{"vuid":"VU#658859","idnumber":"658859","name":"Juniper JUNOS Packet Forwarding Engine (PFE) IPv6 memory leak","keywords":["Packet Forwarding Engine","PFE","SHEAF memory","PR/48386","ICMPv6"],"overview":"The Juniper JUNOS Packet Forwarding Engine (PFE)  leaks memory when certain IPv6 packets are submitted for processing. If an attacker submits multiple packets to a vulnerable router running IPv6-enabled  PFE, the router can be repeatedly rebooted, essentially creating a denial of service for the router.","clean_desc":"Juniper routers running JUNOS use a Packet Forwarding Engine (PFE) to forward network packets to specified destinations. A memory leak has been found in all JUNOS PFEs released after February 24, 2004. This leak can be triggered under certain specific conditions, which may lead to memory exhaustion on vulnerable JUNOS routers. After memory exhaustion occurs, the system will reboot and resume normal operation. However, repeated attacks may cause vulnerable systems to repeatedly reboot, essentially creating a denial of service. This issue is thought to affect only the JUNOS PFE. The JUNOS Packet Forwarding Engine (specifically, the IPv6 branch) is not derived from other code (i.e., FreeBSD).","impact":"A remote, unauthenticated attacker may cause a Juniper router to repeatedly reboot when multiple IPv6 packets are processed by the JUNOS of a vulnerable system. This would create a denial of service for the router.","resolution":"Users registered at Juniper's support site should visit https://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2004-06-009&actionBtn=Search","workarounds":"Disable IPv6 processing in the Packet Forwarding Engine.","sysaffected":"","thanks":"Thanks to Juniper Networks for contributing to this document.","author":"This document was written by Jeffrey S. Havrilla.","public":["https://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2004-06-009&actionBtn=Search","http://www.juniper.net/support/requesting-support.html","http://www.jpcert.or.jp/at/2004/at040009.txt"],"cveids":["CVE-2004-0468"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2004-06-20T00:54:52Z","publicdate":"2004-06-29T00:00:00Z","datefirstpublished":"2004-06-30T00:26:47Z","dateupdated":"2004-06-30T00:56:29Z","revision":18,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"7","cam_exploitation":"0","cam_internetinfrastructure":"18","cam_population":"10","cam_impact":"17","cam_easeofexploitation":"13","cam_attackeraccessrequired":"15","cam_scorecurrent":"15.5390625","cam_scorecurrentwidelyknown":"23.619375","cam_scorecurrentwidelyknownexploited":"36.050625","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":15.5390625,"vulnote":null}