Summary
Junos OS is prone to a DoS vulnerability in JPPPD.
Impact
Everytime a crafted PAP authentication request is sent, the Juniper PPP daemon will crash, leading to a denial of service condition.
Solution
New builds of Junos OS software are available from Juniper. As a workaround discontinue PAP authentication for PPP subscribers.
Insight
Using PPP authentication with a specifically crafted PAP Authenticate-Request may cause the Juniper PPP daemon (jpppd) to crash and restart. After PPPoE Discovery and LCP phase is successfully negotiated, when the crafted PAP Authenticate-Request is received, jpppd crashes and no response is sent by the broadband edge router to the subscriber.
Affected
Junos OS 13.3, 14.1 and 14.2
Detection
Check the OS build.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-6382 -
CVSS Base Score: 7.1
AV:N/AC:M/Au:N/C:N/I:N/A:C
Related Vulnerabilities