![]() ![]() ![]() By continuously sending a specially crafted packet to the fxp0 interface, an attacker can repetitively crash the rpd process causing prolonged Denial of Service (DoS). Receipt of a specific packet on the out-of-band management interface fxp0 may cause the system to crash and restart (vmcore). Affected releases are Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D75 15.1X49 versions prior to 15.1X49-D150 17.3 versions prior to 17.3R3 17.4 versions prior to 17.4R2 18.1 versions prior to 18.1R3 18.2 versions prior to 18.2R2. A reboot is required to clear the cached authentication token. ![]() Due to an error in token caching, deleted users are allowed to connect once a previously successful dynamic VPN connection has been established. A deleted dynamic VPN connection should be immediately disallowed from establishing new VPN connections. Note: Authentication is required to detect this vulnerabilityĪ vulnerability in the SRX Series Service Gateway allows deleted dynamic VPN users to establish dynamic VPN connections until the device is rebooted. Devices configured for Web Filtering alone are unaffected by this issue. This issue only occurs when HTTP AV inspection is configured. Eventually the system runs out of mbufs and the system crashes (fails over) with the error "mbuf exceed". ![]() Each crafted HTTP packet inspected by UTM consumes mbufs which can be identified through the following log messages: all_logs.0:Jun 8 03:25:03 srx1 node0.fpc4 : SPU3 jmpi mbuf stall 50%. (Based on CVE version 20061101 and SANS Top 20 version 7.)Īn SRX Series Service Gateway configured for Unified Threat Management (UTM) may experience a system crash with the error message "mbuf exceed" - an indication of memory buffer exhaustion - due to the receipt of crafted HTTP traffic. For the current documentation, please log into the mySAINT portal using your customer login and password. CVE Cross Reference 2019 The information on this page may be obsolete. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |