Juniper Junos ALG Fragmented Traffic Handling MS-MPC / MS-MIC Service PIC DoS (JSA10794)
High Nessus Plugin ID 102707
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionAccording to its self-reported version and model number, the remote Juniper Junos device is affected by a denial of service vulnerability in the Application Layer Gateway (ALG) that is triggered when handling a large amount of fragmented packets. An unauthenticated, remote attacker can exploit this to crash an MS-MPC or MS-MIC service physical interface card (PIC).
Note that the device is only vulnerable if NAT or stateful-firewall rules are configured with ALGs enabled
SolutionUpgrade to the relevant Junos software release referenced in Juniper security advisory JSA10794. Alternatively, disable NAT and the stateful-firewall if they are not required.