SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Firewall)  >   Cisco Firewall Services Module Vendors:   Cisco
Cisco Firewall Services Module OSPF Processing Flaw Lets Remote Users Take Full Control of the Routing Table
SecurityTracker Alert ID:  1028859
SecurityTracker URL:  http://securitytracker.com/id/1028859
CVE Reference:   CVE-2013-0149   (Links to External Site)
Date:  Aug 1 2013
Impact:   Modification of system information
Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Cisco Firewall Services Module. A remote user can take full control of the target OSPF routing table.

A remote user can supply specially crafted unicast or multicast Open Shortest Path First (OSPF) Link State Advertisement (LSA) type 1 packets to take full control of the target OSPF Autonomous System (AS) domain routing table. The target router may flush the contents of its routing table and propagate the specially crafted LSA update throughout the OSPF area.

This can be exploited to redirect traffic to a blackhole or to redirect traffic and intercept communications.

OSPFv3 is not affected. Fabric Shortest Path First (FSPF) protocol is not affected.

The vendor has assigned bug ID CSCug39762 to this vulnerability.

Dr. Gabi Nakibly from Rafael Advanced Defense Systems and Eitan Menahem, Yuval Elovici, and Ariel Waizel of Telekom Innovation Laboratories at Ben Gurion University reported this vulnerability.

Impact:   A remote user can take full control of the target OSPF routing table and redirect traffic.
Solution:   No official vendor releases are available at the time of this entry.

Interim releases may be available through Cisco Technical Assistance Center (TAC).

The vendor's advisory is available at:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130801-lsaospf

Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130801-lsaospf (Links to External Site)
Cause:   Not specified

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC