Vulnerability Note VU#294036

Juniper JUNOS IPv6 denial-of-service vulnerability

Original Release date: 11 Jul 2006 | Last revised: 17 Jul 2006

Overview

Juniper JUNOS Internet Software contains a vulnerability in IPv6 handling that could allow a remote attacker to cause a denial of service.

Description

Juniper router operating system software (JUNOS) does not properly free memory allocated for certain IPv6 packets. If a fixed amount of memory is exhausted, the system will crash. An attacker could exploit this vulnerability using specially crafted IPv6 packets.

Juniper T, M, and J-series routers running versions of JUNOS 6.4 - 8.0 built prior to May 10, 2006 are affected. Juniper's bug ID for this vulnerability is PR/67593.

Impact

A remote attacker could cause a denial of service on an affected device. Systems or networks that rely on a vulnerable router for connectivity would also be affected as a result.

Solution

Upgrade
Juniper has released updated versions of JUNOS. Please visit the Juniper support site (JTAC Security Bulletin PSN-2006-06-017, login required) for more information. There is also a public version of JTAC Security Bulletin PSN-2006-06-017.


Workarounds

Disable IPv6

Sites that are unable to update or do not require IPv6 should consider removing all IPv6 configuration parameters from the router.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Juniper Networks, Inc.Affected-11 Jul 2006
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

Thanks to Juniper for reporting this vulnerability.

This document was written by Ryan Giobbi.

Other Information

  • CVE IDs: CVE-2006-3529
  • Date Public: 10 Jul 2006
  • Date First Published: 11 Jul 2006
  • Date Last Updated: 17 Jul 2006
  • Severity Metric: 11.23
  • Document Revision: 30

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.