Juniper Junos BGP UPDATE 'rpd' Remote DoS (JSA10653)
High Nessus Plugin ID 78424
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionAccording to its self-reported version number, the remote Juniper Junos device is affected by a denial of service vulnerability due to improper handling of BGP UPDATE messages using 4-byte AS numbers. A remote attacker can exploit this issue, by sending a specially crafted BGP UPDATE packet, to crash the 'rpd' process.
Note that this issue only affects devices with the BGP daemon enabled and support for 4-byte AS numbers.
SolutionApply the relevant Junos software release or workaround referenced in Juniper advisory JSA10653.