CERTVU:229804Open Shortest Path First (OSPF) Protocol does not specify unique LSA lookup identifiers
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:N/A:P
EPSS
Percentile
55.4%
Overview
The Open Shortest Path First (OSPF) protocol does not specify unique Link State Advertisement (LSA) lookup identifiers, which allow an attacker to intercept traffic or conduct a Denial of Service (DoS) attack.
Description
CWE-694: Use of Multiple Resources with a Duplicate Identifier
The OSPF protocol requires LSA’s to be identified by: LS Type, Advertising Router, and Link State ID. However, during the routing table calculation phase, the specification states that a LSA is queried in the LSA database
using only the Link State ID. Since the Link State ID is used in the LSA database to identify a particular router, a malformed duplicate entry can cause unexpected and insecure implementation-specific behavior.
In some implementations, the vulnerability can allow an attacker to subvert the routing table of victim router by sending false link state advertisements on behalf of other routers. This subversion can cause the victim router
to drop the entire table (denial of service) or to re-route traffic on the network.
Impact
This vulnerability can allow an attacker to re-route traffic, compromising the confidentiality of the data, or to conduct a denial-of-service attack against a router, dropping all traffic.
Solution
Install Updates
The OSPF protocol is a popular interior routing protocol that is used by many devices and manufacturers. This vulnerability is implementation-specific, so some vendors may not be affected. The list below contains known affected or non-affected vendors. Please consult your network equipment vendor to confirm how they are affected by this vulnerability.
Vendor Information
229804
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Brocade __ Affected
Notified: June 13, 2013 Updated: August 05, 2013
Status
Affected
Vendor Statement
TECHNICAL SUPPORT BULLETIN
July 25, 2013
TSB 2013-165- A SEVERITY: Low – Informational
PRODUCTS AFFECTE D:
Brocade MLX Series running NetIron SW
Brocade NetIron XMR Series running NetIron SW
Brocade NetIron CER Series running NetIron SW
Brocade NetIron CES Series running NetIron SW
Brocade VDX Series running Network OS 3.x and later SW
Brocade FastIron Series running FastIron SW
Brocade ICX Series running FastIron SW
Brocade TurboIron Series running FastIron or TurboIron SW
Brocade BigIron RX Series running BigIron RX SW
Brocade ADX Series and JetCore Series running ServerIron SW
Brocade Vyatta vRouter
CORRECTED IN RELEASE:
See list of releases below.
BULLETIN OVERVIEW
A security vulnerability, US-CERT Ref VU#229804, has been identified in the OSPF protocol. This
vulnerability has a CVSS score of 9.3 and is documented in the National Vulnerability Database as
CVE-2013-0149. See <http://nvd.nist.gov/home.cfm> for details.
Brocade produces and publishes Technical Support Bulletins to OEMs, partners and customers that
have a direct, entitled, support relationship in place with Brocade
Please contact your primary service provider for further information regarding this topic and
applicability for your environment.
PROBLEM STATEMENT
A security vulnerability, US-CERT Ref VU#229804, has been identified in the OSPF protocol. This
vulnerability requires that the attacker already controls a router within the AS.
RISK ASSESSMENT
The listed products are exposed to this vulnerability in the OSPF protocol, where the attacker already
has control of a router in the AS. This vulnerability has a CVSS score of 9.3.
SYMPTOMS
An attacker who has gained control of a router within a given AS can arbitrarily poison the routing
tables of all other routers in the AS. This can facilitate traffic subversion, black hole, etc.
The attacker can cause attacks through a crafted illegal OSPF router LSA (type-1); where the link state
ID & router ID in the LSA is not same; leading to corruption of routing table in the routers.
The crafted Router LSA must come from a source IP of an OSPF peer; in other words, spoofing a
legitimate OSPF peer. OR the router LSA is sent in the interface where an OSPF peer is existing
already.
WORKAROUND
There is no workaround. However if users can physically secure their network/routers, the chance of
this attack is quite low.
The recommendations are:
a) Physically secure the access to network routers, and links between routers.
b) Only allow passive OSPF protocols on interfaces with user/host connections, (i.e. leaf
interfaces).
c) Enable OSPF MD5 authentication
This is not considered completely secure, but it should make the attack more difficult.
CORRECTIVE ACTION
See <http://My.Brocade.com> for the appropriate SW release(s) as listed below, please contact your
account team or Brocade Support if you have further questions.
Affected Products:
Brocade MLX Series
Brocade NetIron XMR Series
Brocade NetIron CER Series
Brocade NetIron CES Series
SW Releases with problem resolved
NetIron 05.2.00k and later
NetIron 05.3.00f and later
NetIron 05.4.00e and later
NetIron 05.5.00d and later
Reference Defect ID: 468326
Affected Products:
Brocade VDX Series
SW Releases with problem resolved
Network OS 3.0.1c and later
Network OS 4.0.0a and later
Reference Defect ID: 466022
Affected Products:
Brocade FastIron Series
Brocade ICX Series
Brocade TurboIron Series
SW Releases with problem resolved
FastIron 7.2.02k and later
FastIron 7.3.00g and later
FastIron 07.4.00d and later
FastIron 08.0.00b and later
Reference Defect ID: 466801
Affected Products:
Brocade BigIron RX Series
SW Releases with problem resolved
BigIron RX 2.7.02p and later
BigIron RX 02.8.00f and later
BigIron RX 02.9.00c and later
Reference Defect ID: 468497
Affected Products:
Brocade ADX Series and JetCore Series
SW Releases with problem resolved
ServerIron JetCore 10.2.02d
ServerIron JetCore 11.0.00k
ServerIron ADX 12.3.01k
ServerIron ADX 12.4.00k
ServerIron ADX 12.5.01a
Reference Defect ID (ADX): 469347
Reference Defect ID (JetCore): 111372
Affected Products:
Brocade Vyatta vRouter
For customers running on Amazon Web
Services this problem has been resolved.
SW Releases with problem resolved
Brocade Vyatta vRouter 6.6R1
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Check Point Software Technologies Affected
Notified: May 28, 2013 Updated: October 16, 2013
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Vendor References
Cisco Systems, Inc. __ Affected
Notified: May 22, 2013 Updated: August 05, 2013
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
Cisco has provided patches for this vulnerability, please check the URL below for details.
Vendor References
D-Link Systems, Inc. __ Affected
Notified: May 28, 2013 Updated: August 05, 2013
Status
Affected
Vendor Statement
1.Advisory Information
Title: Open Shortest Path First (OSPF) Protocol does not specify unique LSA lookup identifiers
D-Link ID: DLINK-2013-VUL0213
Advisory URL: TBD prior to Aug. 1, 2013
Date published: August 1, 2013
Date of last update: 7/29/13 (will update on saving document)
Reported by: CERT
Release mode: Coordinated Release
2.Vulnerability Information
Class: CWE-694
Impact: Critical
Remotely Exploitable: Possible, but would require access via other product (s)
Locally Exploitable: Yes
CVE Name: CVE-2013-0149
3.Vulnerability Description
The Open Shortest Path First (OSPF) protocol does not specify unique Link State
Advertisement (LSA) lookup identifiers, which allow an attacker to intercept traffic or
conduct a Denial of Service (DoS) attack.
This vulnerability can allow an attacker to re-route traffic through their own router,
compromising the confidentiality of the data, or to conduct a Denial of Service attack
against a router, dropping all traffic.
4.Vulnerable Packages
The following is the list of known affected devices and the associated firmware
(confirmed by D-Link). This will be updated as needed if additional units effected.
1. DES-3810-28 – R2.20.B017 (HW Not available in the US)
5.VendorInformation, Solutions and Workarounds
D-Link distributes a number of devices which could potentially be affected by this
vulnerability; chiefly, any L3 managed switch that supports OSPF has the possibility of
being subject to this attack.
D-Link is working to reduce the potential impact of this vulnerability, which is a result of
an ambiguous standard. Currently we advise the following:
As always, adhering to best practices will be the strongest defense against attacks. As
long as your physical devices, networks, and protocols are secured, it will be very
difficult for an attacker to insert a rogue LSA to initiate this type of attack.
First, this vulnerability does not defeat cryptographic (MD5) authentication, we
recommend a strong MD5 authentication key as your best defense.
We also recommend that administrators enable the OSPF passive interface feature to
stop sending or receiving routing table updates on interfaces that do not participate in
OSPF.
Finally, we recommend that networks use MAC-based Access Control (MAC) to
authenticate devices before they are able to communicate with the network. The MAC
feature is a client-less design so there is no need to install extra software on a user’s
computer, and ensures that only devices on a whitelist will have access to the network.
When used in conjunction with common security best practices, it can help to strongly
limit the possible vectors of attack.
D-Link is monitoring the situation for an update to the standard that can be implemented
to protect potentially affected devices.
6.Credits
Dr. Gabi Nakibly - NEWRSC, Rafael - Advanced Defense Systems Ltd.
Eitan Menahem - Telekom Innovation Laboratories, Ben Gurion University
Ariel Waizel - Telekom Innovation Laboratories, Ben Gurion University
Prof. Yuval Elovici - Telekom Innovation Laboratories, Ben Gurion University
The publication of this advisory was not coordinated with forementioned
7.Technical Description / Proof of Concept Code
7.1.OSPF 𠇏ight Back” is triggered by LSAs with matching Router ID only, and so can
be evaded by using non matching Router ID and Link State ID on a rogue LSA. Routing
lookup uses only the Link State ID field, and so may, depending on implementation,
result in selecting the rogue LSA before the valid LSA.
scappy proof of concept attack script
attacker_source_ip = “192.168.13.1”
attacker_router_id = “192.168.18.1”
victim_destination_ip = “192.168.13.3”
victim_router_id = “192.168.37.3”
false_adv_router = “192.168.27.11”
seq_num = 0x80000004L
R3_FALSE_LSA = IP(src=attacker_source_ip, dst=victim_destination_ip) \
/OSPF_Hdr(src=attacker_router_id) \
/OSPF_LSUpd(lsalist=[ \
OSPF_Router_LSA(options=0x22, type=1, id=victim_router_id, adrouter=false_adv_router,
seq=seq_num, linklist=[ \
OSPF_Link(id=“192.168.37.7”, data=“192.168.37.3”, type=2, metric=1), \
OSPF_Link(id=“192.168.13.3”, data=“192.168.13.3”, type=2, metric=1), \
OSPF_Link(id=“192.168.50.0”, data=“255.255.255.0”, type=3, metric=3) \
])
])
send(R3_FALSE_LSA, iface=“eth0”)
8.ReportTimeline
• May 28, 2013 – Notification by Cert of the issue
• May 28, 2013 – Notify Qualified D-Link Resources of issue
• June 6, 2013 – Cert notified embargo date changed to July 30
• Jun 6, 2013 – D-Link Request Cert to resend details
• June 11, 2013 – D-Link receives details
• July 29, 2013 – Cert notified embargo date changed to Aug 1
• July 29, 2013 – D-Link Sends Vulnerability Response Report to Cert
• July 30, 2013 – D-Link Post Report for effected Products
9.References
[1] CVE-229804-2013.pdf – Owning the Routing Table Part II
10.AboutD-Link
D-Link is the global leader in connectivity for home, small business, mid- to large-sized enterprise
environments, and service providers. An award-winning designer, developer, and manufacturer, D-Link
implements and supports unified network solutions that integrate capabilities in switching, wireless,
broadband, storage, IP Surveillance, and cloud-based network management. For more information visit
www.dlink.com, or connect with D-Link on Facebook (www.facebook.com/dlink) and Twitter
(www.twitter.com/dlink).
11.Disclaimer
D-Link and the D-Link logo are trademarks or registered trademarks of D-Link Corporation or its
subsidiaries. All other third-party marks mentioned herein may be trademarks of their respective owners.
Copyright © 2013. D-Link. All Rights Reserved.
References
Authors:
Patrick Cline - [email protected]
William Brown – [email protected]
Vendor Information
Please see DLINK-2013-VUL0213.
Enterasys Networks __ Affected
Notified: May 28, 2013 Updated: August 19, 2013
Status
Affected
Vendor Statement
Product Advisory Note - https://cp-enterasys.kb.net/article.aspx?article=15134&p=1
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Vendor References
Extreme Networks __ Affected
Notified: May 28, 2013 Updated: July 30, 2013
Status
Affected
Vendor Statement
Extreme networks’ EXOS implementation of OSPF is susceptible to the vulnerability reported in VU#229804.
This vulnerability will be fixed in future EXOS release.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
IBM Corporation __ Affected
Notified: May 28, 2013 Updated: August 05, 2013
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
IBM has provided updates for multiple products, please check the URLs below for details.
Vendor References
- <http://www-912.ibm.com/systems/electronic/support/s_dir/slkbase.nsf/docNumber/677961906>
- <http://www-01.ibm.com/support/docview.wss?uid=isg3T1019716>
Juniper Networks, Inc. __ Affected
Notified: May 10, 2013 Updated: December 03, 2013
Status
Affected
Vendor Statement
LEGACY ADVISORY ID:
PSN-2013-08-987
PRODUCT AFFECTED:
All Juniper Networks platforms running Junos Operating System software, JunosE Operating System software, and ScreenOS software
PROBLEM:
A vulnerability has been discovered in the OSPF (Open Shortest Path First) protocol that allows a remote attacker to insert, update, or delete routes in the OSPF database. Juniper has worked to provide fixes for all supported code that is vulnerable to this issue.
The issue lies in the OSPF protocol (RFC 2328: <http://www.rfc-editor.org/rfc/rfc2328.txt>). OSPF does not specify that the ‘Link State ID’ and ‘Advertising Router’ fields need to match when a router receives an OSPF link-state advertisement (LSA). This limitation of the protocol specification would allow for an attacker to inject false routes into the OSPF database. This issue doesn’t exist if the OSPF configuration of a router is set to use MD5 Authentication, or if a filter is used to block external parties from sending OSPF link-state update (LSU) packets. This issue also does not apply to passive OSPF interfaces or interfaces that are not configured for OSPF.
This issue was discovered by an external security researcher.
No other Juniper Networks products or platforms are affected by this issue.
This issue has been assigned CVE-2013-0149.
SOLUTION:
Releases containing (or will contain) the fix specifically include: 13.1R3, 13.2X50-D10, 12.3R3, 12.2R5, 12.1R7, 12.1X45-D10, 12.1X44-D15, 11.4R8, 10.4R15, and all subsequent releases. In addition, all Junos OS software releases built on or after 2013-07-25 will also have fixed this specific issue.
Customers can confirm the build date of any Junos OS release by issuing the command ‘show version detail’.
All JunosE software releases built on or after 2013-07-25 have fixed this specific issue. Please contact JTAC to request a patch or hotfix for fixes on all other supported releases of code.
Software updates to ScreenOS have been released to resolve this issue. Releases containing the fix include ScreenOS 5.4.0r28a, 6.2.0r17a, and 6.3.0r14a.
This issue is being tracked as PR 878639 (Junos), CQ95773 (JunosE), and PR 895456 (ScreenOS).
KB16765 - “In which releases are vulnerabilities fixed?” describes which release vulnerabilities are fixed as per our End of Engineering and End of Life support policies.
WORKAROUND:
Juniper recommends that customers use MD5 authentication when configuring OSPF. MD5 authentication completely mitigates this issue as the router will not accept an LSA without the correct MD5 auth value.
It is good security practice to limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters on physical interfaces (not loopback) to limit access to the router via OSPF unless necessary.
Customers can request a hotfix for this issue on JunosE may do so by contacting JTAC.
IMPLEMENTATION:
RELATED LINKS:
KB16613: Overview of the Juniper Networks SIRT Monthly Security Bulletin Publication Process
KB16765: In which releases are vulnerabilities fixed?
KB16446: Common Vulnerability Scoring System (CVSS) and Juniper’s Security Advisories.
Report a Vulnerability - How to Contact the Juniper Networks Security Incident Response Team
CVE-2013-0149
CVSS SCORE:
7.8 (AV:N/AC:M/Au:N/C:N/I:P/A:C)
RISK LEVEL:
High
RISK ASSESSMENT:
This issue could allow an remote attacker the ability to modify an OSPF database. For the issue to take place the attacker would need to have unfiltered access to an OSPF interface that is not using MD5 authentication. The attacker would be able to add routes, overwrite routes, and also clear the OSPF database. This attack could potentially allow an attacker to cause a denial of service or reroute traffic.
ACKNOWLEDGEMENTS:
Juniper SIRT would like to acknowledge and thank Gabi Nakibly for responsibly reporting this vulnerability to CERT/CC who coordinated the multi-vendor response.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Vendor References
- [http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10582&cat=SIRT_1&actp= LIST](<http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10582&cat=SIRT_1&actp=
LIST>)
NEC Corporation __ Affected
Notified: May 28, 2013 Updated: September 10, 2013
Status
Affected
Vendor Statement
We provide information on this issue at the following URL: <http://jpn.nec.com/security-info/secinfo/nv13-006.html> (only in Japanese)
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Vendor References
Oracle Corporation __ Affected
Notified: May 28, 2013 Updated: October 16, 2013
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
Affected products include: Oracle Sun Blade 6000 10GBE switched NEM 1.2, Sun Network 10GBE Switch 72P 1.2, Oracle Switch ES1-24 1.3. A patch is available at the following link.
Vendor References
Vyatta __ Affected
Notified: May 10, 2013 Updated: August 05, 2013
Status
Affected
Vendor Statement
TECHNICAL SUPPORT BULLETIN
July 25, 2013
TSB 2013-165- A SEVERITY: Low – Informational
PRODUCTS AFFECTED:
Brocade MLX Series running NetIron SW
Brocade NetIron XMR Series running NetIron SW
Brocade NetIron CER Series running NetIron SW
Brocade NetIron CES Series running NetIron SW
Brocade VDX Series running Network OS 3.x and later SW
Brocade FastIron Series running FastIron SW
Brocade ICX Series running FastIron SW
Brocade TurboIron Series running FastIron or TurboIron SW
Brocade BigIron RX Series running BigIron RX SW
Brocade ADX Series and JetCore Series running ServerIron SW
Brocade Vyatta vRouter
CORRECTED IN RELEASE:
See list of releases below.
BULLETIN OVERVIEW
A security vulnerability, US-CERT Ref VU#229804, has been identified in the OSPF protocol. This
vulnerability has a CVSS score of 9.3 and is documented in the National Vulnerability Database as
CVE-2013-0149. See <http://nvd.nist.gov/home.cfm> for details.
Brocade produces and publishes Technical Support Bulletins to OEMs, partners and customers that
have a direct, entitled, support relationship in place with Brocade
Please contact your primary service provider for further information regarding this topic and
applicability for your environment.
PROBLEM STATEMENT
A security vulnerability, US-CERT Ref VU#229804, has been identified in the OSPF protocol. This
vulnerability requires that the attacker already controls a router within the AS.
RISK ASSESSMENT
The listed products are exposed to this vulnerability in the OSPF protocol, where the attacker already
has control of a router in the AS. This vulnerability has a CVSS score of 9.3.
SYMPTOMS
An attacker who has gained control of a router within a given AS can arbitrarily poison the routing
tables of all other routers in the AS. This can facilitate traffic subversion, black hole, etc.
The attacker can cause attacks through a crafted illegal OSPF router LSA (type-1); where the link state
ID & router ID in the LSA is not same; leading to corruption of routing table in the routers.
The crafted Router LSA must come from a source IP of an OSPF peer; in other words, spoofing a
legitimate OSPF peer. OR the router LSA is sent in the interface where an OSPF peer is existing
already.
WORKAROUND
There is no workaround. However if users can physically secure their network/routers, the chance of
this attack is quite low.
The recommendations are:
a) Physically secure the access to network routers, and links between routers.
b) Only allow passive OSPF protocols on interfaces with user/host connections, (i.e. leaf
interfaces).
c) Enable OSPF MD5 authentication
This is not considered completely secure, but it should make the attack more difficult.
CORRECTIVE ACTION
See <http://My.Brocade.com> for the appropriate SW release(s) as listed below, please contact your
account team or Brocade Support if you have further questions.
Affected Products:
Brocade MLX Series
Brocade NetIron XMR Series
Brocade NetIron CER Series
Brocade NetIron CES Series
SW Releases with problem resolved
NetIron 05.2.00k and later
NetIron 05.3.00f and later
NetIron 05.4.00e and later
NetIron 05.5.00d and later
Reference Defect ID: 468326
Affected Products:
Brocade VDX Series
SW Releases with problem resolved
Network OS 3.0.1c and later
Network OS 4.0.0a and later
Reference Defect ID: 466022
Affected Products:
Brocade FastIron Series
Brocade ICX Series
Brocade TurboIron Series
SW Releases with problem resolved
FastIron 7.2.02k and later
FastIron 7.3.00g and later
FastIron 07.4.00d and later
FastIron 08.0.00b and later
Reference Defect ID: 466801
Affected Products:
Brocade BigIron RX Series
SW Releases with problem resolved
BigIron RX 2.7.02p and later
BigIron RX 02.8.00f and later
BigIron RX 02.9.00c and later
Reference Defect ID: 468497
Affected Products:
Brocade ADX Series and JetCore Series
SW Releases with problem resolved
ServerIron JetCore 10.2.02d
ServerIron JetCore 11.0.00k
ServerIron ADX 12.3.01k
ServerIron ADX 12.4.00k
ServerIron ADX 12.5.01a
Reference Defect ID (ADX): 469347
Reference Defect ID (JetCore): 111372
Affected Products:
Brocade Vyatta vRouter
For customers running on Amazon Web
Services this problem has been resolved.
SW Releases with problem resolved
Brocade Vyatta vRouter 6.6R1
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Yamaha Corporation __ Affected
Notified: May 28, 2013 Updated: August 05, 2013
Status
Affected
Vendor Statement
Yamaha corporation provides information on this issue at the following URL. (Japanese only)
<http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/VU96465452.html>
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Vendor References
ACME Packet Not Affected
Notified: May 28, 2013 Updated: July 18, 2013
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Buffalo Inc Not Affected
Notified: May 30, 2013 Updated: September 12, 2013
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Fortinet, Inc. Not Affected
Notified: May 28, 2013 Updated: August 19, 2013
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
FreeBSD Project Not Affected
Notified: May 28, 2013 Updated: July 18, 2013
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Global Technology Associates, Inc. __ Not Affected
Notified: May 28, 2013 Updated: July 30, 2013
Statement Date: July 30, 2013
Status
Not Affected
Vendor Statement
GTA’s GB-OS based firewalls are not affected by this (VU#229804
- OSPF) vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Hitachi __ Not Affected
Notified: May 28, 2013 Updated: July 31, 2013
Status
Not Affected
Vendor Statement
`Hitachi Information for VU#229804
AlaxalA AX series
(AX8600R/AX6000S/AX3800S/AX3600S/AX2500S/AX2200S/AX1200S/AX7800S/AX7800R)
are not vulnerable to this issue.`
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Huawei Technologies __ Not Affected
Notified: May 10, 2013 Updated: August 22, 2013
Status
Not Affected
Vendor Statement
Huawei network devices are not affected by this (VU#229804- OSPF)
vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Intel Corporation Not Affected
Notified: May 22, 2013 Updated: July 18, 2013
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
McAfee Not Affected
Notified: May 28, 2013 Updated: October 16, 2013
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Vendor References
Palo Alto Networks Not Affected
Notified: May 28, 2013 Updated: July 18, 2013
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Quagga __ Not Affected
Notified: May 23, 2013 Updated: August 05, 2013
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
Quagga is not affected by this vulnerability but the vendor has provided a patch to prevent rebroadcasting of malformed LSAs.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23229804 Feedback>).
VMware Not Affected
Notified: May 28, 2013 Updated: July 18, 2013
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Watchguard Technologies, Inc. Not Affected
Notified: May 28, 2013 Updated: August 06, 2013
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
eSoft, Inc. Not Affected
Notified: May 28, 2013 Updated: July 30, 2013
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
ACCESS Unknown
Notified: May 28, 2013 Updated: May 28, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
AT&T Unknown
Notified: June 06, 2013 Updated: June 06, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Alcatel-Lucent Unknown
Notified: May 10, 2013 Updated: May 10, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Apple Inc. Unknown
Notified: May 28, 2013 Updated: May 28, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Avaya, Inc. Unknown
Notified: May 28, 2013 Updated: May 28, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Barracuda Networks Unknown
Notified: May 28, 2013 Updated: May 28, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Belkin, Inc. Unknown
Notified: May 28, 2013 Updated: May 28, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Blue Coat Systems Unknown
Notified: June 06, 2013 Updated: June 06, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Borderware Technologies Unknown
Notified: May 28, 2013 Updated: May 28, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
CA Technologies Unknown
Notified: May 28, 2013 Updated: May 28, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Charlotte’s Web Networks Unknown
Notified: May 28, 2013 Updated: May 28, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Computer Emergency Response Team Australia Unknown
Notified: May 30, 2013 Updated: May 30, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Conectiva Inc. Unknown
Notified: May 28, 2013 Updated: May 28, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Cray Inc. Unknown
Notified: May 28, 2013 Updated: May 28, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Debian GNU/Linux Unknown
Notified: May 28, 2013 Updated: May 28, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Dell Computer Corporation, Inc. Unknown
Notified: May 10, 2013 Updated: May 10, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
DragonFly BSD Project Unknown
Notified: May 28, 2013 Updated: May 28, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
EMC Corporation Unknown
Notified: May 28, 2013 Updated: May 28, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Engarde Secure Linux Unknown
Notified: May 28, 2013 Updated: May 28, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Ericsson Unknown
Notified: June 06, 2013 Updated: June 06, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
F5 Networks, Inc. Unknown
Notified: May 28, 2013 Updated: May 28, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Fedora Project Unknown
Notified: May 28, 2013 Updated: May 28, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Force10 Networks, Inc. Unknown
Notified: May 28, 2013 Updated: May 28, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Fujitsu Unknown
Notified: May 28, 2013 Updated: May 28, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Gentoo Linux Unknown
Notified: June 06, 2013 Updated: June 06, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Google Unknown
Notified: May 28, 2013 Updated: May 28, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Hewlett-Packard Company Unknown
Notified: May 10, 2013 Updated: May 10, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
IBM Corporation (zseries) Unknown
Notified: May 28, 2013 Updated: May 28, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
IBM eServer Unknown
Notified: May 28, 2013 Updated: May 28, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
IP Infusion, Inc. Unknown
Notified: May 28, 2013 Updated: May 28, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Infoblox Unknown
Notified: May 28, 2013 Updated: May 28, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Internet Security Systems, Inc. Unknown
Notified: May 28, 2013 Updated: May 28, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Intoto Unknown
Notified: May 28, 2013 Updated: May 28, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Mandriva S. A. Unknown
Notified: May 28, 2013 Updated: May 28, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Mellanox Technologies Unknown
Notified: July 10, 2013 Updated: July 10, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Microsoft Corporation Unknown
Notified: May 28, 2013 Updated: May 28, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
MontaVista Software, Inc. Unknown
Notified: May 28, 2013 Updated: May 28, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
NetApp Unknown
Notified: May 28, 2013 Updated: May 28, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
NetBSD Unknown
Notified: May 28, 2013 Updated: May 28, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Nokia Unknown
Notified: May 28, 2013 Updated: May 28, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Nortel Networks, Inc. Unknown
Notified: May 10, 2013 Updated: May 10, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Novell, Inc. Unknown
Notified: May 28, 2013 Updated: May 28, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
OpenBSD Unknown
Notified: May 28, 2013 Updated: May 28, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Openwall GNU/*/Linux Unknown
Notified: May 28, 2013 Updated: May 28, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Peplink Unknown
Notified: May 28, 2013 Updated: May 28, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Process Software Unknown
Notified: May 28, 2013 Updated: May 28, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Q1 Labs Unknown
Notified: May 28, 2013 Updated: May 28, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
QLogic Unknown
Notified: July 17, 2013 Updated: July 17, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
QNX Software Systems Inc. Unknown
Notified: June 06, 2013 Updated: June 06, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Red Hat, Inc. Unknown
Notified: May 28, 2013 Updated: May 28, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
SUSE Linux Unknown
Notified: May 28, 2013 Updated: May 28, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
SafeNet Unknown
Notified: May 28, 2013 Updated: May 28, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Secureworx, Inc. Unknown
Notified: June 06, 2013 Updated: June 06, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Silicon Graphics, Inc. Unknown
Notified: May 28, 2013 Updated: May 28, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Slackware Linux Inc. Unknown
Notified: June 06, 2013 Updated: June 06, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
SmoothWall Unknown
Notified: May 28, 2013 Updated: May 28, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Snort Unknown
Notified: May 28, 2013 Updated: May 28, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Sony Corporation Unknown
Notified: May 28, 2013 Updated: May 28, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Sourcefire Unknown
Notified: May 28, 2013 Updated: May 28, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Stonesoft Unknown
Notified: June 06, 2013 Updated: June 06, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Symantec Unknown
Notified: June 06, 2013 Updated: June 06, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
The SCO Group Unknown
Notified: May 28, 2013 Updated: May 28, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
TippingPoint Technologies Inc. Unknown
Notified: May 28, 2013 Updated: May 28, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Turbolinux Unknown
Notified: May 28, 2013 Updated: May 28, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Ubuntu Unknown
Notified: May 28, 2013 Updated: May 28, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Unisys Unknown
Notified: May 28, 2013 Updated: May 28, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Wind River Systems, Inc. Unknown
Notified: May 28, 2013 Updated: May 28, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Windstream Unknown
Notified: July 29, 2013 Updated: July 29, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
ZyXEL Unknown
Notified: June 06, 2013 Updated: June 06, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
m0n0wall Unknown
Notified: May 28, 2013 Updated: May 28, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
netfilter Unknown
Notified: May 28, 2013 Updated: May 28, 2013
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
View all 97 vendors __View less vendors __
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 5.4 | AV:A/AC:M/Au:N/C:P/I:P/A:P |
| Temporal | 4.2 | E:POC/RL:OF/RC:C |
| Environmental | 5.1 | CDP:MH/TD:M/CR:ND/IR:ND/AR:H |
References
Acknowledgements
Thanks to Dr. Gabi Nakibly for reporting this vulnerability.
This document was written by Chris King.
Other Information
| CVE IDs: | CVE-2013-0149 |
|---|---|
| Date Public: | 2013-08-01 Date First Published: |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:N/A:P
EPSS
Percentile
55.4%