Redhat.comRH:CVE-2017-3224CVE-2017-3224
8.2 High
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H
4.3 Medium
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:M/Au:N/C:N/I:P/A:P
A vulnerability was discovered in several OSPF implementations, including Quagga. A malicious OSPF peer, or an attacker able to spoof messages from an OSPF peer, could send a crafted message that would result in erasure or alteration of the routing table, resulting in denial of service or incorrect routing of traffic.
Mitigation
It is strongly recommended to configure Quagga to require authentication from OSPF peers (eg ip ospf authentication message-digest ). Message digest authentication effectively prevents even a man-in-the-middle attacker from exploiting this vulnerability or otherwise interfering with the routing table, as any message without a proper cryptographic signature will be rejected.
Related
8.2 High
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H
4.3 Medium
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:M/Au:N/C:N/I:P/A:P