Overview
Cisco Internetwork Operating System (IOS) is the operating system for the majority of Cisco routers. Open Shortest-Path First (OSPF) is a interior routing protocol. A flaw in some Cisco IOS versions can allow a buffer overflow when handling a large number of OSPF neighbor connection requests.
Description
In OSPF (defined by RFC 1247), adjacent routers connect as "neighbors" to exchange routing information. Older versions of Cisco IOS, specifically v11.1 through 12.0, do not securely handle a large number of neighbors (more than 255). If an attacker configures more than 255 hosts (or spoofs that many) to try to become OSPF neighbors of a router running a vulnerable version of Cisco IOS, a table overflows. An attacker must be able to send OSPF packets to the router. |
Impact
An attacker can cause a denial of service. It may be possible to execute arbitrary shell code. |
Solution
Upgrade Upgrade to a version of IOS after v12.0. |
|
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- http://www.phenoelit.de/stuff/19C3.pdf
- http://www.cisco.com/warp/public/707/cisco-sn-20030221-ospf.shtml
- http://www.securityfocus.com/archive/1/312510
- http://www.securityfocus.com/archive/1/312802
- http://secunia.com/advisories/8130/
- http://www.osvdb.org/displayvuln.php?osvdb_id=6455
- http://www.securityfocus.com/bid/6895
- http://xforce.iss.net/xforce/xfdb/11373
Acknowledgements
This issue was first reported by FX of Phenoelit Group.
This document was written by Hal Burch.
Other Information
| CVE IDs: | CVE-2003-0100 |
| Severity Metric: | 43.20 |
| Date Public: | 2002-12-27 |
| Date First Published: | 2005-08-02 |
| Date Last Updated: | 2005-08-31 18:31 UTC |
| Document Revision: | 30 |