SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information

Report a Vulnerability

 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#989406

Cisco IOS fails to properly handle malformed OSPF packets

Overview

A denial-of-service vulnerability exists in Cisco's Internetwork Operating System (IOS). This vulnerability may allow remote attackers to conduct denial-of-service attacks on an affected device.

I. Description

Open Shortest Path First (OSPF) is a routing protocol that provides a means for distributing routing information between routers. The Cisco Internetwork Operating System (IOS) implementation of OSPF contains a vulnerability that allows malformed OSPF packets to cause an affected router to reload. Such packets can be sent by an unauthenticated remote attacker and will result in a denial-of-service condition.

II. Impact

By sending a specially crafted OSPF packet to an affected device, a remote, unauthenticated attacker could cause the device to reload. Repeated exploitation of this vulnerability could result in a denial-of-service condition. In order to exploit this vulnerability, an attacker would need to know several parameters. These parameters include the OSPF area number, netmask, hello, and dead timers, which are configured on the affected device.

III. Solution

Apply a patch

Please refer to the "Software Versions and Fixes" section of the Cisco Advisory for more information on upgrading.

Use OSPF authentication

Cisco recommends using OSPF authentication to mitigate against this vulnerability. Quoting from Cisco's Advisory,

    OSPF authentication may be used as a workaround. OSPF packets without a valid key will not be processed. MD5 authentication is highly recommended, due to inherent weaknesses in plain text authentication. With plain text authentication, the authentication key will be sent unencrypted over the network, which can allow an attacker on a local network segment to capture the key by sniffing packets.
For more information on OSPF authentication, please see http://www.cisco.com/warp/public/104/25.shtml.

Restrict access

Use Access Control Lists (ACLs) to block or restrict access to affected devices from untrusted networks. For information on implementing ACLs, please see Cisco's white paper "Protecting Your Core: Infrastructure Protection Access Control Lists".

Systems Affected
VendorStatusDate NotifiedDate Updated
Cisco Systems Inc.Vulnerable19-Aug-2004

References

http://www.cisco.com/warp/public/707/cisco-sa-20040818-ospf.shtml
http://www.cisco.com/warp/public/104/25.shtml
http://www.cisco.com/warp/public/707/iacl.html
http://www.cisco.com/warp/public/732/ciscoios.html
http://www.ietf.org/rfc/rfc2328.txt?number=2328
http://www.securitytracker.com/alerts/2004/Aug/1010981.html
http://secunia.com/advisories/12322/
http://www.securiteam.com/securitynews/5AP0B2KDPI.html

Credit

This vulnerability was reported by the Cisco Systems Product Security Incident Response Team (PSIRT).

This document was written by Damon Morda.

Other Information

Date Public:2004-08-18
Date First Published:2004-08-19
Date Last Updated:2004-08-19
CERT Advisory: 
CVE-ID(s): 
NVD-ID(s): 
US-CERT Technical Alerts: 
Severity Metric:12.50
Document Revision:23

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2004 Carnegie Mellon University
Disclaimers and copyright information
Get a PDF Reader