CVE-2018-0049: Junos OS: Receipt of a specifically crafted malicious MPLS packet leads to a Junos kernel crash.
First published: Wed Oct 10 2018(Updated: )
A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS allows an attacker to cause the Junos OS kernel to crash. Continued receipt of this specifically crafted malicious MPLS packet will cause a sustained Denial of Service condition. This issue require it to be received on an interface configured to receive this type of traffic. Affected releases are Juniper Networks Junos OS: 12.1X46 versions above and including 12.1X46-D76 prior to 12.1X46-D81 on SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 12.3R12-S10; 12.3X48 versions above and including 12.3X48-D66 prior to 12.3X48-D75 on SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 14.1X53-D47 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100; 14.1X53 versions above and including 14.1X53-D115 prior to 14.1X53-D130 on QFabric System; 15.1 versions above and including 15.1F6-S10; 15.1R4-S9; 15.1R6-S6; 15.1 versions above and including 15.1R7 prior to 15.1R7-S2; 15.1X49 versions above and including 15.1X49-D131 prior to 15.1X49-D150 on SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 15.1X53 versions above 15.1X53-D233 prior to 15.1X53-D235 on QFX5200/QFX5110; 15.1X53 versions up to and including 15.1X53-D471 prior to 15.1X53-D590 on NFX150, NFX250; 15.1X53-D67 on QFX10000 Series; 15.1X53-D59 on EX2300/EX3400; 16.1 versions above and including 16.1R3-S8; 16.1 versions above and including 16.1R4-S9 prior to 16.1R4-S12; 16.1 versions above and including 16.1R5-S4; 16.1 versions above and including 16.1R6-S3 prior to 16.1R6-S6; 16.1 versions above and including 16.1R7 prior to 16.1R7-S2; 16.2 versions above and including 16.2R1-S6; 16.2 versions above and including 16.2R2-S5 prior to 16.2R2-S7; 17.1R1-S7; 17.1 versions above and including 17.1R2-S7 prior to 17.1R2-S9; 17.2R1-S6; 17.2 versions above and including 17.2R2-S4 prior to 17.2R2-S6; 17.2X75 versions above and including 17.2X75-D100 prior to X17.2X75-D101, 17.2X75-D110; 17.3 versions above and including 17.3R1-S4 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 17.3 versions above and including 17.3R2-S2 prior to 17.3R2-S4 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 17.3R3 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 17.4 versions above and including 17.4R1-S3 prior to 17.4R1-S5 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 17.4R2 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 18.1 versions above and including 18.1R2 prior to 18.1R2-S3, 18.1R3 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 18.2 versions above and including 18.2R1 prior to 18.2R1-S2, 18.2R1-S3, 18.2R2 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 18.2X75 versions above and including 18.2X75-D5 prior to 18.2X75-D20.
Credit: sirt@juniper.net
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Juniper JUNOS | =12.1x46-d76 | |
| Juniper JUNOS | =12.1x46-d77 | |
| Juniper JUNOS | =12.3x48-d66 | |
| Juniper JUNOS | =12.3x48-d70 | |
| Juniper Srx100 | ||
| Juniper Srx110 | ||
| Juniper Srx1400 | ||
| Juniper Srx1500 | ||
| Juniper Srx210 | ||
| Juniper Srx220 | ||
| Juniper Srx240 | ||
| Juniper Srx240h2 | ||
| Juniper Srx300 | ||
| Juniper Srx320 | ||
| Juniper Srx340 | ||
| Juniper Srx3400 | ||
| Juniper Srx345 | ||
| Juniper Srx3600 | ||
| Juniper Srx380 | ||
| Juniper Srx4000 | ||
| Juniper Srx4100 | ||
| Juniper Srx4200 | ||
| Juniper Srx4600 | ||
| Juniper Srx5000 | ||
| Juniper Srx5400 | ||
| Juniper Srx550 | ||
| Juniper Srx550 Hm | ||
| Juniper Srx550m | ||
| Juniper Srx5600 | ||
| Juniper Srx5800 | ||
| Juniper Srx650 | ||
| Juniper JUNOS | =12.3-r12-s10 | |
| Juniper JUNOS | =15.1-f6-s10 | |
| Juniper JUNOS | =15.1-f6-s12 | |
| Juniper JUNOS | =15.1-f7 | |
| Juniper JUNOS | =15.1-r | |
| Juniper JUNOS | =15.1-r1 | |
| Juniper JUNOS | =15.1-r2 | |
| Juniper JUNOS | =15.1-r3 | |
| Juniper JUNOS | =15.1-r4 | |
| Juniper JUNOS | =15.1-r4-s7 | |
| Juniper JUNOS | =15.1-r4-s8 | |
| Juniper JUNOS | =15.1-r4-s9 | |
| Juniper JUNOS | =15.1-r5 | |
| Juniper JUNOS | =15.1-r5-s1 | |
| Juniper JUNOS | =15.1-r5-s3 | |
| Juniper JUNOS | =15.1-r5-s5 | |
| Juniper JUNOS | =15.1-r5-s6 | |
| Juniper JUNOS | =15.1-r6 | |
| Juniper JUNOS | =15.1-r6-s1 | |
| Juniper JUNOS | =15.1-r6-s2 | |
| Juniper JUNOS | =15.1-r6-s3 | |
| Juniper JUNOS | =15.1-r6-s4 | |
| Juniper JUNOS | =15.1-r6-s6 | |
| Juniper JUNOS | =15.1-r7 | |
| Juniper JUNOS | =15.1-r7-s1 | |
| Juniper JUNOS | =16.1-r3-s8 | |
| Juniper JUNOS | =16.1-r4 | |
| Juniper JUNOS | =16.1-r4-s2 | |
| Juniper JUNOS | =16.1-r4-s3 | |
| Juniper JUNOS | =16.1-r4-s4 | |
| Juniper JUNOS | =16.1-r4-s6 | |
| Juniper JUNOS | =16.1-r4-s8 | |
| Juniper JUNOS | =16.1-r4-s9 | |
| Juniper JUNOS | =16.1-r5-s4 | |
| Juniper JUNOS | =16.1-r6 | |
| Juniper JUNOS | =16.1-r6-s1 | |
| Juniper JUNOS | =16.1-r6-s3 | |
| Juniper JUNOS | =16.1-r6-s4 | |
| Juniper JUNOS | =16.1-r7 | |
| Juniper JUNOS | =16.2-r1-s6 | |
| Juniper JUNOS | =16.2-r2 | |
| Juniper JUNOS | =16.2-r2-s1 | |
| Juniper JUNOS | =16.2-r2-s10 | |
| Juniper JUNOS | =16.2-r2-s2 | |
| Juniper JUNOS | =16.2-r2-s5 | |
| Juniper JUNOS | =16.2-r2-s6 | |
| Juniper JUNOS | =17.1-r1-s7 | |
| Juniper JUNOS | =17.1-r2-s7 | |
| Juniper JUNOS | =17.1-r2-s8 | |
| Juniper JUNOS | =17.2-r1-s6 | |
| Juniper JUNOS | =17.2-r2-s4 | |
| Juniper JUNOS | =17.2x75-d100 | |
| Juniper JUNOS | =18.2x75-d12 | |
| Juniper JUNOS | =18.2x75-d5 | |
| Juniper JUNOS | =14.1x53-d47 | |
| Juniper Ex2200 | ||
| Juniper Ex2200-vc | ||
| Juniper Ex3200 | ||
| Juniper Ex3300 | ||
| Juniper Ex3300-vc | ||
| Juniper Ex4200 | ||
| Juniper Ex4300 | ||
| Juniper Ex4550 | ||
| Juniper Ex4550-vc | ||
| Juniper EX4600 | ||
| Juniper Ex6200 | ||
| Juniper Ex8200 | ||
| Juniper Ex8200-vc | ||
| Juniper Qfx3500 | ||
| Juniper Qfx3600 | ||
| Juniper Qfx5100 | ||
| Juniper JUNOS | =15.1x49-d131 | |
| Juniper JUNOS | =15.1x49-d140 | |
| Juniper JUNOS | =17.3-r1-s4 | |
| Juniper JUNOS | =17.3-r2 | |
| Juniper JUNOS | =17.3-r2-s1 | |
| Juniper JUNOS | =17.3-r2-s2 | |
| Juniper JUNOS | =17.3-r2-s3 | |
| Juniper JUNOS | =17.3-r3 | |
| Juniper JUNOS | =17.4-r1-s3 | |
| Juniper JUNOS | =17.4-r1-s4 | |
| Juniper JUNOS | =17.4-r2 | |
| Juniper JUNOS | =18.1-r2 | |
| Juniper JUNOS | =18.1-r2-s1 | |
| Juniper JUNOS | =18.1-r2-s2 | |
| Juniper JUNOS | =18.2-r1 | |
| Juniper Srx240m | ||
| Juniper JUNOS | =15.1x53-d233 | |
| Juniper JUNOS | =15.1x53-d234 | |
| Juniper Qfx5110 | ||
| Juniper Qfx5200 | ||
| Juniper JUNOS | =15.1x53-d471 | |
| Juniper JUNOS | =15.1x53-d490 | |
| Juniper JUNOS | =15.1x53-d495 | |
| Juniper Nfx150 | ||
| Juniper Nfx250 | ||
| Juniper JUNOS | =15.1x53-d67 | |
| Juniper Qfx10000 | ||
| Juniper Qfx10002 | ||
| Juniper Qfx10002-32q | ||
| Juniper Qfx10002-60c | ||
| Juniper Qfx10002-72q | ||
| Juniper Qfx10008 | ||
| Juniper Qfx10016 | ||
| Juniper JUNOS | =15.1x53-d59 | |
| Juniper Ex2300 | ||
| Juniper Ex3400 |
Remedy
The following software releases have been updated to resolve this specific issue: 12.1X46-D81, 12.3R12-S11, 12.3X48-D75, 14.1X53-D130, 14.1X53-D48, 15.1R7-S2, 15.1X49-D150, 5.1X53-D235, 15.1X53-D495, 15.1X53-D68, 15.1X53-D590, 16.1R4-S12, 16.1R6-S6, 16.1R7-S2, 16.1X65-D48, 16.2R2-S7, 16.2R3, 17.1R2-S9, 17.1R3, 17.2R1-S7, 17.2R2-S6, 17.2R3, 17.2X75-D101, 17.2X75-D110, 17.3R2-S4, 17.3R3-S1, 17.3R4, 17.4R1-S5, 17.4R2-S1, 17.4R3, 18.1R2-S3, 18.1R3, 18.2R1-S2, 18.2R1-S3, 18.2R2, 18.2X75-D20, 18.3R1, and all subsequent releases. Additionally, the following software releases have been re-released to the Juniper download pages to resolve this specific issue: 12.1X46-D76.1, 12.3X48-D70.4, 14.1X53-D47.6, 15.1F6-S10.11, 15.1R6-S6.2, 15.1R7.9, 15.1X49-D140.3, 15.1X53-D233.2, 15.1X53-D59.4, 15.1X53-D67.6, 16.1R6-S3.2, 16.1R7-S1.2, 16.1R7.8, 17.2X75-D100.6, 17.3R2-S2.2, 17.3R3.10, 17.4R1-S3.4, 18.1R2.6. Note: The final ".xy" numeric entry, for example the .4 in 12.3X48-D70.4, on a release in this notice is the respin release number. Customer's should check the respin release number on the version of Junos OS to confirm vulnerability.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/remedy
- agent/weakness
- agent/severity
- agent/author
- agent/title
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- vendor/juniper
- canonical/juniper junos
- version/juniper junos/12.1x46-d76
- version/juniper junos/12.1x46-d77
- version/juniper junos/12.3x48-d66
- version/juniper junos/12.3x48-d70
- canonical/juniper srx100
- canonical/juniper srx110
- canonical/juniper srx1400
- canonical/juniper srx1500
- canonical/juniper srx210
- canonical/juniper srx220
- canonical/juniper srx240
- canonical/juniper srx240h2
- canonical/juniper srx300
- canonical/juniper srx320
- canonical/juniper srx340
- canonical/juniper srx3400
- canonical/juniper srx345
- canonical/juniper srx3600
- canonical/juniper srx380
- canonical/juniper srx4000
- canonical/juniper srx4100
- canonical/juniper srx4200
- canonical/juniper srx4600
- canonical/juniper srx5000
- canonical/juniper srx5400
- canonical/juniper srx550
- canonical/juniper srx550 hm
- canonical/juniper srx550m
- canonical/juniper srx5600
- canonical/juniper srx5800
- canonical/juniper srx650
- version/juniper junos/12.3-r12-s10
- version/juniper junos/15.1-f6-s10
- version/juniper junos/15.1-f6-s12
- version/juniper junos/15.1-f7
- version/juniper junos/15.1-r
- version/juniper junos/15.1-r1
- version/juniper junos/15.1-r2
- version/juniper junos/15.1-r3
- version/juniper junos/15.1-r4
- version/juniper junos/15.1-r4-s7
- version/juniper junos/15.1-r4-s8
- version/juniper junos/15.1-r4-s9
- version/juniper junos/15.1-r5
- version/juniper junos/15.1-r5-s1
- version/juniper junos/15.1-r5-s3
- version/juniper junos/15.1-r5-s5
- version/juniper junos/15.1-r5-s6
- version/juniper junos/15.1-r6
- version/juniper junos/15.1-r6-s1
- version/juniper junos/15.1-r6-s2
- version/juniper junos/15.1-r6-s3
- version/juniper junos/15.1-r6-s4
- version/juniper junos/15.1-r6-s6
- version/juniper junos/15.1-r7
- version/juniper junos/15.1-r7-s1
- version/juniper junos/16.1-r3-s8
- version/juniper junos/16.1-r4
- version/juniper junos/16.1-r4-s2
- version/juniper junos/16.1-r4-s3
- version/juniper junos/16.1-r4-s4
- version/juniper junos/16.1-r4-s6
- version/juniper junos/16.1-r4-s8
- version/juniper junos/16.1-r4-s9
- version/juniper junos/16.1-r5-s4
- version/juniper junos/16.1-r6
- version/juniper junos/16.1-r6-s1
- version/juniper junos/16.1-r6-s3
- version/juniper junos/16.1-r6-s4
- version/juniper junos/16.1-r7
- version/juniper junos/16.2-r1-s6
- version/juniper junos/16.2-r2
- version/juniper junos/16.2-r2-s1
- version/juniper junos/16.2-r2-s10
- version/juniper junos/16.2-r2-s2
- version/juniper junos/16.2-r2-s5
- version/juniper junos/16.2-r2-s6
- version/juniper junos/17.1-r1-s7
- version/juniper junos/17.1-r2-s7
- version/juniper junos/17.1-r2-s8
- version/juniper junos/17.2-r1-s6
- version/juniper junos/17.2-r2-s4
- version/juniper junos/17.2x75-d100
- version/juniper junos/18.2x75-d12
- version/juniper junos/18.2x75-d5
- version/juniper junos/14.1x53-d47
- canonical/juniper ex2200
- canonical/juniper ex2200-vc
- canonical/juniper ex3200
- canonical/juniper ex3300
- canonical/juniper ex3300-vc
- canonical/juniper ex4200
- canonical/juniper ex4300
- canonical/juniper ex4550
- canonical/juniper ex4550-vc
- canonical/juniper ex4600
- canonical/juniper ex6200
- canonical/juniper ex8200
- canonical/juniper ex8200-vc
- canonical/juniper qfx3500
- canonical/juniper qfx3600
- canonical/juniper qfx5100
- version/juniper junos/15.1x49-d131
- version/juniper junos/15.1x49-d140
- version/juniper junos/17.3-r1-s4
- version/juniper junos/17.3-r2
- version/juniper junos/17.3-r2-s1
- version/juniper junos/17.3-r2-s2
- version/juniper junos/17.3-r2-s3
- version/juniper junos/17.3-r3
- version/juniper junos/17.4-r1-s3
- version/juniper junos/17.4-r1-s4
- version/juniper junos/17.4-r2
- version/juniper junos/18.1-r2
- version/juniper junos/18.1-r2-s1
- version/juniper junos/18.1-r2-s2
- version/juniper junos/18.2-r1
- canonical/juniper srx240m
- version/juniper junos/15.1x53-d233
- version/juniper junos/15.1x53-d234
- canonical/juniper qfx5110
- canonical/juniper qfx5200
- version/juniper junos/15.1x53-d471
- version/juniper junos/15.1x53-d490
- version/juniper junos/15.1x53-d495
- canonical/juniper nfx150
- canonical/juniper nfx250
- version/juniper junos/15.1x53-d67
- canonical/juniper qfx10000
- canonical/juniper qfx10002
- canonical/juniper qfx10002-32q
- canonical/juniper qfx10002-60c
- canonical/juniper qfx10002-72q
- canonical/juniper qfx10008
- canonical/juniper qfx10016
- version/juniper junos/15.1x53-d59
- canonical/juniper ex2300
- canonical/juniper ex3400