia.com/product/11177/
DESCRIPTION: A vulnerability has been reported in ALAXALA Networks AX series, which can be exploited by malicious people to cause a DoS (Denial of Service).
SOLUTION: Restrict network access on affected systems.
PROVIDED AND/OR DISCOVERED BY: Reported via US-CERT.
ORIGINAL ADVISORY: US-CERT VU#929656: http://www.kb.cert.org/vuls/id/929656
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
.
2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published
How do you know which Secunia advisories are important to you?
The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively.
SOLUTION: Apply updates (contact the vendor for more information)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200712-0088",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "junos",
"scope": "eq",
"trust": 1.9,
"vendor": "juniper",
"version": "8.4"
},
{
"model": "junos",
"scope": "eq",
"trust": 1.9,
"vendor": "juniper",
"version": "7.3"
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "avici",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "century",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "extreme",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "hitachi",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "juniper",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "nec",
"version": null
},
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "yamaha",
"version": null
},
{
"model": "junos",
"scope": "eq",
"trust": 1.6,
"vendor": "juniper",
"version": "7.6"
},
{
"model": "junos",
"scope": "eq",
"trust": 1.6,
"vendor": "juniper",
"version": "8.2"
},
{
"model": "junos",
"scope": "eq",
"trust": 1.6,
"vendor": "juniper",
"version": "7.4"
},
{
"model": "junos",
"scope": "eq",
"trust": 1.6,
"vendor": "juniper",
"version": "7.5"
},
{
"model": "junos",
"scope": "eq",
"trust": 1.6,
"vendor": "juniper",
"version": "8.1"
},
{
"model": "junos",
"scope": "eq",
"trust": 1.6,
"vendor": "juniper",
"version": "8.3"
},
{
"model": "junos",
"scope": "eq",
"trust": 1.6,
"vendor": "juniper",
"version": "8.0"
},
{
"model": "gr4000",
"scope": null,
"trust": 1.1,
"vendor": "hitachi",
"version": null
},
{
"model": "centrecom",
"scope": "eq",
"trust": 0.8,
"vendor": "allied telesis",
"version": "8724sl v2"
},
{
"model": "centrecom",
"scope": "eq",
"trust": 0.8,
"vendor": "allied telesis",
"version": "8724sl"
},
{
"model": "centrecom",
"scope": "eq",
"trust": 0.8,
"vendor": "allied telesis",
"version": "8748sl"
},
{
"model": "centrecom",
"scope": "eq",
"trust": 0.8,
"vendor": "allied telesis",
"version": "8724xl"
},
{
"model": "centrecom",
"scope": "eq",
"trust": 0.8,
"vendor": "allied telesis",
"version": "8748xl"
},
{
"model": "centrecom",
"scope": "eq",
"trust": 0.8,
"vendor": "allied telesis",
"version": "8948xl"
},
{
"model": "centrecom",
"scope": "eq",
"trust": 0.8,
"vendor": "allied telesis",
"version": "9606sx/sc"
},
{
"model": "centrecom",
"scope": "eq",
"trust": 0.8,
"vendor": "allied telesis",
"version": "9606t"
},
{
"model": "centrecom",
"scope": "eq",
"trust": 0.8,
"vendor": "allied telesis",
"version": "9816gb"
},
{
"model": "centrecom",
"scope": "eq",
"trust": 0.8,
"vendor": "allied telesis",
"version": "9812t"
},
{
"model": "centrecom",
"scope": "eq",
"trust": 0.8,
"vendor": "allied telesis",
"version": "9924t/4sp"
},
{
"model": "centrecom",
"scope": "eq",
"trust": 0.8,
"vendor": "allied telesis",
"version": "9924sp"
},
{
"model": "centrecom",
"scope": "eq",
"trust": 0.8,
"vendor": "allied telesis",
"version": "9924ts"
},
{
"model": "centrecom",
"scope": "eq",
"trust": 0.8,
"vendor": "allied telesis",
"version": "ar410 v2/ar410s v2"
},
{
"model": "centrecom",
"scope": "eq",
"trust": 0.8,
"vendor": "allied telesis",
"version": "ar415s"
},
{
"model": "centrecom",
"scope": "eq",
"trust": 0.8,
"vendor": "allied telesis",
"version": "ar450s"
},
{
"model": "centrecom",
"scope": "eq",
"trust": 0.8,
"vendor": "allied telesis",
"version": "ar550s"
},
{
"model": "centrecom",
"scope": "eq",
"trust": 0.8,
"vendor": "allied telesis",
"version": "ar570s"
},
{
"model": "centrecom",
"scope": "eq",
"trust": 0.8,
"vendor": "allied telesis",
"version": "ar740/ar740s"
},
{
"model": "switchblade 5400s series",
"scope": null,
"trust": 0.8,
"vendor": "allied telesis",
"version": null
},
{
"model": "switchblade 7800r series",
"scope": null,
"trust": 0.8,
"vendor": "allied telesis",
"version": null
},
{
"model": "switchblade 7800s series",
"scope": null,
"trust": 0.8,
"vendor": "allied telesis",
"version": null
},
{
"model": "switchblade4000",
"scope": null,
"trust": 0.8,
"vendor": "allied telesis",
"version": null
},
{
"model": "ax2000r series",
"scope": null,
"trust": 0.8,
"vendor": "alaxala",
"version": null
},
{
"model": "ax3600s series",
"scope": null,
"trust": 0.8,
"vendor": "alaxala",
"version": null
},
{
"model": "ax5400s series",
"scope": null,
"trust": 0.8,
"vendor": "alaxala",
"version": null
},
{
"model": "ax6300s series",
"scope": null,
"trust": 0.8,
"vendor": "alaxala",
"version": null
},
{
"model": "ax6700s series",
"scope": null,
"trust": 0.8,
"vendor": "alaxala",
"version": null
},
{
"model": "ax7700r series",
"scope": null,
"trust": 0.8,
"vendor": "alaxala",
"version": null
},
{
"model": "ax7800r series",
"scope": null,
"trust": 0.8,
"vendor": "alaxala",
"version": null
},
{
"model": "ax7800s series",
"scope": null,
"trust": 0.8,
"vendor": "alaxala",
"version": null
},
{
"model": "xr-440",
"scope": "eq",
"trust": 0.8,
"vendor": "century",
"version": "1.7.7 before"
},
{
"model": "xr-540",
"scope": "eq",
"trust": 0.8,
"vendor": "century",
"version": "3.5.0 before"
},
{
"model": "xr-730",
"scope": "eq",
"trust": 0.8,
"vendor": "century",
"version": "3.4.0 before"
},
{
"model": "rt105 series",
"scope": null,
"trust": 0.8,
"vendor": "yamaha",
"version": null
},
{
"model": "rt107e",
"scope": null,
"trust": 0.8,
"vendor": "yamaha",
"version": null
},
{
"model": "rt140 series",
"scope": null,
"trust": 0.8,
"vendor": "yamaha",
"version": null
},
{
"model": "rt250i",
"scope": null,
"trust": 0.8,
"vendor": "yamaha",
"version": null
},
{
"model": "rt300i",
"scope": null,
"trust": 0.8,
"vendor": "yamaha",
"version": null
},
{
"model": "rtx1000",
"scope": null,
"trust": 0.8,
"vendor": "yamaha",
"version": null
},
{
"model": "rtx1100",
"scope": null,
"trust": 0.8,
"vendor": "yamaha",
"version": null
},
{
"model": "rtx1500",
"scope": null,
"trust": 0.8,
"vendor": "yamaha",
"version": null
},
{
"model": "rtx2000",
"scope": null,
"trust": 0.8,
"vendor": "yamaha",
"version": null
},
{
"model": "rtx3000",
"scope": null,
"trust": 0.8,
"vendor": "yamaha",
"version": null
},
{
"model": "srt100",
"scope": null,
"trust": 0.8,
"vendor": "yamaha",
"version": null
},
{
"model": "fitelnet-f series",
"scope": "eq",
"trust": 0.8,
"vendor": "furukawa electric",
"version": "fitelnet-f40"
},
{
"model": "ip38x series",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "1000"
},
{
"model": "ip38x series",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "107e"
},
{
"model": "ip38x series",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "1100"
},
{
"model": "ip38x series",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "1500"
},
{
"model": "ip38x series",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "250i"
},
{
"model": "ip38x series",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "3000"
},
{
"model": "ip38x series",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "sr100"
},
{
"model": "ip8800/s,/r",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "s300"
},
{
"model": "ip8800/s,/r",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "s400"
},
{
"model": "ip8800/s,/r",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "r400 (ax7800s"
},
{
"model": "ip8800/s,/r",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "5400s"
},
{
"model": "ip8800/s,/r",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "7800r)"
},
{
"model": "ip8800/s,/r",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "s3600 (ax3600s)"
},
{
"model": "ip8800/s,/r",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "s6300"
},
{
"model": "ip8800/s,/r",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "s6700 (ax6300s"
},
{
"model": "ip8800/s,/r",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "6700s)"
},
{
"model": "juniper t/m/mx-series router",
"scope": null,
"trust": 0.8,
"vendor": "nec",
"version": null
},
{
"model": "gr2000",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "gs3000",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "gs4000",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "junos 8.5.r1",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "gr3000",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"model": "gr2000-bh",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"model": "gr2000-2b+",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"model": "gr2000-2b",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"model": "gr2000-1b",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"model": "alaxala ax",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"model": "networks ax7800s",
"scope": null,
"trust": 0.3,
"vendor": "alaxala",
"version": null
},
{
"model": "networks ax7800r",
"scope": null,
"trust": 0.3,
"vendor": "alaxala",
"version": null
},
{
"model": "networks ax7700r",
"scope": "eq",
"trust": 0.3,
"vendor": "alaxala",
"version": "0"
},
{
"model": "networks ax5400s",
"scope": null,
"trust": 0.3,
"vendor": "alaxala",
"version": null
},
{
"model": "networks ax3600s",
"scope": "eq",
"trust": 0.3,
"vendor": "alaxala",
"version": "0"
},
{
"model": "networks ax2400s",
"scope": "eq",
"trust": 0.3,
"vendor": "alaxala",
"version": "0"
},
{
"model": "networks ax2000r",
"scope": "eq",
"trust": 0.3,
"vendor": "alaxala",
"version": "0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#929656"
},
{
"db": "CERT/CC",
"id": "VU#929656"
},
{
"db": "BID",
"id": "26869"
},
{
"db": "BID",
"id": "28999"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001337"
},
{
"db": "NVD",
"id": "CVE-2007-6372"
},
{
"db": "CNNVD",
"id": "CNNVD-200712-169"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:8.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-6372"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Juniper Networks",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200712-169"
}
],
"trust": 0.6
},
"cve": "CVE-2007-6372",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2007-6372",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-29734",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-6372",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#929656",
"trust": 1.6,
"value": "24.49"
},
{
"author": "CNNVD",
"id": "CNNVD-200712-169",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-29734",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#929656"
},
{
"db": "CERT/CC",
"id": "VU#929656"
},
{
"db": "VULHUB",
"id": "VHN-29734"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001337"
},
{
"db": "NVD",
"id": "CVE-2007-6372"
},
{
"db": "CNNVD",
"id": "CNNVD-200712-169"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in Juniper JUNOS 7.3 through 8.4 allows remote attackers to cause a denial of service (crash) via malformed BGP packets, possibly BGP UPDATE packets that trigger session flapping. BGP implementations from multiple vendors including Juniper may not properly handle specially crafted BGP UPDATE messages. These vulnerabilities could allow an unauthenticated, remote attacker to cause a denial of service. Disrupting BGP communication could lead to routing instability. BGP implementations from multiple vendors including Juniper may not properly handle specially crafted BGP UPDATE messages. These vulnerabilities could allow an unauthenticated, remote attacker to cause a denial of service. Disrupting BGP communication could lead to routing instability. Border Gateway Protocol (BGP) Is AS (Autonomous System) A widely used routing protocol. Between peer routers BGP The exchange of route information by means of is important in the stable operation of the Internet. \nVersions of JUNOS from 7.3 to 8.4 are reported vulnerable. \nNOTE: Multiple sources report that upgrading to JUNOS 8.5R1 or above will solve this issue, but this could not be confirmed at the time of writing. It has been assigned its own record because details regarding what technologies are vulnerable and how the various vendors have implemented BGP are not currently available. As more information emerges, we will create individual records to further document the vulnerability for the various vulnerable technologies. \nAlaxalA Networks AX series and Hitachi GR series are reported vulnerable to this issue. Unspecified technologies from Avici Systems, Inc., Century Systems Inc., and Yamaha Corporation are also reported vulnerable. Juniper Networks Juniper Junos is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company\u0027s hardware system. The operating system provides a secure programming interface and Junos SDK. There is a loophole in the implementation of the BGP protocol in JUNOS, and a remote attacker may take advantage of this loophole. ----------------------------------------------------------------------\n\nSecunia Network Software Inspector 2.0 (NSI) - Public Beta\n\nThe Public Beta has ended. Thanks to all that participated. \n\nLearn more:\nhttp://secunia.com/network_software_inspector_2/\n\n----------------------------------------------------------------------\n\nTITLE:\nALAXALA Networks AX Series BGP UPDATE Message Processing Denial of\nService\n\nSECUNIA ADVISORY ID:\nSA30054\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/30054/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nDoS\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nALAXALA Networks AX7800S Series\nhttp://secunia.com/product/5125/\nALAXALA Networks AX7800R Series\nhttp://secunia.com/product/5124/\nALAXALA Networks AX7700R\nhttp://secunia.com/product/11176/\nALAXALA Networks AX5400S Series\nhttp://secunia.com/product/5126/\nALAXALA Networks AX3600S Series\nhttp://secunia.com/product/11174/\nALAXALA Networks AX2400S Series\nhttp://secunia.com/product/11175/\nALAXALA Networks AX2000R Series\nhttp://secunia.com/product/11177/\n\nDESCRIPTION:\nA vulnerability has been reported in ALAXALA Networks AX series,\nwhich can be exploited by malicious people to cause a DoS (Denial of\nService). \n\nSOLUTION:\nRestrict network access on affected systems. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported via US-CERT. \n\nORIGINAL ADVISORY:\nUS-CERT VU#929656:\nhttp://www.kb.cert.org/vuls/id/929656\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\n----------------------------------------------------------------------\n\n2003: 2,700 advisories published\n2004: 3,100 advisories published\n2005: 4,600 advisories published\n2006: 5,300 advisories published\n\nHow do you know which Secunia advisories are important to you?\n\nThe Secunia Vulnerability Intelligence Solutions allows you to filter\nand structure all the information you need, so you can address issues\neffectively. \n\nSOLUTION:\nApply updates (contact the vendor for more information)",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-6372"
},
{
"db": "CERT/CC",
"id": "VU#929656"
},
{
"db": "CERT/CC",
"id": "VU#929656"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001337"
},
{
"db": "BID",
"id": "26869"
},
{
"db": "BID",
"id": "28999"
},
{
"db": "VULHUB",
"id": "VHN-29734"
},
{
"db": "PACKETSTORM",
"id": "66123"
},
{
"db": "PACKETSTORM",
"id": "66130"
},
{
"db": "PACKETSTORM",
"id": "61855"
}
],
"trust": 3.96
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#929656",
"trust": 4.9
},
{
"db": "NVD",
"id": "CVE-2007-6372",
"trust": 4.7
},
{
"db": "SECUNIA",
"id": "28100",
"trust": 4.2
},
{
"db": "SECTRACK",
"id": "1019100",
"trust": 4.1
},
{
"db": "BID",
"id": "26869",
"trust": 3.6
},
{
"db": "OSVDB",
"id": "39157",
"trust": 3.3
},
{
"db": "BID",
"id": "28999",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "30028",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2007-4223",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001337",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "11289",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200712-169",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "30054",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-29734",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "66123",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "66130",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "61855",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#929656"
},
{
"db": "CERT/CC",
"id": "VU#929656"
},
{
"db": "VULHUB",
"id": "VHN-29734"
},
{
"db": "BID",
"id": "26869"
},
{
"db": "BID",
"id": "28999"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001337"
},
{
"db": "PACKETSTORM",
"id": "66123"
},
{
"db": "PACKETSTORM",
"id": "66130"
},
{
"db": "PACKETSTORM",
"id": "61855"
},
{
"db": "NVD",
"id": "CVE-2007-6372"
},
{
"db": "CNNVD",
"id": "CNNVD-200712-169"
}
]
},
"id": "VAR-200712-0088",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-29734"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:39:34.724000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "20080513",
"trust": 0.8,
"url": "http://www.furukawa.co.jp/fitelnet/topic/vulnera_20080513.html"
},
{
"title": "JPCERT91637337",
"trust": 0.8,
"url": "http://www.centurysys.co.jp/support/xr_common/jpcert91637337.html"
},
{
"title": "NV08-004",
"trust": 0.8,
"url": "http://www.nec.co.jp/security-info/secinfo/nv08-004.html"
},
{
"title": "VU929656",
"trust": 0.8,
"url": "http://www.rtpro.yamaha.co.jp/rt/faq/security/vu929656.html"
},
{
"title": "20081024",
"trust": 0.8,
"url": "http://www.allied-telesis.co.jp/support/list/faq/vuls/20081024.html"
},
{
"title": "AX-VU2008-01",
"trust": 0.8,
"url": "http://www.alaxala.com/jp/support/security/20080508.html"
},
{
"title": "BGP_UPDATE",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/prod/comp/network/notice/bgp_update.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-001337"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-29734"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001337"
},
{
"db": "NVD",
"id": "CVE-2007-6372"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://www.securityfocus.com/bid/26869"
},
{
"trust": 3.3,
"url": "http://www.kb.cert.org/vuls/id/929656"
},
{
"trust": 3.0,
"url": "http://www.frsirt.com/english/advisories/2007/4223"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/28999"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/28100"
},
{
"trust": 2.4,
"url": "http://jvn.jp/cert/jvnvu929656/index.html"
},
{
"trust": 2.4,
"url": "http://securitytracker.com/alerts/2007/dec/1019100.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/28100/"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/30028/"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/39157"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1019100"
},
{
"trust": 1.6,
"url": "http://tools.ietf.org/html/rfc4271"
},
{
"trust": 1.6,
"url": "http://www.iana.org/assignments/bgp-parameters"
},
{
"trust": 1.6,
"url": "http://tools.ietf.org/html/rfc2385"
},
{
"trust": 1.6,
"url": "http://tools.ietf.org/html/rfc2439"
},
{
"trust": 1.6,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-6372"
},
{
"trust": 1.6,
"url": "https://www.juniper.net/alerts/viewalert.jsp?actionbtn=search\u0026txtalertnumber=psn-2007-12-008\u0026viewmod%20e=view"
},
{
"trust": 1.6,
"url": "http://isc.sans.org/diary.php?storyid=3748"
},
{
"trust": 1.6,
"url": "https://puck.nether.net/pipermail/juniper-nsp/2007-december/009294.html"
},
{
"trust": 1.6,
"url": "https://puck.nether.net/pipermail/juniper-nsp/2007-december/009299.html"
},
{
"trust": 1.6,
"url": "http://osvdb.org/show/osvdb/39157"
},
{
"trust": 1.6,
"url": "http://www.team-cymru.org/?sec=13\u0026opt=28"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2007/4223"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6372"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-6372"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/11289"
},
{
"trust": 0.3,
"url": "http://www.juniper.net/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.3,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.3,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/network_software_inspector_2/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5126/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/11176/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/11174/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/11177/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/30054/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5125/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/11175/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5124/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5131/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5129/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/10974/"
},
{
"trust": 0.1,
"url": "http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv"
},
{
"trust": 0.1,
"url": "https://www.juniper.net/alerts/viewalert.jsp?actionbtn=search\u0026txtalertnumber=psn-2007-12-008\u0026viewmod"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#929656"
},
{
"db": "CERT/CC",
"id": "VU#929656"
},
{
"db": "VULHUB",
"id": "VHN-29734"
},
{
"db": "BID",
"id": "26869"
},
{
"db": "BID",
"id": "28999"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001337"
},
{
"db": "PACKETSTORM",
"id": "66123"
},
{
"db": "PACKETSTORM",
"id": "66130"
},
{
"db": "PACKETSTORM",
"id": "61855"
},
{
"db": "NVD",
"id": "CVE-2007-6372"
},
{
"db": "CNNVD",
"id": "CNNVD-200712-169"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#929656"
},
{
"db": "CERT/CC",
"id": "VU#929656"
},
{
"db": "VULHUB",
"id": "VHN-29734"
},
{
"db": "BID",
"id": "26869"
},
{
"db": "BID",
"id": "28999"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001337"
},
{
"db": "PACKETSTORM",
"id": "66123"
},
{
"db": "PACKETSTORM",
"id": "66130"
},
{
"db": "PACKETSTORM",
"id": "61855"
},
{
"db": "NVD",
"id": "CVE-2007-6372"
},
{
"db": "CNNVD",
"id": "CNNVD-200712-169"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-05-01T00:00:00",
"db": "CERT/CC",
"id": "VU#929656"
},
{
"date": "2008-05-01T00:00:00",
"db": "CERT/CC",
"id": "VU#929656"
},
{
"date": "2007-12-15T00:00:00",
"db": "VULHUB",
"id": "VHN-29734"
},
{
"date": "2007-12-14T00:00:00",
"db": "BID",
"id": "26869"
},
{
"date": "2008-05-01T00:00:00",
"db": "BID",
"id": "28999"
},
{
"date": "2008-05-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-001337"
},
{
"date": "2008-05-08T17:30:50",
"db": "PACKETSTORM",
"id": "66123"
},
{
"date": "2008-05-08T17:30:50",
"db": "PACKETSTORM",
"id": "66130"
},
{
"date": "2007-12-18T00:56:59",
"db": "PACKETSTORM",
"id": "61855"
},
{
"date": "2007-12-15T01:46:00",
"db": "NVD",
"id": "CVE-2007-6372"
},
{
"date": "2007-12-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200712-169"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-06-09T00:00:00",
"db": "CERT/CC",
"id": "VU#929656"
},
{
"date": "2009-06-09T00:00:00",
"db": "CERT/CC",
"id": "VU#929656"
},
{
"date": "2011-04-29T00:00:00",
"db": "VULHUB",
"id": "VHN-29734"
},
{
"date": "2008-05-05T13:46:00",
"db": "BID",
"id": "26869"
},
{
"date": "2016-07-06T14:17:00",
"db": "BID",
"id": "28999"
},
{
"date": "2008-11-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-001337"
},
{
"date": "2011-04-29T04:00:00",
"db": "NVD",
"id": "CVE-2007-6372"
},
{
"date": "2007-12-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200712-169"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "26869"
},
{
"db": "BID",
"id": "28999"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "BGP implementations do not properly handle UPDATE messages",
"sources": [
{
"db": "CERT/CC",
"id": "VU#929656"
},
{
"db": "CERT/CC",
"id": "VU#929656"
}
],
"trust": 1.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "26869"
},
{
"db": "BID",
"id": "28999"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.