Junos TCP Packet Processing Denial of Service Vulnerability

Summary
DoS in TCP packet processing
Impact
An attacker who can guess an in-window sequence number, source and destination address and port numbers can exploit this vulnerability to reset any established TCP session.
Solution
New builds of Junos OS software are available from Juniper. As a workaround enable TCP authentication, enable IPSec, enable the system to send ACKs for in-window RSTs and SYN packets, enable a stateful firewall to block SYN packets on existing sessions.
Insight
For an established TCP session, TCP input validation only ensures that sequence numbers are within the acceptable window prior to examining whether the SYN flag is set on the segment. If the SYN flag is set, the TCP stack drops the session and sends a RST segment to the other side. This issue only affects TCP sessions terminating on the router. Transit traffic and TCP Proxy services are unaffected by this vulnerability.
Affected
Junos OS 11.4, 12.1, 12.2, 12.3, 13.1, 13.2, 13.3
Detection
Check the OS build.
References

Updated on 2015-03-25