![]() ![]() This issue occurs when SIP ALG is enabled and specific SIP messages are processed simultaneously. Continued receipt of these specific packets will cause a sustained Denial of Service condition. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1 on SRX Series.Īn Improper Locking vulnerability in the SIP ALG of Juniper Networks Junos OS on MX Series with MS-MPC or MS-MIC card and SRX Series allows an unauthenticated, network-based attacker to cause a flow processing daemon (flowd) crash and thereby a Denial of Service (DoS). This issue affects: Juniper Networks Junos OS on MX Series and SRX Series 20.4 versions prior to 20.4R3-S5 21.1 versions prior to 21.1R3-S4 21.2 versions prior to 21.2R3-S2 21.3 versions prior to 21.3R3-S1 21.4 versions prior to 21.4R3 22.1 versions prior to 22.1R1-S2, 22.1R2 22.2 versions prior to 22.2R1-S1, 22.2R2. On all MX Series and SRX Series platform with SIP ALG enabled, when a malformed SIP packet is received, the flow processing daemon (flowd) will crash and restart. There are no known workarounds for this vulnerability.Ī Buffer Overflow vulnerability in SIP ALG of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). The bug was introduced 16 years ago in sofia-sip 1.12.4 (plus some patches through ) to in tree libs with git-svn-id: d0543943-73ff-0310-b7d9-9358b9ac24b2. Since network users control the overflowed length, and the data is written to heap chunks later, attackers may achieve remote code execution by heap grooming or other exploitation methods. ![]() For example, in stun_parse_attribute(), after we get the attribute's type and length value, the length will be used directly to copy from the heap, regardless of the message's left size. In affected versions Sofia-SIP **lacks both message length and attributes length checks** when it handles STUN packets, leading to controllable heap-over-flow. Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |