Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Remotely exploitable ICMPv6 denial-of-service (DoS) attack (CERT/CC VU#658859)

0

0

Article ID: JSA10334 SECURITY_ADVISORIES Last Updated: 09 May 2013Version: 3.0
Legacy Advisory Id:
PSN-2004-06-009
Product Affected:
All Juniper Networks M-series and T-series routing platforms with IPv6 enabled.
Problem:
When an incoming IPv6 packet requires the router to generate an ICMPv6 response, the response might not be generated and the buffer containing the original packet might not be released. Eventually the Packet Forwarding Engine CPU might exhaust its packet memory and reboot. This problem exists in all JUNOS Release 6.x software built between February 24 and June 19, 2004 (inclusive) running on M-series and T-series routing platforms, and is tracked as PR/48386.
Solution:
The JUNOS software has been modified to release the memory occupied by the original IPv6 packets.
Implementation:
All JUNOS software built on or after June 20, 2004 includes the corrected code. Customers running in an IPv6 environment are strongly encouraged to upgrade their software to incorporate this correction. Contact Juniper Networks Technical Assistance Center for availability and download instructions.
Severity Level:
High
Severity Assessment:
This remotely exploitable Denial of Service attack vector exists in all Juniper Netowrks M-series and T-series routing platforms on which IPv6 is enabled.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search