Vulnerability Development mailing list archives

Re: Fwd: Cisco AS5350 IOS 12.3(1a) OSPF bug?

From: Ilker Temir <itemir () cisco com>
Date: Fri, 31 Oct 2003 17:34:35 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This e-mail is in response to the e-mail posted by 3APA3A to
vuln-dev () securityfocus com. The original message can be found at
http://www.securityfocus.com/archive/82/342903/2003-10-27/2003-11-02/0

Hello 3APA3A,

OSPF is enabled on an interface if the IP address of that interface is
covered by the network command. OSPF hello packets are sent on all OSPF
enabled interfaces unless they are defined as passive. This also applies
to the interfaces that are configured as unnumbered interfaces.

Therefore the behavior you observed in 12.3(1a) is expected.

The interfaces that are defined as unnumbered were excluded from the
OSPF process in older implementations of IOS. This behavior is changed
by the Cisco Bug ID CSCds04548 (OSPF does not work with unnumbered
interfaces).

Regards,

Ilker

3APA3A wrote:
| From: 3APA3A <3APA3A () SECURITY NNOV RU>
| To: vuln-dev () securityfocus com <vuln-dev () securityfocus com>
| Date: Wednesday, October 29, 2003, 8:50:31 PM
| Subject: Cisco AS5350 IOS 12.3(1a) OSPF bug?
|
| ===8<==============Original message text===============
| Dear vuln-dev,
|
|   There is a bug in Cisco IOS, _may be_ with security impact of changing
|   OSPF routing table from untrusted connection.
|
|   If OSPF is enabled with configuration like
|
| router ospf 1
|  log-adjacency-changes
|  redistribute connected subnets route-map ospf
|  redistribute static subnets route-map ospf
|  network 192.168.100.0 0.0.1.255 area 1
|
|   OSPF  is propagated via multicast (OSPF HELO is active) to _all_ peers
|   _regardless_ of address (including all async dialup connections).
|
|   Because  I  have  access  to only one router in this configuration and
|   it's  in  production  environment  I  was  not  able  to check if it's
|   possible to negotiate OSPF and change route table from async interface
|   or not.
|
|  passive-interface Group-Async0
|
|   fixes the problem.
|
|   Tested with Cisco AS5350 flash image c5350-is-mz.123-1a.bin
|
|   12.2(3) is not vulnerable.
|
|   Can somebody reproduce/confirm this problem and check if it's possible
|   to set OSPF connection?
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE/oo8b8/wE0ppYtwURAn4ZAJ9LV9puW2Mfj1KI5z2WOxlKCxmRigCguGbv
Gz53InxHugusQL6djRa3S4Y=
=2YMv
-----END PGP SIGNATURE-----

Current thread:

Cisco AS5350 IOS 12.3(1a) OSPF bug? 3APA3A (Oct 30)
- Message not available
  - Re: Fwd: Cisco AS5350 IOS 12.3(1a) OSPF bug? Ilker Temir (Oct 31)