This issue can affect SSG Series, ISG Series, and NS Series devices running ScreenOS 6.3, 6.2, and 5.4 (on NS 5GT only).
A denial of service (DoS) issue has been found in ScreenOS. If the "Ping of Death" screen is enabled, the issue will not take place. However, if it is not enabled it is possible to experience a denial of service with certain malformed packets. By default the Ping of Death screen is enabled on the untrust zone, but not the trust zone.
This issue was discovered by an external security researcher.
Juniper SIRT is not aware of any malicious exploitation of this vulnerability.
No other Juniper Networks products or platforms are affected by this issue.
On ScreenOS 6.3, 6.2, and 5.4 you can enable the Ping of Death screen to be protected from this issue.
We will also be releasing a fix for this issue in 6.3.0.r16, which is expected to be posted to the support site by the end of 2013. This fix will allow the firewall to be protected against this issue even if the Ping of Death screen is not enabled.
KB16765 - "In which releases are vulnerabilities fixed?" describes which release vulnerabilities are fixed as per our End of Engineering and End of Life support policies.