Knowledge Search


×
 

FreeBSD Security Advisory - Remote kernel panics on IPv6 connections (FreeBSD-SA-08:09.icmp6)

  [JSA10386] Show Article Properties


Legacy Advisory Id:
PSN-2008-09-003
Product Affected:
No Juniper Networks products are affected by this vulnerability.
Problem:
A recently-published security advisory from FreeBSD.org describes a vulnerability with ICMPv6. Insufficient validation of the ICMPv6 "Packet Too Big" message can result in a subsequent TCP connection crashing the kernel.

The JUNOS Operating system is based on and uses components from FreeBSD.
Solution:
At this time, static analysis of the source code indicates that JUNOS is not exposed or vulnerable to this IPv6 issue. Detailed static analysis has determined that JUNOS's ICMPv6 code implements additional validations, policing, and optimizations beyond those in FreeBSD. JUNOS also implements additional features which can be used to mitigate this attack vector.


Further analysis and testing has been conducted which verified that JUNOS software is not susceptible to this vulnerability.

Implementation:
JUNOS software is currently believed not to be susceptible to this vulnerability. No customer action is indicated at this time.
Related Links:
Severity Level:
Low
Severity Assessment:
JUNOS software is currently believed not to be susceptible to this vulnerability.