Juniper Junos GRE DoS (PSN-2013-04-917)

Medium Nessus Plugin ID 66515


The remote device is missing a vendor-supplied security patch.


According to its self-reported version number, the remote Junos device has a denial of service vulnerability. Specially crafted GRE packets received on a multicast tunnel interface that are allowed to reach the routing engine can cause the kernel to crash. An unauthenticated attacker on the same subnet could exploit this to crash the host.


Apply the relevant Junos upgrade referenced in Juniper advisory PSN-2013-04-917.

See Also

Plugin Details

Severity: Medium

ID: 66515

File Name: juniper_psn-2013-04-917.nasl

Version: $Revision: 1.8 $

Type: combined

Published: 2013/05/20

Modified: 2013/10/18

Dependencies: 55932

Risk Information

Risk Factor: Medium


Base Score: 6.1

Temporal Score: 4.5

Vector: CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:juniper:junos

Required KB Items: Host/Juniper/model, Host/Juniper/JUNOS/Version, Host/Juniper/JUNOS/BuildDate

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2013/04/08

Vulnerability Publication Date: 2013/04/08

Reference Information

BID: 60016

OSVDB: 92224