CVE-2013-4685 Information

Description

Buffer overflow in flowd in Juniper Junos 10.4 before 10.4S14 11.4 before 11.4R7 12.1 before 12.1R6 and 12.1X44 before 12.1X44-D15 on SRX devices when Captive Portal is enabled with the UAC enforcer role allows remote attackers to execute arbitrary code via crafted HTTP requests aka PR 849100.

Reference

http://kb.juniper.net/JSA10574 http://osvdb.org/95108 http://www.securityfocus.com/bid/61125