Juniper JunOS Multiple Vulnerabilities

Multiple vulnerabilities have been identified in Juniper JUNOS.  which can be exploited by remote user can obtain potentially sensitive information, cause denial of service conditions or execute arbitrary code.

1. A remote user can send specially crafted PIM packets when PIM and NAT are enabled on SRX devices to cause flowd to crash.
2. A remote user can send specially crafted HTTP requests when the Captive Portal is enabled with the UAC enforcer role on SRX devices to trigger a buffer overflow and execute arbitrary code on the target system.
3. A remote user can send a specially crafted ARP request to trigger a kernel error in certain VLAN configurations with unrestricted arp-resp and proxy-arp settings to cause the target device to crash.
4. A remote user can send specially crafted TCP packets when certain Application Layer Gateways are enabled on SRX devices to cause the target flowd daemon to crash.
5. A remote user can send specially crafted MSRPC requests when the MSRPC Application Layer Gateway is enabled on SRX devices to cause the target flowd daemon to crash.
6. A remote user can obtain potentially sensitive information via Ethernet data packets because the SRX1400, SRX3400, and SRX3600 devices do not properly initialize memory locations when padding Ethernet packets.