CVE-2004-0468

Vulnerability

A memory leak exists in the Juniper JUNOS Packet Forwarding Engine (PFE) when processing certain IPv6 packets. The vulnerability affects all JUNOS PFEs released after February 24, 2004, with IPv6 processing enabled [1][2]. The PFE is not derived from other code (e.g., FreeBSD), so the issue is specific to JUNOS [2].

Exploitation

A remote, unauthenticated attacker can trigger the memory leak by sending multiple specially crafted IPv6 packets to a vulnerable Juniper router [1][2]. No authentication or prior access is required; the attacker only needs network connectivity to the target device.

Impact

Successful exploitation causes memory exhaustion in the PFE, leading to a system reboot. Repeated attacks can force the router to reboot continuously, resulting in a denial of service (DoS) for the router and potentially disrupting network traffic [1][2].

Mitigation

Juniper has addressed this issue in JUNOS builds created after June 21, 2004 [1]. Users should upgrade to a fixed version. As a workaround, disabling IPv6 processing in the Packet Forwarding Engine can prevent exploitation [2]. No KEV listing is associated with this CVE.