Juniper JUNOS Internet Software contains a vulnerability in IPv6 handling that could allow a remote attacker to cause a denial of service.
Juniper router operating system software (JUNOS) does not properly free memory allocated for certain IPv6 packets. If a fixed amount of memory is exhausted, the system will crash. An attacker could exploit this vulnerability using specially crafted IPv6 packets.
Juniper T, M, and J-series routers running versions of JUNOS 6.4 - 8.0 built prior to May 10, 2006 are affected. Juniper's bug ID for this vulnerability is PR/67593.
A remote attacker could cause a denial of service on an affected device. Systems or networks that rely on a vulnerable router for connectivity would also be affected as a result.
Juniper has released updated versions of JUNOS. Please visit the Juniper support site (JTAC Security Bulletin PSN-2006-06-017, login required) for more information. There is also a public version of JTAC Security Bulletin PSN-2006-06-017.
Sites that are unable to update or do not require IPv6 should consider removing all IPv6 configuration parameters from the router.
Vendor| Status| Date Notified| Date Updated
Juniper Networks, Inc.| | -| 11 Jul 2006
If you are a vendor and your product is affected, let us know.
Group | Score | Vector
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | N/A | N/A
Thanks to Juniper for reporting this vulnerability.
This document was written by Ryan Giobbi.