Junos OSPFv3 Denial of Service Vulnerability

Summary
Junos OS with OSPFv3 IPSec authentication enabled is vulnerable to a Denial of Service attack.
Impact
An attacker may trigger a kernel crash causing the RE to restart. Repeated receipt of the crafted fragment can represent an extended denial of service on the router.
Solution
New builds of Junos OS software are available from Juniper. As a workaround discontinue use of IPSec Authentication Header option in OSPFv3.
Insight
When a specially crafted fragmented OSPFv3 packet containing an IPsec Authentication Header (AH) is received, it may trigger a kernel crash causing the RE to restart.
Affected
Junos OS 11.4, 12.1, 12.2, 12.3, 13.1, 13.2, 13.3 and 14.1
Detection
Check the OS build.
References

Updated on 2015-03-25