Juniper Junos Invalid Ether-type DoS (PSN-2013-04-916)

medium Nessus Plugin ID 66514

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

According to its self-reported version number, the remote Junos device has a denial of service vulnerability. Receiving Ethernet packets with an invalid Ether-type can cause congestion on routers with line cards installed using Ichip-based FPCs and DPCs. An unauthenticated attacker on the same subnet could exploit this, causing the router to drop valid protocol traffic.

Solution

Apply the relevant Junos upgrade referenced in Juniper advisory PSN-2013-04-916.

See Also

http://www.nessus.org/u?7c587c6c

Plugin Details

Severity: Medium

ID: 66514

File Name: juniper_psn-2013-04-916.nasl

Version: 1.9

Type: combined

Published: 5/20/2013

Updated: 8/7/2018

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 6.1

Temporal Score: 4.5

Vector: CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: cpe:/o:juniper:junos

Required KB Items: Host/Juniper/model, Host/Juniper/JUNOS/Version, Host/Juniper/JUNOS/BuildDate

Exploit Ease: No known exploits are available

Patch Publication Date: 4/9/2013

Vulnerability Publication Date: 4/9/2013

Reference Information

BID: 60014