Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.106020
Kategorie:JunOS Local Security Checks
Titel:Junos mbuf Denial of Service Vulnerability
Zusammenfassung:Junos OS is prone to a DoS vulnerability by mbuf exhaustion.
Beschreibung:Summary:
Junos OS is prone to a DoS vulnerability by mbuf exhaustion.

Vulnerability Insight:
When an active TCP connection transitions to LAST_ACK state and
the daemon connected to the socket still has more data to send, the socket could get stuck in LAST_ACK
state indefinitely, using up finite mbufs and connections. Exploitation of this issue requires establishment
of a TCP connection to a listening port on the router. TCP ports protected by ingress and/or control plane
firewall filters are not vulnerable to this issue. However, anti-spoofing mechanisms should be employed
to protect against malicious attempts to bypass existing firewall filters.

Vulnerability Impact:
Triggering the condition repeatedly could lead to total mbuf exhaustion,
requiring a reboot or switchover of the master RE to resolve.

Affected Software/OS:
Junos OS 12.1, 12.3, 13.2, 13.3, 14.1 and 14.2

Solution:
New builds of Junos OS software are available from Juniper.

CVSS Score:
7.1

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2015-5358
NETBSD Security Advisory: NetBSD-SA2015-009
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-009.txt.asc
http://www.securitytracker.com/id/1032842
http://www.securitytracker.com/id/1033007
http://www.securitytracker.com/id/1033915
CopyrightThis script is Copyright (C) 2015 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.