[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Fwd: Cisco AS5350 IOS 12.3(1a) OSPF bug?
-----BEGIN PGP SIGNED MESSAGE-----
This e-mail is in response to the e-mail posted by 3APA3A to
vuln-dev@xxxxxxxxxxxxxxxxxx The original message can be found at
OSPF is enabled on an interface if the IP address of that interface is
covered by the network command. OSPF hello packets are sent on all OSPF
enabled interfaces unless they are defined as passive. This also applies
to the interfaces that are configured as unnumbered interfaces.
Therefore the behavior you observed in 12.3(1a) is expected.
The interfaces that are defined as unnumbered were excluded from the
OSPF process in older implementations of IOS. This behavior is changed
by the Cisco Bug ID CSCds04548 (OSPF does not work with unnumbered
| From: 3APA3A <3APA3A@xxxxxxxxxxxxxxxx>
| To: vuln-dev@xxxxxxxxxxxxxxxxx <vuln-dev@xxxxxxxxxxxxxxxxx>
| Date: Wednesday, October 29, 2003, 8:50:31 PM
| Subject: Cisco AS5350 IOS 12.3(1a) OSPF bug?
| ===8<==============Original message text===============
| Dear vuln-dev,
| There is a bug in Cisco IOS, _may be_ with security impact of changing
| OSPF routing table from untrusted connection.
| If OSPF is enabled with configuration like
| router ospf 1
| redistribute connected subnets route-map ospf
| redistribute static subnets route-map ospf
| network 192.168.100.0 0.0.1.255 area 1
| OSPF is propagated via multicast (OSPF HELO is active) to _all_ peers
| _regardless_ of address (including all async dialup connections).
| Because I have access to only one router in this configuration and
| it's in production environment I was not able to check if it's
| possible to negotiate OSPF and change route table from async interface
| or not.
| passive-interface Group-Async0
| fixes the problem.
| Tested with Cisco AS5350 flash image c5350-is-mz.123-1a.bin
| 12.2(3) is not vulnerable.
| Can somebody reproduce/confirm this problem and check if it's possible
| to set OSPF connection?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
-----END PGP SIGNATURE-----