Junos OS with OSPFv3 IPSec authentication enabled is vulnerable to a Denial of Service attack.
An attacker may trigger a kernel crash causing the RE to restart. Repeated receipt of the crafted fragment can represent an extended denial of service on the router.
New builds of Junos OS software are available from Juniper. As a workaround discontinue use of IPSec Authentication Header option in OSPFv3.
When a specially crafted fragmented OSPFv3 packet containing an IPsec Authentication Header (AH) is received, it may trigger a kernel crash causing the RE to restart.
Junos OS 11.4, 12.1, 12.2, 12.3, 13.1, 13.2, 13.3 and 14.1
Check the OS build.
Updated on 2015-03-25