Details of VAR-200412-0097

ID

VAR-200412-0097

CVE

CVE-2004-0468

TITLE

Juniper JUNOS Packet Forwarding Engine (PFE) IPv6 memory leak

Trust: 0.8

sources: CERT/CC: VU#658859

DESCRIPTION

Memory leak in Juniper JUNOS Packet Forwarding Engine (PFE) allows remote attackers to cause a denial of service (memory exhaustion and device reboot) via certain IPv6 packets. If an attacker submits multiple packets to a vulnerable router running IPv6-enabled PFE, the router can be repeatedly rebooted, essentially creating a denial of service for the router. Juniper Networks Junos OS Exists in unspecified vulnerabilities.None. All Juniper Networks M-series and T-series routing platforms with IPv6 support are also prone to this issue. The operating system provides a secure programming interface and Junos SDK. Remote attackers can use this vulnerability to carry out denial-of-service attacks on routers running JUNOS devices. This can be exploited by sending multiple specially crafted IPv6 packets to a vulnerable network device. Successful exploitation consumes all available memory and causes a vulnerable network device to reboot. SOLUTION: A solution is available at: https://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2004-06-009&actionBtn=Search Disable IPv6 support in the PFE. PROVIDED AND/OR DISCOVERED BY: Reported by vendor. OTHER REFERENCES: US-CERT VU#658859: http://www.kb.cert.org/vuls/id/658859 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet@packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.79

sources: NVD: CVE-2004-0468 // CERT/CC: VU#658859 // JVNDB: JVNDB-2004-000897 // BID: 10636 // VULHUB: VHN-8898 // PACKETSTORM: 33675

AFFECTED PRODUCTS

vendor:	juniper	model:	junos	scope:	eq	version:	*	Trust: 1.0
vendor:	juniper	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	ジュニパーネットワークス	model:	junos os	scope:	eq	version:	-	Trust: 0.8
vendor:	ジュニパーネットワークス	model:	junos os	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	junos	scope:	-	version:	-	Trust: 0.6
vendor:	juniper	model:	junos	scope:	eq	version:	6.3	Trust: 0.3
vendor:	juniper	model:	junos	scope:	eq	version:	6.2	Trust: 0.3
vendor:	juniper	model:	junos	scope:	eq	version:	6.1	Trust: 0.3

sources: CERT/CC: VU#658859 // BID: 10636 // JVNDB: JVNDB-2004-000897 // CNNVD: CNNVD-200412-047 // NVD: CVE-2004-0468

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-0468
value:	MEDIUM
Trust: 1.0
CARNEGIE MELLON:	VU#658859
value:	15.54
Trust: 0.8
CNNVD:	CNNVD-200412-047
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-8898
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2004-0468
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-8898
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#658859 // VULHUB: VHN-8898 // CNNVD: CNNVD-200412-047 // NVD: CVE-2004-0468

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2004-000897 // NVD: CVE-2004-0468

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200412-047

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200412-047

EXTERNAL IDS

db:	CERT/CC	id:	VU#658859	Trust: 3.7
db:	NVD	id:	CVE-2004-0468	Trust: 3.7
db:	JVNDB	id:	JVNDB-2004-000897	Trust: 0.8
db:	CNNVD	id:	CNNVD-200412-047	Trust: 0.7
db:	XF	id:	6	Trust: 0.6
db:	XF	id:	16548	Trust: 0.6
db:	BID	id:	10636	Trust: 0.4
db:	SECUNIA	id:	11950	Trust: 0.3
db:	VULHUB	id:	VHN-8898	Trust: 0.1
db:	PACKETSTORM	id:	33675	Trust: 0.1

sources: CERT/CC: VU#658859 // VULHUB: VHN-8898 // BID: 10636 // JVNDB: JVNDB-2004-000897 // PACKETSTORM: 33675 // CNNVD: CNNVD-200412-047 // NVD: CVE-2004-0468

REFERENCES

url:	http://www.jpcert.or.jp/at/2004/at040009.txt	Trust: 3.3
url:	http://www.kb.cert.org/vuls/id/658859	Trust: 2.9
url:	http://www.kb.cert.org/vuls/id/jsha-6253cc	Trust: 2.8
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/16548	Trust: 1.9
url:	https://www.juniper.net/alerts/viewalert.jsp?txtalertnumber=psn-2004-06-009&actionbtn=search	Trust: 1.2
url:	https://nvd.nist.gov/vuln/detail/cve-2004-0468	Trust: 0.9
url:	http://www.juniper.net/support/requesting-support.html	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/16548	Trust: 0.6
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet@packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/11950/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/product/3418/	Trust: 0.1

sources: CERT/CC: VU#658859 // VULHUB: VHN-8898 // BID: 10636 // JVNDB: JVNDB-2004-000897 // PACKETSTORM: 33675 // CNNVD: CNNVD-200412-047 // NVD: CVE-2004-0468

CREDITS

vendor

Trust: 0.6

sources: CNNVD: CNNVD-200412-047

SOURCES

db:	CERT/CC	id:	VU#658859
db:	VULHUB	id:	VHN-8898
db:	BID	id:	10636
db:	JVNDB	id:	JVNDB-2004-000897
db:	PACKETSTORM	id:	33675
db:	CNNVD	id:	CNNVD-200412-047
db:	NVD	id:	CVE-2004-0468

LAST UPDATE DATE

2024-08-14T12:11:05.909000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#658859	date:	2004-06-30T00:00:00
db:	VULHUB	id:	VHN-8898	date:	2017-07-11T00:00:00
db:	BID	id:	10636	date:	2009-07-12T05:16:00
db:	JVNDB	id:	JVNDB-2004-000897	date:	2024-06-04T08:54:00
db:	CNNVD	id:	CNNVD-200412-047	date:	2006-09-20T00:00:00
db:	NVD	id:	CVE-2004-0468	date:	2017-07-11T01:30:11.043

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#658859	date:	2004-06-30T00:00:00
db:	VULHUB	id:	VHN-8898	date:	2004-12-06T00:00:00
db:	BID	id:	10636	date:	2004-06-30T00:00:00
db:	JVNDB	id:	JVNDB-2004-000897	date:	2024-06-04T00:00:00
db:	PACKETSTORM	id:	33675	date:	2004-06-29T11:59:00
db:	CNNVD	id:	CNNVD-200412-047	date:	2004-06-30T00:00:00
db:	NVD	id:	CVE-2004-0468	date:	2004-12-06T05:00:00