Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

TCP Out-of-Sequence Denial of Service Vulnerability (FreeBSD Security Advisory SA-04:04.tcp)



Article ID: JSA10321 SECURITY_ADVISORIES Last Updated: 09 May 2013Version: 2.0
Legacy Advisory Id:
Product Affected:
All Juniper products running software built prior to March 5, 2004.
When TCP packets are received out of order, they are buffered for later delivery to the application program rather than being discarded. Currently there are no limits imposed on the number of such packets being buffered. Therefore, an attacker could take advantage of this feature of the TCP protocol to launch a low-bandwidth denial-of-service (DoS) attack.

All Juniper M-series and T-series routers running JUNOS software built prior to March 5, 2004, are susceptible to this vulnerability. A successful attack results in a kernel crash.

While JUNOSe software on E-series routers is not derived from FreeBSD, it also lacks a mechanism to limit the amount of buffer space occupied by buffered, out-of-sequence packets. However, JUNOSe handles most out-of-buffer conditions gracefully and an attack is unlikely to succeed.

G-series Cable Modem Termination Systems are not susceptible to this vulnerability.

Refer to the FreeBSD Advisory SA-04:04.tcp for more information.

This bulletin will be updated as more information becomes available.
The JUNOS software has been modified to impose a limit on the number of out-of-order packets that can be buffered for later delivery to the application layer, avoiding the possibility of exhausting available buffers.

JUNOSe software modifications are being investigated to impose a limit on the number of out-of-order packets that can be buffered.
Customers are encouraged to implement appropriate packet filtering to prevent untrusted traffic from reaching the router.

Additionally, for M-series and T-series routers, customers can install a version of JUNOS software built on or after March 5, 2004. Contact Juniper Networks Technical Assistance Center for availability and download instructions.
Severity Level:
Severity Assessment:
Best practices dictate that one should use existing filter techniques to prevent untrusted TCP traffic (or any other untrusted traffic) from reaching one's routers. With such filters in place, a blind attack has a very low chance of success because of the large number of bits that need to be guessed correctly.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search