Cisco ONS 15000 Series Malformed OSPF Packet DoS

2006-04-05T03:17:42
ID OSVDB:24437
Type osvdb
Reporter OSVDB
Modified 2006-04-05T03:17:42

Description

Vulnerability Description

Cisco ONS 15000 platforms contain a flaw that may allow a remote denial of service against the device's control cards. The issue is triggered when specially crafted OSPF packets are sent to control cards. This issue is present for unicast packets as well as multicast packets. This can result in a reset of the control cards on the platform, leading to a loss of availability.

Technical Description

This vulnerability only applies when OSPF is configured on the LAN interface. This is not the default setting.

Solution Description

Upgrade to the software versions released and detailed by the vendor, as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Cisco ONS 15000 platforms contain a flaw that may allow a remote denial of service against the device's control cards. The issue is triggered when specially crafted OSPF packets are sent to control cards. This issue is present for unicast packets as well as multicast packets. This can result in a reset of the control cards on the platform, leading to a loss of availability.

References:

Security Tracker: 1015872 Secunia Advisory ID:19553 Related OSVDB ID: 24438 Related OSVDB ID: 24436 Related OSVDB ID: 24434 Related OSVDB ID: 24435 Other Advisory URL: http://www.cisco.com/warp/public/707/cisco-sa-20060405-ons.shtml Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0116.html Keyword: CSCsc54558 CVE-2006-1671