The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

computer weakness note CVE-2013-0149

OSPF: corrupting the routing database

Synthesis of the vulnerability

An attacker can spoof OSPF messages, in order to corrupt the routing database.
Severity of this computer vulnerability: 3/4.
Creation date: 02/08/2013.
Revisions dates: 01/08/2014, 14/02/2017.
Références of this announce: BID-61566, c03880910, CERTA-2013-AVI-458, CERTA-2013-AVI-487, CERTA-2013-AVI-508, cisco-sa-20130801-lsaospf, CQ95773, CSCug34469, CSCug34485, CSCug39762, CSCug39795, CSCug63304, CVE-2013-0149, HPSBHF02912, JSA10575, JSA10580, JSA10582, PR 878639, PR 895456, sk94490, SUSE-SU-2014:0879-1, VIGILANCE-VUL-13192, VU#229804.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The RFC 2328 defines the OSPF protocol (Open Shortest Path First) which established IP routes, using LSA (Link State Advertisement) messages.

The LSA Type 1 Update (LSU, Link-State Update) message is used to update the routing database. However, the RFC does not request to check the "Link State ID" and "Advertising Router" fields of LSU messages. Several implementations (Cisco, Juniper, etc.) therefore do not perform this check.

An attacker can thus spoof a LSU message if he knows:
 - the IP address of the target router
 - LSA DB sequence numbers
 - the router ID of the OSPF Designated Router

An attacker can therefore spoof OSPF messages, in order to corrupt the routing database.
Full Vigil@nce bulletin... (Free trial)

This security bulletin impacts software or systems such as CheckPoint IP Appliance, IPSO, CheckPoint Security Gateway, Cisco ASR, ASA, Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Nexus by Cisco, NX-OS, Cisco Router, ProCurve Switch, HP Switch, Juniper E-Series, Juniper J-Series, JUNOSe, Junos OS, NetScreen Firewall, ScreenOS, SUSE Linux Enterprise Desktop, SLES.

Our Vigil@nce team determined that the severity of this cybersecurity announce is important.

The trust level is of type confirmed by the editor, with an origin of internet client.

An attacker with a expert ability can exploit this vulnerability alert.

Solutions for this threat

Cisco IOS: fixed versions for OSPF.
Fixed versions are indicated in information sources.

Cisco IOS-XE: fixed versions for OSPF.
Fixed versions are indicated in information sources.

Cisco ASA, PIX: fixed versions for OSPF.
Fixed versions are indicated in information sources.

Cisco FWSM: fixed versions for OSPF.
Fixed versions are indicated in information sources.

Cisco NX-OS: fixed versions for OSPF.
Fixed versions are indicated in information sources.

Cisco ASR 5000 StarOS: version 14.0.50488.
The version 14.0.50488 is fixed:
  https://tvce.cisco.com/security/AIMS/SecurityPublicationDetail.aspx?Mode=Edit&ID=34418&Version=1&Revision=3#fixes

Juniper Junos: version 13.1R3.
The version 13.1R3 is fixed.

Juniper Junos: version 13.2X50-D10.
The version 13.2X50-D10 is fixed.

Juniper Junos: version 12.3R3.
The version 12.3R3 is fixed:
  http://www.juniper.net/

Juniper Junos: version 12.2R5.
The version 12.2R5 is fixed.

Juniper Junos: version 12.1R7.
The version 12.1R7 is fixed:
  http://www.juniper.net/

Juniper Junos: version 12.1X45-D10.
The version 12.1X45-D10 is fixed:
  http://www.juniper.net/

Juniper Junos: version 12.1X44-D15.
The version 12.1X44-D15 is fixed:
  http://www.juniper.net/

Juniper Junos: version 11.4R8.
The version 11.4R8 is fixed:
  http://www.juniper.net/

Juniper Junos: version 10.4R15.
The version 10.4R15 is fixed:
  http://www.juniper.net/

Juniper JunosE: fixed versions for OSPF.
Fixed versions are available from JTAC.

ScreenOS: version 6.3.0r14a.
The version 6.3.0r14a is fixed.

ScreenOS: version 6.2.0r17a.
The version 6.2.0r17a is fixed.

ScreenOS: version 5.4.0r28a.
The version 5.4.0r28a is fixed.

Check Point: hotfix for OSPF.
A hotfix is available in information sources.

HP Switch: fixed versions for OSPF.
Fixed versions are indicated in information sources.

SUSE LE: new quagga packages.
New packages are available:
  SUSE LE 11: quagga 0.99.15-0.14.11
  SUSE LE 10: quagga 0.99.9-14.17.12
  SUSE LE 10: quagga 0.99.9-14.17.12
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a systems vulnerabilities workaround. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.