Vulnerabilities > CVE-2015-5358 - Resource Management Errors vulnerability in Juniper Junos
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R7, 13.2X51 before 13.2X51-D35, 13.2X52 before 13.2X52-D25, 13.3 before 13.3R6, 14.1R3 before 14.1R3-S2, 14.1 before 14.1R4, 14.1X53 before 14.1X53-D12, 14.1X53 before 14.1X53-D16, 14.1X55 before 14.1X55-D25, 14.2 before 14.2R2, and 15.1 before 15.1R1 allows remote attackers to cause a denial of service (mbuf and connection consumption and restart) via a large number of requests that trigger a TCP connection to move to the LAST_ACK state when there is more data to send.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 55 |
Common Weakness Enumeration (CWE)
Nessus
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_0C064C43600A11E6A6C314DAE9D210B8.NASL description TCP connections transitioning to the LAST_ACK state can become permanently stuck due to mishandling of protocol state in certain situations, which in turn can lead to accumulated consumption and eventual exhaustion of system resources, such as mbufs and sockets. Impact : An attacker who can repeatedly establish TCP connections to a victim system (for instance, a Web server) could create many TCP connections that are stuck in LAST_ACK state and cause resource exhaustion, resulting in a denial of service condition. This may also happen in normal operation where no intentional attack is conducted, but an attacker who can send specifically crafted packets can trigger this more reliably. last seen 2020-06-01 modified 2020-06-02 plugin id 92889 published 2016-08-12 reporter This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/92889 title FreeBSD : FreeBSD -- Resource exhaustion due to sessions stuck in LAST_ACK state (0c064c43-600a-11e6-a6c3-14dae9d210b8) NASL family Firewalls NASL id PFSENSE_SA-15_07.NASL description According to its self-reported version number, the remote pfSense install is prior to 2.2.4. It is, therefore, affected by multiple vulnerabilities as stated in the referenced vendor advisories. last seen 2020-06-01 modified 2020-06-02 plugin id 106496 published 2018-01-31 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106496 title pfSense < 2.2.4 Multiple Vulnerabilities (SA-15_07) NASL family Junos Local Security Checks NASL id JUNIPER_JSA10686.NASL description According to its self-reported version number, the remote Juniper Junos device is affected by a denial of service vulnerability due to the improper handling of TCP connection transitions to the LAST_ACK state when the device has more data to send. A remote attacker can exploit this cause the socket to be stuck in the LAST_ACK state indefinitely, leading to exhaustion of memory buffers (mbufs) and connections. Note that Nessus has not tested for this issue or the host configuration but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 85226 published 2015-08-04 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/85226 title Juniper Junos LAST_ACK State DoS (JSA10686)
References
- http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-009.txt.asc
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10686
- http://www.securitytracker.com/id/1032842
- http://www.securitytracker.com/id/1033007
- http://www.securitytracker.com/id/1033915
- https://kc.mcafee.com/corporate/index?page=content&id=SB10128