CVE-2018-0029: Junos OS: Kernel crash (vmcore) during broadcast storm after enabling 'monitor traffic interface fxp0'
First published: Wed Jul 11 2018(Updated: )
While experiencing a broadcast storm, placing the fxp0 interface into promiscuous mode via the 'monitor traffic interface fxp0' can cause the system to crash and restart (vmcore). This issue only affects Junos OS 15.1 and later releases, and affects both single core and multi-core REs. Releases prior to Junos OS 15.1 are unaffected by this vulnerability. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1F6-S11, 15.1R4-S9, 15.1R6-S6, 15.1R7; 15.1X49 versions prior to 15.1X49-D140; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400; 15.1X53 versions prior to 15.1X53-D67 on QFX10K; 15.1X53 versions prior to 15.1X53-D233 on QFX5200/QFX5110; 15.1X53 versions prior to 15.1X53-D471, 15.1X53-D490 on NFX; 16.1 versions prior to 16.1R3-S8, 16.1R5-S4, 16.1R6-S1, 16.1R7; 16.2 versions prior to 16.2R1-S6, 16.2R2-S5, 16.2R3; 17.1 versions prior to 17.1R1-S7, 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R1-S6, 17.2R2-S4, 17.2R3; 17.2X75 versions prior to 17.2X75-D90, 17.2X75-D110; 17.3 versions prior to 17.3R1-S4, 17.3R2; 17.4 versions prior to 17.4R1-S3, 17.4R2.
Credit: sirt@juniper.net
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Juniper Junos | =15.1 | |
| Juniper Junos | =15.1-a1 | |
| Juniper Junos | =15.1-f1 | |
| Juniper Junos | =15.1-f2 | |
| Juniper Junos | =15.1-f2-s1 | |
| Juniper Junos | =15.1-f2-s2 | |
| Juniper Junos | =15.1-f2-s3 | |
| Juniper Junos | =15.1-f2-s4 | |
| Juniper Junos | =15.1-f3 | |
| Juniper Junos | =15.1-f4 | |
| Juniper Junos | =15.1-f5 | |
| Juniper Junos | =15.1-f6 | |
| Juniper Junos | =15.1-r4-s9 | |
| Juniper Junos | =15.1-r6-s6 | |
| Juniper Junos | =15.1-r7 | |
| Juniper Junos | =15.1x49 | |
| Juniper Junos | =15.1x49-d10 | |
| Juniper Junos | =15.1x49-d100 | |
| Juniper Junos | =15.1x49-d110 | |
| Juniper Junos | =15.1x49-d120 | |
| Juniper Junos | =15.1x49-d130 | |
| Juniper Junos | =15.1x49-d20 | |
| Juniper Junos | =15.1x49-d30 | |
| Juniper Junos | =15.1x49-d35 | |
| Juniper Junos | =15.1x49-d40 | |
| Juniper Junos | =15.1x49-d45 | |
| Juniper Junos | =15.1x49-d50 | |
| Juniper Junos | =15.1x49-d55 | |
| Juniper Junos | =15.1x49-d60 | |
| Juniper Junos | =15.1x49-d65 | |
| Juniper Junos | =15.1x49-d70 | |
| Juniper Junos | =15.1x49-d75 | |
| Juniper Junos | =15.1x49-d80 | |
| Juniper Junos | =15.1x49-d90 | |
| Juniper Junos | =15.1x53 | |
| Juniper Junos | =15.1x53-d20 | |
| Juniper Junos | =15.1x53-d21 | |
| Juniper Junos | =15.1x53-d25 | |
| Juniper Junos | =15.1x53-d30 | |
| Juniper Junos | =15.1x53-d32 | |
| Juniper Junos | =15.1x53-d33 | |
| Juniper Junos | =15.1x53-d34 | |
| Juniper Junos | =15.1x53-d40 | |
| Juniper Junos | =15.1x53-d45 | |
| Juniper Junos | =15.1x53-d50 | |
| Juniper Junos | =15.1x53-d51 | |
| Juniper Junos | =15.1x53-d52 | |
| Juniper Junos | =15.1x53-d55 | |
| Juniper Junos | =15.1x53-d56 | |
| Juniper Junos | =15.1x53-d57 | |
| Juniper Junos | =15.1x53-d58 | |
| Juniper EX2300-24T | ||
| Juniper EX3400 | ||
| Juniper Junos | =15.1x53-d210 | |
| Juniper Junos | =15.1x53-d230 | |
| Juniper Junos | =15.1x53-d231 | |
| Juniper Junos | =15.1x53-d232 | |
| Juniper Junos | =15.1x53-d60 | |
| Juniper Junos | =15.1x53-d61 | |
| Juniper Junos | =15.1x53-d62 | |
| Juniper Junos | =15.1x53-d63 | |
| Juniper Junos | =15.1x53-d64 | |
| Juniper Junos | =15.1x53-d65 | |
| Juniper Junos | =15.1x53-d66 | |
| Juniper QFX5110 | ||
| Juniper QFX5200-48Y | ||
| Juniper NFX | ||
| Juniper Junos | =16.1 | |
| Juniper Junos | =16.1-r1 | |
| Juniper Junos | =16.1-r2 | |
| Juniper Junos | =16.1-r3 | |
| Juniper Junos | =16.1-r5-s4 | |
| Juniper Junos | =16.1-r6-s1 | |
| Juniper Junos | =16.1-r7 | |
| Juniper Junos | =16.2 | |
| Juniper Junos | =16.2-r1 | |
| Juniper Junos | =16.2-r2-s5 | |
| Juniper Junos | =16.2-r3 | |
| Juniper Junos | =17.1 | |
| Juniper Junos | =17.1-r1 | |
| Juniper Junos | =17.1-r2 | |
| Juniper Junos | =17.1-r2-s7 | |
| Juniper Junos | =17.1-r3 | |
| Juniper Junos | =17.2x75 | |
| Juniper Junos | =17.2x75-d110 | |
| Juniper Junos | =17.3 | |
| Juniper Junos | =17.3-r1 | |
| Juniper Junos | =17.3-r2 | |
| Juniper Junos | =17.4 | |
| Juniper Junos | =17.4-r1 | |
| Juniper Junos | =17.4-r2 | |
| Juniper Junos | =17.2 | |
| Juniper Junos | =17.2-r1 | |
| Juniper Junos | =17.2-r2 | |
| Juniper Junos | =17.2-r2-s4 | |
| Juniper Junos | =17.2-r3 |
Remedy
The following software releases have been updated to resolve this specific issue: 15.1F6-S11*, 15.1R4-S9, 15.1R6-S6, 15.1R7, 15.1X49-D140, 15.1X53-D233, 15.1X53-D471, 15.1X53-D490, 15.1X53-D59, 15.1X53-D67, 16.1R3-S8, 16.1R5-S4, 16.1R6-S1, 16.1R7, 16.2R1-S6, 16.2R2-S5, 16.2R3, 17.1R1-S7, 17.1R2-S7, 17.1R3, 17.2R1-S6, 17.2R2-S4, 17.2R3, 17.2X75-D110, 17.2X75-D90, 17.3R1-S4, 17.3R2, 17.4R1-S3, 17.4R2, 18.1R1, 18.1X75-D10, and all subsequent releases. *Future availability
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2018-0029?
CVE-2018-0029 has a high severity level as it can cause system crashes and restarts during a broadcast storm when the fxp0 interface is in promiscuous mode.
How do I fix CVE-2018-0029?
To mitigate CVE-2018-0029, avoid placing the fxp0 interface into promiscuous mode, especially during a broadcast storm.
Which versions of Junos OS are affected by CVE-2018-0029?
CVE-2018-0029 affects Junos OS versions 15.1 and later, including all relevant updates and revisions.
What devices are impacted by CVE-2018-0029?
Devices running Junos OS 15.1 and later, including single core and multi-core RE platforms, are impacted by CVE-2018-0029.
Is there a patch available for CVE-2018-0029?
Yes, Juniper Networks provides patches in subsequent updates of Junos OS that address the vulnerability described in CVE-2018-0029.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/remedy
- agent/weakness
- agent/severity
- agent/author
- agent/title
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/juniper
- canonical/juniper junos
- version/juniper junos/15.1
- version/juniper junos/15.1-a1
- version/juniper junos/15.1-f1
- version/juniper junos/15.1-f2
- version/juniper junos/15.1-f2-s1
- version/juniper junos/15.1-f2-s2
- version/juniper junos/15.1-f2-s3
- version/juniper junos/15.1-f2-s4
- version/juniper junos/15.1-f3
- version/juniper junos/15.1-f4
- version/juniper junos/15.1-f5
- version/juniper junos/15.1-f6
- version/juniper junos/15.1-r4-s9
- version/juniper junos/15.1-r6-s6
- version/juniper junos/15.1-r7
- version/juniper junos/15.1x49
- version/juniper junos/15.1x49-d10
- version/juniper junos/15.1x49-d100
- version/juniper junos/15.1x49-d110
- version/juniper junos/15.1x49-d120
- version/juniper junos/15.1x49-d130
- version/juniper junos/15.1x49-d20
- version/juniper junos/15.1x49-d30
- version/juniper junos/15.1x49-d35
- version/juniper junos/15.1x49-d40
- version/juniper junos/15.1x49-d45
- version/juniper junos/15.1x49-d50
- version/juniper junos/15.1x49-d55
- version/juniper junos/15.1x49-d60
- version/juniper junos/15.1x49-d65
- version/juniper junos/15.1x49-d70
- version/juniper junos/15.1x49-d75
- version/juniper junos/15.1x49-d80
- version/juniper junos/15.1x49-d90
- version/juniper junos/15.1x53
- version/juniper junos/15.1x53-d20
- version/juniper junos/15.1x53-d21
- version/juniper junos/15.1x53-d25
- version/juniper junos/15.1x53-d30
- version/juniper junos/15.1x53-d32
- version/juniper junos/15.1x53-d33
- version/juniper junos/15.1x53-d34
- version/juniper junos/15.1x53-d40
- version/juniper junos/15.1x53-d45
- version/juniper junos/15.1x53-d50
- version/juniper junos/15.1x53-d51
- version/juniper junos/15.1x53-d52
- version/juniper junos/15.1x53-d55
- version/juniper junos/15.1x53-d56
- version/juniper junos/15.1x53-d57
- version/juniper junos/15.1x53-d58
- canonical/juniper ex2300-24t
- canonical/juniper ex3400
- version/juniper junos/15.1x53-d210
- version/juniper junos/15.1x53-d230
- version/juniper junos/15.1x53-d231
- version/juniper junos/15.1x53-d232
- version/juniper junos/15.1x53-d60
- version/juniper junos/15.1x53-d61
- version/juniper junos/15.1x53-d62
- version/juniper junos/15.1x53-d63
- version/juniper junos/15.1x53-d64
- version/juniper junos/15.1x53-d65
- version/juniper junos/15.1x53-d66
- canonical/juniper qfx5110
- canonical/juniper qfx5200-48y
- canonical/juniper nfx
- version/juniper junos/16.1
- version/juniper junos/16.1-r1
- version/juniper junos/16.1-r2
- version/juniper junos/16.1-r3
- version/juniper junos/16.1-r5-s4
- version/juniper junos/16.1-r6-s1
- version/juniper junos/16.1-r7
- version/juniper junos/16.2
- version/juniper junos/16.2-r1
- version/juniper junos/16.2-r2-s5
- version/juniper junos/16.2-r3
- version/juniper junos/17.1
- version/juniper junos/17.1-r1
- version/juniper junos/17.1-r2
- version/juniper junos/17.1-r2-s7
- version/juniper junos/17.1-r3
- version/juniper junos/17.2x75
- version/juniper junos/17.2x75-d110
- version/juniper junos/17.3
- version/juniper junos/17.3-r1
- version/juniper junos/17.3-r2
- version/juniper junos/17.4
- version/juniper junos/17.4-r1
- version/juniper junos/17.4-r2
- version/juniper junos/17.2
- version/juniper junos/17.2-r1
- version/juniper junos/17.2-r2
- version/juniper junos/17.2-r2-s4
- version/juniper junos/17.2-r3