{"vuid":"VU#229804","idnumber":"229804","name":"Open Shortest Path First (OSPF) Protocol does not specify unique LSA lookup identifiers","keywords":["ospf protocol lsa"],"overview":"The Open Shortest Path First (OSPF) protocol does not specify unique Link State Advertisement (LSA) lookup identifiers, which allow an attacker to intercept traffic or conduct a Denial of Service (DoS) attack.","clean_desc":"CWE-694: Use of Multiple Resources with a Duplicate Identifier\nThe OSPF protocol requires LSA's to be identified by: LS Type, Advertising Router, and Link State ID. However, during the routing table calculation phase, the specification states that a LSA is queried in the LSA database \nusing only the Link State ID. Since the Link State ID is used in the LSA database to identify a particular router, a malformed duplicate entry can cause unexpected and insecure implementation-specific behavior. In some implementations, the vulnerability can allow an attacker to subvert the routing table of victim router by sending false link state advertisements on behalf of other routers. This subversion can cause the victim router \nto drop the entire table (denial of service) or to re-route traffic on the network.","impact":"This vulnerability can allow an attacker to re-route traffic, compromising the confidentiality of the data, or to conduct a denial-of-service attack against a router, dropping all traffic.","resolution":"Install Updates\nThe OSPF protocol is a popular interior routing protocol that is used by many devices and manufacturers. This vulnerability is implementation-specific, so some vendors may not be affected. The list below contains known affected or non-affected vendors. Please consult your network equipment vendor to confirm how they are affected by this vulnerability.","workarounds":"","sysaffected":"","thanks":"Thanks to Dr. Gabi Nakibly for reporting this vulnerability.","author":"This document was written by Chris King.","public":["http://tools.ietf.org/html/rfc2328","http://en.wikipedia.org/wiki/Open_Shortest_Path_First"],"cveids":["CVE-2013-0149"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2013-04-17T17:50:30Z","publicdate":"2013-08-01T00:00:00Z","datefirstpublished":"2013-08-02T00:29:46Z","dateupdated":"2013-12-06T18:59:20Z","revision":58,"vrda_d1_directreport":"1","vrda_d1_population":"4","vrda_d1_impact":"4","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"A","cvss_accesscomplexity":"M","cvss_authentication":null,"cvss_confidentialityimpact":"P","cvss_integrityimpact":"P","cvss_availabilityimpact":"P","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"MH","cvss_targetdistribution":"M","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"H","cvss_basescore":"5.4","cvss_basevector":"AV:A/AC:M/Au:N/C:P/I:P/A:P","cvss_temporalscore":"4.2","cvss_environmentalscore":"5.09070479220578","cvss_environmentalvector":"CDP:MH/TD:M/CR:ND/IR:ND/AR:H","metric":0.0,"vulnote":null}