SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#294036

Juniper JUNOS IPv6 denial-of-service vulnerability

Overview

Juniper JUNOS Internet Software contains a vulnerability in IPv6 handling that could allow a remote attacker to cause a denial of service.

I. Description

Juniper router operating system software (JUNOS) does not properly free memory allocated for certain IPv6 packets. If a fixed amount of memory is exhausted, the system will crash. An attacker could exploit this vulnerability using specially crafted IPv6 packets.

Juniper T, M, and J-series routers running versions of JUNOS 6.4 - 8.0 built prior to May 10, 2006 are affected. Juniper's bug ID for this vulnerability is PR/67593.

II. Impact

A remote attacker could cause a denial of service on an affected device. Systems or networks that rely on a vulnerable router for connectivity would also be affected as a result.

III. Solution

Upgrade

Juniper has released updated versions of JUNOS. Please visit the Juniper support site (JTAC Security Bulletin PSN-2006-06-017, login required) for more information. There is also a public version of JTAC Security Bulletin PSN-2006-06-017.

Workarounds

Disable IPv6

Sites that are unable to update or do not require IPv6 should consider removing all IPv6 configuration parameters from the router.

Systems Affected

VendorStatusDate NotifiedDate Updated
Juniper Networks, Inc.Vulnerable11-Jul-2006

References


http://www.juniper.net/support/security/alerts/EXT-PSN-2006-06-017.txt
https://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2006-06-017
http://www.juniper.net/support/security/alerts/IPv6_bug.txt

Credit

Thanks to Juniper for reporting this vulnerability.

This document was written by Ryan Giobbi.

Other Information

Date Public:2006-07-10
Date First Published:2006-07-11
Date Last Updated:2006-07-17
CERT Advisory: 
CVE-ID(s):CVE-2006-3529
NVD-ID(s):CVE-2006-3529
US-CERT Technical Alerts: 
Metric:11.23
Document Revision:30

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Produced 2006 by US-CERT, a government organization
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader