CVE-2018-0002: MX series, SRX series: Junos OS: Denial of service vulnerability in Flowd on devices with ALG enabled.
First published: Wed Jan 10 2018(Updated: )
On SRX Series and MX Series devices with a Service PIC with any ALG enabled, a crafted TCP/IP response packet processed through the device results in memory corruption leading to a flowd daemon crash. Sustained crafted response packets lead to repeated crashes of the flowd daemon which results in an extended Denial of Service condition. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D60 on SRX series; 12.3X48 versions prior to 12.3X48-D35 on SRX series; 14.1 versions prior to 14.1R9 on MX series; 14.2 versions prior to 14.2R8 on MX series; 15.1X49 versions prior to 15.1X49-D60 on SRX series; 15.1 versions prior to 15.1R5-S8, 15.1F6-S9, 15.1R6-S4, 15.1R7 on MX series; 16.1 versions prior to 16.1R6 on MX series; 16.2 versions prior to 16.2R3 on MX series; 17.1 versions prior to 17.1R2-S4, 17.1R3 on MX series. No other Juniper Networks products or platforms are affected by this issue.
Credit: sirt@juniper.net
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Juniper JUNOS | =12.1x46-d10 | |
| Juniper JUNOS | =12.1x46-d15 | |
| Juniper JUNOS | =12.1x46-d20 | |
| Juniper JUNOS | =12.1x46-d25 | |
| Juniper JUNOS | =12.1x46-d30 | |
| Juniper JUNOS | =12.1x46-d35 | |
| Juniper JUNOS | =12.1x46-d40 | |
| Juniper JUNOS | =12.1x46-d45 | |
| Juniper JUNOS | =12.1x46-d50 | |
| Juniper JUNOS | =12.1x46-d55 | |
| Juniper Srx100 | ||
| Juniper Srx110 | ||
| Juniper Srx1400 | ||
| Juniper Srx1500 | ||
| Juniper Srx210 | ||
| Juniper Srx220 | ||
| Juniper Srx240 | ||
| Juniper Srx300 | ||
| Juniper Srx320 | ||
| Juniper Srx340 | ||
| Juniper Srx3400 | ||
| Juniper Srx345 | ||
| Juniper Srx3600 | ||
| Juniper Srx4100 | ||
| Juniper Srx4200 | ||
| Juniper Srx5400 | ||
| Juniper Srx550 | ||
| Juniper Srx5600 | ||
| Juniper Srx5800 | ||
| Juniper Srx650 | ||
| Juniper JUNOS | =12.3x48-d10 | |
| Juniper JUNOS | =12.3x48-d15 | |
| Juniper JUNOS | =12.3x48-d20 | |
| Juniper JUNOS | =12.3x48-d25 | |
| Juniper JUNOS | =12.3x48-d30 | |
| Juniper JUNOS | =14.1-r1 | |
| Juniper JUNOS | =14.1-r2 | |
| Juniper JUNOS | =14.1-r3 | |
| Juniper JUNOS | =14.1-r4 | |
| Juniper JUNOS | =14.1-r5 | |
| Juniper JUNOS | =14.1-r6 | |
| Juniper JUNOS | =14.1-r7 | |
| Juniper JUNOS | =14.1-r8 | |
| Juniper Mx10 | ||
| Juniper Mx104 | ||
| Juniper Mx2010 | ||
| Juniper Mx2020 | ||
| Juniper Mx240 | ||
| Juniper Mx40 | ||
| Juniper Mx480 | ||
| Juniper Mx5 | ||
| Juniper Mx80 | ||
| Juniper Mx960 | ||
| Juniper JUNOS | =14.2-r1 | |
| Juniper JUNOS | =14.2-r2 | |
| Juniper JUNOS | =14.2-r3 | |
| Juniper JUNOS | =14.2-r4 | |
| Juniper JUNOS | =14.2-r5 | |
| Juniper JUNOS | =14.2-r6 | |
| Juniper JUNOS | =14.2-r7 | |
| Juniper JUNOS | =15.1x49-d10 | |
| Juniper JUNOS | =15.1x49-d15 | |
| Juniper JUNOS | =15.1x49-d20 | |
| Juniper JUNOS | =15.1x49-d25 | |
| Juniper JUNOS | =15.1x49-d30 | |
| Juniper JUNOS | =15.1x49-d35 | |
| Juniper JUNOS | =15.1x49-d40 | |
| Juniper JUNOS | =15.1x49-d45 | |
| Juniper JUNOS | =15.1x49-d50 | |
| Juniper JUNOS | =15.1x49-d55 | |
| Juniper JUNOS | =15.1-f6-s9 | |
| Juniper JUNOS | =15.1-r1 | |
| Juniper JUNOS | =15.1-r2 | |
| Juniper JUNOS | =15.1-r3 | |
| Juniper JUNOS | =15.1-r4 | |
| Juniper JUNOS | =15.1-r6-s4 | |
| Juniper JUNOS | =15.1-r7 | |
| Juniper JUNOS | =16.1-r1 | |
| Juniper JUNOS | =16.1-r2 | |
| Juniper JUNOS | =16.1-r3 | |
| Juniper JUNOS | =16.1-r4 | |
| Juniper JUNOS | =16.1-r5 | |
| Juniper JUNOS | =16.2-r1 | |
| Juniper JUNOS | =16.2-r2 | |
| Juniper JUNOS | =17.1-r1 | |
| Juniper JUNOS | =17.1-r3 |
Remedy
The following software releases have been updated to resolve this specific issue: 12.1X46-D60, 12.3X48-D35, 14.1R9, 14.2R8, 15.1X49-D60, 15.1R5-S8, 15.1R6-S4, 15.1F6-S9, 15.1R7, 16.1R6, 16.2R3, 17.1R2-S4, 17.1R3, 17.2R1 and all subsequent releases.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
- collector/nvd-index
- agent/type
- agent/references
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/remedy
- agent/weakness
- agent/severity
- agent/author
- agent/title
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- vendor/juniper
- canonical/juniper junos
- version/juniper junos/12.1x46-d10
- version/juniper junos/12.1x46-d15
- version/juniper junos/12.1x46-d20
- version/juniper junos/12.1x46-d25
- version/juniper junos/12.1x46-d30
- version/juniper junos/12.1x46-d35
- version/juniper junos/12.1x46-d40
- version/juniper junos/12.1x46-d45
- version/juniper junos/12.1x46-d50
- version/juniper junos/12.1x46-d55
- canonical/juniper srx100
- canonical/juniper srx110
- canonical/juniper srx1400
- canonical/juniper srx1500
- canonical/juniper srx210
- canonical/juniper srx220
- canonical/juniper srx240
- canonical/juniper srx300
- canonical/juniper srx320
- canonical/juniper srx340
- canonical/juniper srx3400
- canonical/juniper srx345
- canonical/juniper srx3600
- canonical/juniper srx4100
- canonical/juniper srx4200
- canonical/juniper srx5400
- canonical/juniper srx550
- canonical/juniper srx5600
- canonical/juniper srx5800
- canonical/juniper srx650
- version/juniper junos/12.3x48-d10
- version/juniper junos/12.3x48-d15
- version/juniper junos/12.3x48-d20
- version/juniper junos/12.3x48-d25
- version/juniper junos/12.3x48-d30
- version/juniper junos/14.1-r1
- version/juniper junos/14.1-r2
- version/juniper junos/14.1-r3
- version/juniper junos/14.1-r4
- version/juniper junos/14.1-r5
- version/juniper junos/14.1-r6
- version/juniper junos/14.1-r7
- version/juniper junos/14.1-r8
- canonical/juniper mx10
- canonical/juniper mx104
- canonical/juniper mx2010
- canonical/juniper mx2020
- canonical/juniper mx240
- canonical/juniper mx40
- canonical/juniper mx480
- canonical/juniper mx5
- canonical/juniper mx80
- canonical/juniper mx960
- version/juniper junos/14.2-r1
- version/juniper junos/14.2-r2
- version/juniper junos/14.2-r3
- version/juniper junos/14.2-r4
- version/juniper junos/14.2-r5
- version/juniper junos/14.2-r6
- version/juniper junos/14.2-r7
- version/juniper junos/15.1x49-d10
- version/juniper junos/15.1x49-d15
- version/juniper junos/15.1x49-d20
- version/juniper junos/15.1x49-d25
- version/juniper junos/15.1x49-d30
- version/juniper junos/15.1x49-d35
- version/juniper junos/15.1x49-d40
- version/juniper junos/15.1x49-d45
- version/juniper junos/15.1x49-d50
- version/juniper junos/15.1x49-d55
- version/juniper junos/15.1-f6-s9
- version/juniper junos/15.1-r1
- version/juniper junos/15.1-r2
- version/juniper junos/15.1-r3
- version/juniper junos/15.1-r4
- version/juniper junos/15.1-r6-s4
- version/juniper junos/15.1-r7
- version/juniper junos/16.1-r1
- version/juniper junos/16.1-r2
- version/juniper junos/16.1-r3
- version/juniper junos/16.1-r4
- version/juniper junos/16.1-r5
- version/juniper junos/16.2-r1
- version/juniper junos/16.2-r2
- version/juniper junos/17.1-r1
- version/juniper junos/17.1-r3