VAR-200412-0097
Vulnerability from variot - Updated: 2024-06-06 22:40Memory leak in Juniper JUNOS Packet Forwarding Engine (PFE) allows remote attackers to cause a denial of service (memory exhaustion and device reboot) via certain IPv6 packets. If an attacker submits multiple packets to a vulnerable router running IPv6-enabled PFE, the router can be repeatedly rebooted, essentially creating a denial of service for the router. Juniper Networks Junos OS Exists in unspecified vulnerabilities.None. All Juniper Networks M-series and T-series routing platforms with IPv6 support are also prone to this issue. The operating system provides a secure programming interface and Junos SDK. Remote attackers can use this vulnerability to carry out denial-of-service attacks on routers running JUNOS devices. This can be exploited by sending multiple specially crafted IPv6 packets to a vulnerable network device.
Successful exploitation consumes all available memory and causes a vulnerable network device to reboot.
SOLUTION: A solution is available at: https://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2004-06-009&actionBtn=Search
Disable IPv6 support in the PFE.
PROVIDED AND/OR DISCOVERED BY: Reported by vendor.
OTHER REFERENCES: US-CERT VU#658859: http://www.kb.cert.org/vuls/id/658859
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet@packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200412-0097",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "junos",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": "*"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "juniper",
"version": null
},
{
"model": "junos os",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b8\u30e5\u30cb\u30d1\u30fc\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9",
"version": null
},
{
"model": "junos os",
"scope": null,
"trust": 0.8,
"vendor": "\u30b8\u30e5\u30cb\u30d1\u30fc\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9",
"version": null
},
{
"model": "junos",
"scope": null,
"trust": 0.6,
"vendor": "juniper",
"version": null
},
{
"model": "junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "6.3"
},
{
"model": "junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "6.2"
},
{
"model": "junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "6.1"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#658859"
},
{
"db": "BID",
"id": "10636"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000897"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-047"
},
{
"db": "NVD",
"id": "CVE-2004-0468"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0468"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vendor",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-047"
}
],
"trust": 0.6
},
"cve": "CVE-2004-0468",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-8898",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2004-0468",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#658859",
"trust": 0.8,
"value": "15.54"
},
{
"author": "CNNVD",
"id": "CNNVD-200412-047",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-8898",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#658859"
},
{
"db": "VULHUB",
"id": "VHN-8898"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-047"
},
{
"db": "NVD",
"id": "CVE-2004-0468"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Memory leak in Juniper JUNOS Packet Forwarding Engine (PFE) allows remote attackers to cause a denial of service (memory exhaustion and device reboot) via certain IPv6 packets. If an attacker submits multiple packets to a vulnerable router running IPv6-enabled PFE, the router can be repeatedly rebooted, essentially creating a denial of service for the router. Juniper Networks Junos OS Exists in unspecified vulnerabilities.None. All Juniper Networks M-series and T-series routing platforms with IPv6 support are also prone to this issue. The operating system provides a secure programming interface and Junos SDK. Remote attackers can use this vulnerability to carry out denial-of-service attacks on routers running JUNOS devices. \nThis can be exploited by sending multiple specially crafted IPv6\npackets to a vulnerable network device. \n\nSuccessful exploitation consumes all available memory and causes a\nvulnerable network device to reboot. \n\nSOLUTION:\nA solution is available at:\nhttps://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2004-06-009\u0026actionBtn=Search\n\nDisable IPv6 support in the PFE. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by vendor. \n\nOTHER REFERENCES:\nUS-CERT VU#658859:\nhttp://www.kb.cert.org/vuls/id/658859\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet@packetstormsecurity.org\n\n----------------------------------------------------------------------\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0468"
},
{
"db": "CERT/CC",
"id": "VU#658859"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000897"
},
{
"db": "BID",
"id": "10636"
},
{
"db": "VULHUB",
"id": "VHN-8898"
},
{
"db": "PACKETSTORM",
"id": "33675"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#658859",
"trust": 3.7
},
{
"db": "NVD",
"id": "CVE-2004-0468",
"trust": 3.7
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000897",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200412-047",
"trust": 0.7
},
{
"db": "XF",
"id": "6",
"trust": 0.6
},
{
"db": "XF",
"id": "16548",
"trust": 0.6
},
{
"db": "BID",
"id": "10636",
"trust": 0.4
},
{
"db": "SECUNIA",
"id": "11950",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-8898",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "33675",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#658859"
},
{
"db": "VULHUB",
"id": "VHN-8898"
},
{
"db": "BID",
"id": "10636"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000897"
},
{
"db": "PACKETSTORM",
"id": "33675"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-047"
},
{
"db": "NVD",
"id": "CVE-2004-0468"
}
]
},
"id": "VAR-200412-0097",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-8898"
}
],
"trust": 0.01
},
"last_update_date": "2024-06-06T22:40:43.014000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2004-000897"
},
{
"db": "NVD",
"id": "CVE-2004-0468"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://www.jpcert.or.jp/at/2004/at040009.txt"
},
{
"trust": 2.9,
"url": "http://www.kb.cert.org/vuls/id/658859"
},
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/jsha-6253cc"
},
{
"trust": 1.9,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16548"
},
{
"trust": 1.2,
"url": "https://www.juniper.net/alerts/viewalert.jsp?txtalertnumber=psn-2004-06-009\u0026actionbtn=search"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2004-0468"
},
{
"trust": 0.8,
"url": "http://www.juniper.net/support/requesting-support.html"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/16548"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet@packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/11950/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/3418/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#658859"
},
{
"db": "VULHUB",
"id": "VHN-8898"
},
{
"db": "BID",
"id": "10636"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000897"
},
{
"db": "PACKETSTORM",
"id": "33675"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-047"
},
{
"db": "NVD",
"id": "CVE-2004-0468"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#658859"
},
{
"db": "VULHUB",
"id": "VHN-8898"
},
{
"db": "BID",
"id": "10636"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000897"
},
{
"db": "PACKETSTORM",
"id": "33675"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-047"
},
{
"db": "NVD",
"id": "CVE-2004-0468"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-06-30T00:00:00",
"db": "CERT/CC",
"id": "VU#658859"
},
{
"date": "2004-12-06T00:00:00",
"db": "VULHUB",
"id": "VHN-8898"
},
{
"date": "2004-06-30T00:00:00",
"db": "BID",
"id": "10636"
},
{
"date": "2024-06-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000897"
},
{
"date": "2004-06-29T11:59:00",
"db": "PACKETSTORM",
"id": "33675"
},
{
"date": "2004-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-047"
},
{
"date": "2004-12-06T05:00:00",
"db": "NVD",
"id": "CVE-2004-0468"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-06-30T00:00:00",
"db": "CERT/CC",
"id": "VU#658859"
},
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-8898"
},
{
"date": "2009-07-12T05:16:00",
"db": "BID",
"id": "10636"
},
{
"date": "2024-06-04T08:54:00",
"db": "JVNDB",
"id": "JVNDB-2004-000897"
},
{
"date": "2006-09-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-047"
},
{
"date": "2017-07-11T01:30:11.043000",
"db": "NVD",
"id": "CVE-2004-0468"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-047"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Juniper JUNOS Packet Forwarding Engine (PFE) IPv6 memory leak",
"sources": [
{
"db": "CERT/CC",
"id": "VU#658859"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-047"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…