Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2013-0149

Опубликовано: 01 авг. 2013
Источник: redhat
CVSS2: 4.3

Описание

The OSPF implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.3, IOS-XE 2.x through 3.9.xS, ASA and PIX 7.x through 9.1, FWSM, NX-OS, and StarOS before 14.0.50488 does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a (1) unicast or (2) multicast packet, aka Bug IDs CSCug34485, CSCug34469, CSCug39762, CSCug63304, and CSCug39795.

Отчет

Not vulnerable. This issue did not affect the versions of quagga as shipped with Red Hat Enterprise Linux 5 and 6, since the OSPF protocol implementation in Quagga performs LSA id lookup based on two identifiers - (Router-ID, LS-ID) pair.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5quaggaNot affected
Red Hat Enterprise Linux 6quaggaNot affected
Red Hat Enterprise Linux 7quaggaNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=991457(ospfd): Possibility to use invalid / duplicate LSA information (VU#229804)

4.3 Medium

CVSS2

Связанные уязвимости

nvd логотип

CVE-2013-0149

nvd
почти 12 лет назад

The OSPF implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.3, IOS-XE 2.x through 3.9.xS, ASA and PIX 7.x through 9.1, FWSM, NX-OS, and StarOS before 14.0.50488 does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a (1) unicast or (2) multicast packet, aka Bug IDs CSCug34485, CSCug34469, CSCug39762, CSCug63304, and CSCug39795.

debian логотип

CVE-2013-0149

debian
почти 12 лет назад

The OSPF implementation in Cisco IOS 12.0 through 12.4 and 15.0 throug ...

github логотип

GHSA-p37g-cwqg-c54c

github
около 3 лет назад

The OSPF implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.3, IOS-XE 2.x through 3.9.xS, ASA and PIX 7.x through 9.1, FWSM, NX-OS, and StarOS before 14.0.50488 does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a (1) unicast or (2) multicast packet, aka Bug IDs CSCug34485, CSCug34469, CSCug39762, CSCug63304, and CSCug39795.

fstec логотип

BDU:2014-00041

fstec
почти 12 лет назад

Уязвимость операционной системы Cisco IOS, позволяющая злоумышленнику вызвать «отказ в обслуживании»

4.3 Medium

CVSS2