漏洞类别:Hardware
漏洞等级: 
漏洞信息
Juniper JUNOS is the network operating system used in Juniper Networks hardware systems.
By flooding a router with specially crafted IPv6 traffic, all available resources can be consumed, leading to the inability to store next hop information for legitimate traffic. In extreme cases, the crafted IPv6 traffic may result in a total resource exhaustion and kernel panic. The issue is triggered by traffic destined to the router. Transit traffic does not trigger the vulnerability.
漏洞危害
This issue can affect any product or platform running Junos OS with IPv6 enabled.
解决方案
IPv6 resource management improvement (PR 1037225) has addressed these resource exhaustion issues in the following software releases: 11.4R13-S3, 12.3R3-S4, 12.3X48-D30, 13.3R10*, 13.3R4-S11, 14.1R2-S8, 14.1R4-S12, 14.1R8, 14.1X53-D28, 14.1X53-D40, 14.1X55-D35, 14.2R3-S10, 14.2R4-S7, 14.2R6, 15.1F2-S5, 15.1F5-S2, 15.1F6, 15.1R3, 15.1X49-D40, 15.1X53-D57, 15.1X53-D70, 16.1R1, and all subsequent releases.
Workaround:
Limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit access to the router via IPv6 only from trusted, administrative networks or hosts.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论