Vulnerability Development mailing list archives
Re: Fwd: Cisco AS5350 IOS 12.3(1a) OSPF bug?
From: Ilker Temir <itemir () cisco com>
Date: Fri, 31 Oct 2003 17:34:35 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This e-mail is in response to the e-mail posted by 3APA3A to vuln-dev () securityfocus com. The original message can be found at http://www.securityfocus.com/archive/82/342903/2003-10-27/2003-11-02/0 Hello 3APA3A, OSPF is enabled on an interface if the IP address of that interface is covered by the network command. OSPF hello packets are sent on all OSPF enabled interfaces unless they are defined as passive. This also applies to the interfaces that are configured as unnumbered interfaces. Therefore the behavior you observed in 12.3(1a) is expected. The interfaces that are defined as unnumbered were excluded from the OSPF process in older implementations of IOS. This behavior is changed by the Cisco Bug ID CSCds04548 (OSPF does not work with unnumbered interfaces). Regards, Ilker 3APA3A wrote: | From: 3APA3A <3APA3A () SECURITY NNOV RU> | To: vuln-dev () securityfocus com <vuln-dev () securityfocus com> | Date: Wednesday, October 29, 2003, 8:50:31 PM | Subject: Cisco AS5350 IOS 12.3(1a) OSPF bug? | | ===8<==============Original message text=============== | Dear vuln-dev, | | There is a bug in Cisco IOS, _may be_ with security impact of changing | OSPF routing table from untrusted connection. | | If OSPF is enabled with configuration like | | router ospf 1 | log-adjacency-changes | redistribute connected subnets route-map ospf | redistribute static subnets route-map ospf | network 192.168.100.0 0.0.1.255 area 1 | | OSPF is propagated via multicast (OSPF HELO is active) to _all_ peers | _regardless_ of address (including all async dialup connections). | | Because I have access to only one router in this configuration and | it's in production environment I was not able to check if it's | possible to negotiate OSPF and change route table from async interface | or not. | | passive-interface Group-Async0 | | fixes the problem. | | Tested with Cisco AS5350 flash image c5350-is-mz.123-1a.bin | | 12.2(3) is not vulnerable. | | Can somebody reproduce/confirm this problem and check if it's possible | to set OSPF connection? | -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE/oo8b8/wE0ppYtwURAn4ZAJ9LV9puW2Mfj1KI5z2WOxlKCxmRigCguGbv Gz53InxHugusQL6djRa3S4Y= =2YMv -----END PGP SIGNATURE-----
Current thread:
- Cisco AS5350 IOS 12.3(1a) OSPF bug? 3APA3A (Oct 30)
- Message not available
- Re: Fwd: Cisco AS5350 IOS 12.3(1a) OSPF bug? Ilker Temir (Oct 31)
- Message not available