Junos TCP Packet Handling Denial of Service Vulnerability

Summary
A vulnerability in the Flow Daemon can cause a crash when handling certain TCP packets.
Impact
A remote attacker can cause a denial of service.
Solution
New builds of Junos OS software are available from Juniper. As a workaround disable ALGs and UTM features if they are not required.
Insight
On SRX Series services gateways, when plugins that use TCP proxy are configured (e.g. ALGs, UTM), a certain sequence of valid TCP packets may cause the flow daemon (flowd) to crash.
Affected
Plattforms running Junos OS versions 10.4, 11.4, 12.1, 12.1X44, or 12.1X45.
Detection
Check the OS build.
References