Junos NAT Protocol Translation Denial of Service Vulnerability

Summary
DoS in NAT Protocol Translation
Impact
A hang or repeated crash of the flowd process constitutes an extended denial of service condition for SRX Series devices.
Solution
New builds of Junos OS software are available from Juniper. As a workaround disable NAT protocol translation if it is not required.
Insight
On SRX Series devices, when NAT protocol translation from IPv4 to IPv6 is enabled, a certain crafted packet may cause the flowd process to hang or crash.
Affected
Junos OS 11.4, 12.1X44, 12.1X45 or 12.1X46.
Detection
Check the OS build.
References

Updated on 2015-03-25