Juniper Junos proxy-arp/arp-resp DoS (JSA10576)
Medium Nessus Plugin ID 68909
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionAccording to its self-reported version number, the remote Junos device has a denial of service vulnerability. Specially crafted ARP requests can result in a crash when a 'family inet' interface is configured as follows :
- Uses a VLAN interface with an unnumbered address based on lo0
- lo0 is configured with a non-/32 address
- Both 'proxy-arp unrestricted' and 'arp-resp unrestricted' are enabled
SolutionApply the relevant Junos upgrade referenced in Juniper advisory JSA10576.