| VID |
29043 |
| Severity |
40 |
| Port |
161 |
| Protocol |
UDP |
| Class |
CISCO |
| Detailed Description |
The Cisco IOS has a OSPF neighbor packet buffer overflow vulnerability(Cisco Bug ID CSCdp58462). This vulnerability arises when a remote attacker sends a flood of Open Shortest Path First (OSPF) neighbor packets. By sending 255 or more OSPF neighbor packets to an affected router, a remote attacker could overflow a buffer and execute malicious instructions on a device running a vulnerable version of the software.
* Note: This check solely relies on the version number of the remote system to assess this vulnerability, so this may be a false positive. Also, it requires a read access SNMP community string to collect the version number. To provide this access, add the valid community string to the check item, "snmp/guessable/r" from the Policy Editor.
* References:
http://www.securityfocus.com/archive/1/312510
http://www.securityfocus.com/archive/1/312802
http://www.cisco.com/warp/public/707/cisco-sn-20030221-ospf.shtml
http://archives.neohapsis.com/archives/bugtraq/2003-02/0239.html
http://www.phenoelit.de/stuff/19C3.pdf
http://archives.neohapsis.com/archives/bugtraq/2003-02/0267.html
* Platforms Affected:
Cisco IOS 11.2.x to 12.0.x |
| Recommendation |
Upgrade to one of the fixed versions of Cisco IOS, as listed below. Upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com/tacpage/sw-center/ .
12.0(19)S or later
12.0(19)ST or later
12.1(1) or later
12.1(1)DB or later
12.1(1)DC or later
12.1(1)T or later
Workarounds:
One workaround for this issue is to configure OSPF MD5 authentication. This may be done per interface or per area. For more information, refer to documentation on configuring MD5 authentication at http://www.cisco.com/warp/public/104/25.shtml#4 .
Another possible workaround is to apply inbound access lists to explicitly allow certain OSPF neighbors only, as demonstrated below:
access-list 100 permit ospf host a.b.c.x host 224.0.0.5
access-list 100 permit ospf host a.b.c.x host interface_ip
access-list 100 permit ospf host a.b.c.y host 224.0.0.5
access-list 100 permit ospf host a.b.c.y host interface_ip
access-list 100 permit ospf host a.b.c.z host 224.0.0.5
access-list 100 permit ospf host a.b.c.z host interface_ip
access-list 100 permit ospf any host 224.0.0.6
access-list 100 deny ospf any any
access-list 100 permit ip any any |
| Related URL |
CVE-2003-0100 (CVE) |
| Related URL |
6895 (SecurityFocus) |
| Related URL |
11373 (ISS) |
|
