Junos BGP FlowSpec Denial of Service Vulnerability

Summary
Junos OS with BGB FlowSpec enabled are vulnerable to a Denial of Service attack.
Impact
Exploiting this issue may allow remote attackers to crash and restart the RPD (Routing Protocol Daemon), causing denial-of-service conditions.
Solution
New builds of Junos OS software are available from Juniper.
Insight
Receipt of a malformed BGP FlowSpec prefix may cause the router to trigger an assert (programmatic crash) when detecting a certain specification violation. Rather than simply flagging, logging, and/or dropping the packet, the routing process daemon (rpd) will crash and restart.
Affected
Junos OS 11.4, 12.1, 12.2, 12.3 and 13.1
Detection
Check the OS build.
References

Updated on 2015-03-25