Juniper JunosE IP Option Handling SRP Reset Vulnerability

by Carol~ Moderator - 1/15/13 11:24 AM

In Reply to: VULNERABILITIES / FIXES - January 15, 2013 by Carol~ Moderator

Release Date : 2013-01-15

Criticality level : Moderately critical
Impact: DoS
Where : From remote
Solution Status : Vendor Patch

Operating System: Juniper JunosE 10.x
Juniper JunosE 11.x
Juniper JunosE 12.x

Description:
A vulnerability has been reported in Juniper JunosE, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error when handling the IP Option in a packet and can be exploited to trigger a SRP reset.

The vulnerability is reported in versions prior to 10.3.3p0-10, 11.2.3, 11.3.3, 12.0.3, 12.1.2, 12.2.1, and 12.3.0.

Solution:
Updated to version 10.3.3p0-10, 11.2.3, 11.3.3, 12.0.3, 12.1.2, 12.2.1, or 12.3.0.

Provided and/or discovered by:
Reported by the vendor.

http://secunia.com/advisories/51832/