Vyatta Information for VU#229804

Open Shortest Path First (OSPF) Protocol does not specify unique LSA lookup identifiers

Status

Affected

Vendor Statement

TECHNICAL SUPPORT BULLETIN

    July 25, 2013

    TSB 2013-165- A SEVERITY: Low – Informational

    PRODUCTS AFFECTED:
    Brocade MLX Series running NetIron SW
    Brocade NetIron XMR Series running NetIron SW
    Brocade NetIron CER Series running NetIron SW
    Brocade NetIron CES Series running NetIron SW
    Brocade VDX Series running Network OS 3.x and later SW
    Brocade FastIron Series running FastIron SW
    Brocade ICX Series running FastIron SW
    Brocade TurboIron Series running FastIron or TurboIron SW
    Brocade BigIron RX Series running BigIron RX SW
    Brocade ADX Series and JetCore Series running ServerIron SW
    Brocade Vyatta vRouter
    CORRECTED IN RELEASE:
    See list of releases below.

    BULLETIN OVERVIEW
    A security vulnerability, US-CERT Ref VU#229804, has been identified in the OSPF protocol. This
    vulnerability has a CVSS score of 9.3 and is documented in the National Vulnerability Database as
    CVE-2013-0149. See http://nvd.nist.gov/home.cfm for details.

    Brocade produces and publishes Technical Support Bulletins to OEMs, partners and customers that
    have a direct, entitled, support relationship in place with Brocade

    Please contact your primary service provider for further information regarding this topic and
    applicability for your environment.

    PROBLEM STATEMENT
    A security vulnerability, US-CERT Ref VU#229804, has been identified in the OSPF protocol. This
    vulnerability requires that the attacker already controls a router within the AS.

    RISK ASSESSMENT
    The listed products are exposed to this vulnerability in the OSPF protocol, where the attacker already
    has control of a router in the AS. This vulnerability has a CVSS score of 9.3.

    SYMPTOMS
    An attacker who has gained control of a router within a given AS can arbitrarily poison the routing
    tables of all other routers in the AS. This can facilitate traffic subversion, black hole, etc.
    The attacker can cause attacks through a crafted illegal OSPF router LSA (type-1); where the link state
    ID & router ID in the LSA is not same; leading to corruption of routing table in the routers.
    The crafted Router LSA must come from a source IP of an OSPF peer; in other words, spoofing a
    legitimate OSPF peer. OR the router LSA is sent in the interface where an OSPF peer is existing
    already.

    WORKAROUND
    There is no workaround. However if users can physically secure their network/routers, the chance of
    this attack is quite low.
    The recommendations are:
    a) Physically secure the access to network routers, and links between routers.
    b) Only allow passive OSPF protocols on interfaces with user/host connections, (i.e. leaf
    interfaces).
    c) Enable OSPF MD5 authentication
    This is not considered completely secure, but it should make the attack more difficult.

    CORRECTIVE ACTION
    See http://My.Brocade.com for the appropriate SW release(s) as listed below, please contact your
    account team or Brocade Support if you have further questions.

    Affected Products:
     Brocade MLX Series
     Brocade NetIron XMR Series
     Brocade NetIron CER Series
     Brocade NetIron CES Series

    SW Releases with problem resolved
     NetIron 05.2.00k and later
     NetIron 05.3.00f and later
     NetIron 05.4.00e and later
     NetIron 05.5.00d and later
    Reference Defect ID: 468326

    Affected Products:
     Brocade VDX Series

    SW Releases with problem resolved
     Network OS 3.0.1c and later
     Network OS 4.0.0a and later
    Reference Defect ID: 466022

    Affected Products:
     Brocade FastIron Series
     Brocade ICX Series
     Brocade TurboIron Series

    SW Releases with problem resolved
     FastIron 7.2.02k and later
     FastIron 7.3.00g and later
     FastIron 07.4.00d and later
     FastIron 08.0.00b and later
    Reference Defect ID: 466801

    Affected Products:
     Brocade BigIron RX Series

    SW Releases with problem resolved
     BigIron RX 2.7.02p and later
     BigIron RX 02.8.00f and later
     BigIron RX 02.9.00c and later
    Reference Defect ID: 468497

    Affected Products:
     Brocade ADX Series and JetCore Series

    SW Releases with problem resolved
     ServerIron JetCore 10.2.02d
     ServerIron JetCore 11.0.00k
     ServerIron ADX 12.3.01k
     ServerIron ADX 12.4.00k
     ServerIron ADX 12.5.01a
    Reference Defect ID (ADX): 469347
    Reference Defect ID (JetCore): 111372

    Affected Products:
     Brocade Vyatta vRouter

    For customers running on Amazon Web
    Services this problem has been resolved.
    SW Releases with problem resolved
     Brocade Vyatta vRouter 6.6R1

    Vendor Information

    We are not aware of further vendor information regarding this vulnerability.

    Vendor References

    None

    Addendum

    There are no additional comments at this time.

    If you have feedback, comments, or additional information about this vulnerability, please send us email.