Vulnerability Development mailing list archives
Cisco AS5350 IOS 12.3(1a) OSPF bug?
From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Wed, 29 Oct 2003 20:50:31 +0300
Dear vuln-dev, There is a bug in Cisco IOS, _may be_ with security impact of changing OSPF routing table from untrusted connection. If OSPF is enabled with configuration like router ospf 1 log-adjacency-changes redistribute connected subnets route-map ospf redistribute static subnets route-map ospf network 192.168.100.0 0.0.1.255 area 1 OSPF is propagated via multicast (OSPF HELO is active) to _all_ peers _regardless_ of address (including all async dialup connections). Because I have access to only one router in this configuration and it's in production environment I was not able to check if it's possible to negotiate OSPF and change route table from async interface or not. passive-interface Group-Async0 fixes the problem. Tested with Cisco AS5350 flash image c5350-is-mz.123-1a.bin 12.2(3) is not vulnerable. Can somebody reproduce/confirm this problem and check if it's possible to set OSPF connection? -- http://www.security.nnov.ru /\_/\ { , . } |\ +--oQQo->{ ^ }<-----+ \ | ZARAZA U 3APA3A } You know my name - look up my number (The Beatles) +-------------o66o--+ / |/
Current thread:
- Cisco AS5350 IOS 12.3(1a) OSPF bug? 3APA3A (Oct 30)
- Message not available
- Re: Fwd: Cisco AS5350 IOS 12.3(1a) OSPF bug? Ilker Temir (Oct 31)
- Message not available