CVE-2016-4921

Name of the Vulnerable Software and Affected Versions Junos OS versions 11.4 prior to 11.4R13-S3 Junos OS versions 12.3 prior to 12.3R3-S4 Junos OS versions 12.3X48 prior to 12.3X48-D30 Junos OS versions 13.3 prior to 13.3R10 Junos OS versions 13.3 prior to 13.3R4-S11 Junos OS versions 14.1 prior to 14.1R2-S8 Junos OS versions 14.1 prior to 14.1R4-S12 Junos OS versions 14.1 prior to 14.1R8 Junos OS versions 14.1X53 prior to 14.1X53-D28 Junos OS versions 14.1X53 prior to 14.1X53-D40 Junos OS versions 14.1X55 prior to 14.1X55-D35 Junos OS versions 14.2 prior to 14.2R3-S10 Junos OS versions 14.2 prior to 14.2R4-S7 Junos OS versions 14.2 prior to 14.2R6 Junos OS versions 15.1 prior to 15.1F2-S5 Junos OS versions 15.1 prior to 15.1F5-S2 Junos OS versions 15.1 prior to 15.1F6 Junos OS versions 15.1 prior to 15.1R3 Junos OS versions 15.1X49 prior to 15.1X49-D40 Junos OS versions 15.1X53 prior to 15.1X53-D57 Junos OS versions 15.1X53 prior to 15.1X53-D70

Description The issue is related to errors in resource management in the IPv6 traffic processing service of the Junos operating system. Exploitation of this issue can allow a remote attacker to cause resource exhaustion and kernel failure by sending specially crafted IPv6 traffic. This can lead to the inability to store next hop information for legitimate traffic and, in extreme cases, result in total resource exhaustion and kernel panic. The issue is triggered by traffic destined to the router and only affects devices with IPv6 enabled and configured.

Recommendations For each of the affected Junos OS versions, update to the respective fixed version to resolve the issue. For versions 11.4, update to 11.4R13-S3 or later. For versions 12.3, update to 12.3R3-S4 or later. For versions 12.3X48, update to 12.3X48-D30 or later. For versions 13.3, update to 13.3R10 or 13.3R4-S11 or later. For versions 14.1, update to 14.1R2-S8, 14.1R4-S12, or 14.1R8 or later. For versions 14.1X53, update to 14.1X53-D28, 14.1X53-D40 or later. For versions 14.1X55, update to 14.1X55-D35 or later. For versions 14.2, update to 14.2R3-S10, 14.2R4-S7, or 14.2R6 or later. For versions 15.1, update to 15.1F2-S5, 15.1F5-S2, 15.1F6, or 15.1R3 or later. For versions 15.1X49, update to 15.1X49-D40 or later. For versions 15.1X53, update to 15.1X53-D57 or 15.1X53-D70 or later.