Summary
Certain PIM packets subject to NAT may cause the Flow Daemon to crash which can cause a DoS contition.
Impact
A remote attacker can crash the Flow Daemon and by doing this repeatedly causing a denial of service condition.
Solution
New builds of Junos OS software are available from Juniper.
Insight
On SRX Series devices where Protocol-Independent Multicast (PIM) is enabled, certain PIM packets subject to Network Address Translation (NAT) may cause the Flow Daemon (flowd) to crash. This issue only occurs in a NAT environment and cannot be triggered by PIM packets sent directly to the SRX.
Affected
Junos OS 10.4, 11.4, 12.1 and 12.1X44.
Detection
Check the OS build.
References
Severity
Classification
-
CVE CVE-2013-4684 -
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C
Related Vulnerabilities