Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

2013-12 Security Bulletin: NetScreen Firewall: Crafted packet can cause denial of service (CVE-2013-6958)

0

0

Article ID: JSA10604 SECURITY_ADVISORIES Last Updated: 11 Dec 2013Version: 4.0
Product Affected:
This issue can affect SSG Series, ISG Series, and NS Series devices running ScreenOS 6.3, 6.2, and 5.4 (on NS 5GT only).
Problem:
A denial of service (DoS) issue has been found in ScreenOS. If the "Ping of Death" screen is enabled, the issue will not take place. However, if it is not enabled it is possible to experience a denial of service with certain malformed packets. By default the Ping of Death screen is enabled on the untrust zone, but not the trust zone.

This issue was discovered by an external security researcher.

Juniper SIRT is not aware of any malicious exploitation of this vulnerability.

No other Juniper Networks products or platforms are affected by this issue.

This issue has been assigned CVE-2013-6958
Solution:
On ScreenOS 6.3, 6.2, and 5.4 you can enable the Ping of Death screen to be protected from this issue.

We will also be releasing a fix for this issue in 6.3.0.r16, which is expected to be posted to the support site by the end of 2013. This fix will allow the firewall to be protected against this issue even if the Ping of Death screen is not enabled.

KB16765 - "In which releases are vulnerabilities fixed?" describes which release vulnerabilities are fixed as per our End of Engineering and End of Life support policies.
Workaround:
See the solution section.
Implementation:
 
CVSS Score:
7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C)
Severity Level:
High
Acknowledgements:
Juniper Networks would like to thank Shuichiro Suzuki of FFRI, Inc. for reporting this issue. We would also like to thank JPCERT/CC for their help in coordinating this issue.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search