ISS X-Force Database: cisco-ios-ospf-bo(11373): Cisco IOS OSPF neighbor buffer overflow

Cisco IOS OSPF neighbor buffer overflow

cisco-ios-ospf-bo (11373)

High Risk

Description:

Multiple Cisco routers are vulnerable to a buffer overflow, caused by improper handling of multiple Open Shortest Path First (OSPF) protocol packets. By sending 255 or more OSPF neighbor packets to an affected router, a remote attacker could overflow a buffer and execute arbitrary shell code to gain complete control over the router.

Consequences:

Gain Access

Remedy:

Upgrade to one of the fixed versions of Cisco IOS, as listed below. Contact Cisco Technical Support for information on obtaining an upgrade. See References.

12.0(19)S or later
12.0(19)ST or later
12.1(1) or later
12.1(1)DB or later
12.1(1)DC or later
12.1(1)T or later

References:

BugTraq Mailing List, Fri Feb 21 2003 - 16:29:50 CST: Re: Cisco IOS OSPF exploit.
BugTraq Mailing List, Thu Feb 20 2003 - 10:45:19 CST : Cisco IOS OSPF exploit .
Cisco Systems, Inc. Web site: Technical Support - Cisco Systems.
Phenolit Web site: Attacking networked embedded systems. (Refer to pages 51-55.)
BID-6895: Cisco IOS OSPF Neighbor Buffer Overflow Vulnerability
CVE-2003-0100: Buffer overflow in Cisco IOS 11.2.x to 12.0.x allows remote attackers to cause a denial of service and possibly execute commands via a large number of OSPF neighbor announcements.
US-CERT VU#959203: Cisco IOS OSPF neighbor IO buffer overflow

Platforms Affected:

Cisco IOS 11.1
Cisco IOS 11.1(13)
Cisco IOS 11.1(13)AA
Cisco IOS 11.1(13)CA
Cisco IOS 11.1(13)IA
Cisco IOS 11.1(15)AA
Cisco IOS 11.1(15)CA
Cisco IOS 11.1(15)IA
Cisco IOS 11.1(16)AA
Cisco IOS 11.1(16)IA
Cisco IOS 11.1(17)CC
Cisco IOS 11.1(17)CT
Cisco IOS 11.1(20)AA4
Cisco IOS 11.1(24A)
Cisco IOS 11.1(24B)
Cisco IOS 11.1(28A)CT
Cisco IOS 11.1(28A)IA
Cisco IOS 11.1(36)CA2
Cisco IOS 11.1(36)CC2
Cisco IOS 11.1(36)CC4
Cisco IOS 11.1(7)AA
Cisco IOS 11.1(7)CA
Cisco IOS 11.1(9)IA
Cisco IOS 11.1AA
Cisco IOS 11.1CA
Cisco IOS 11.1CC
Cisco IOS 11.1CT
Cisco IOS 11.1IA
Cisco IOS 11.2
Cisco IOS 11.2(10)BC
Cisco IOS 11.2(11B)T2
Cisco IOS 11.2(17)
Cisco IOS 11.2(19)GS0.2
Cisco IOS 11.2(19A)GS6
Cisco IOS 11.2(23A)BC1
Cisco IOS 11.2(26)P2
Cisco IOS 11.2(26A)
Cisco IOS 11.2(26B)
Cisco IOS 11.2(4)
Cisco IOS 11.2(4)F
Cisco IOS 11.2(4)F1
Cisco IOS 11.2(4)XA
Cisco IOS 11.2(4)XAF
Cisco IOS 11.2(8)P
Cisco IOS 11.2(8)SA1
Cisco IOS 11.2(8)SA3
Cisco IOS 11.2(8)SA5
Cisco IOS 11.2(8.9)SA6
Cisco IOS 11.2(9)P
Cisco IOS 11.2(9)XA
Cisco IOS 11.2BC
Cisco IOS 11.2F
Cisco IOS 11.2GS
Cisco IOS 11.2P
Cisco IOS 11.2SA
Cisco IOS 11.2WA3
Cisco IOS 11.2WA4
Cisco IOS 11.2XA
Cisco IOS 11.3
Cisco IOS 11.3(1)ED
Cisco IOS 11.3(1)T
Cisco IOS 11.3(11)B
Cisco IOS 11.3(11B)
Cisco IOS 11.3(11B)T2
Cisco IOS 11.3(11C)
Cisco IOS 11.3(2)XA
Cisco IOS 11.3(7)DB1
Cisco IOS 11.3(8)DB2
Cisco IOS 11.3AA
Cisco IOS 11.3DA
Cisco IOS 11.3DB
Cisco IOS 11.3HA
Cisco IOS 11.3MA
Cisco IOS 11.3NA
Cisco IOS 11.3T
Cisco IOS 11.3WA4
Cisco IOS 11.3XA
Cisco IOS 12.0
Cisco IOS 12.0(1)
Cisco IOS 12.0(1)W
Cisco IOS 12.0(1)XA3
Cisco IOS 12.0(1)XB
Cisco IOS 12.0(1)XE
Cisco IOS 12.0(10)S7
Cisco IOS 12.0(10)W5
Cisco IOS 12.0(10)W5(18F)
Cisco IOS 12.0(10)W5(18G)
Cisco IOS 12.0(10A)
Cisco IOS 12.0(11)S6
Cisco IOS 12.0(11)ST4
Cisco IOS 12.0(11A)
Cisco IOS 12.0(12)S3
Cisco IOS 12.0(12A)
Cisco IOS 12.0(13)S6
Cisco IOS 12.0(13)W5(19C)
Cisco IOS 12.0(13)WT6(1)
Cisco IOS 12.0(13A)
Cisco IOS 12.0(14)S7
Cisco IOS 12.0(14)ST
Cisco IOS 12.0(14)ST3
Cisco IOS 12.0(14)W5(20)
Cisco IOS 12.0(14A)
Cisco IOS 12.0(15)S3
Cisco IOS 12.0(15)S6
Cisco IOS 12.0(15A)
Cisco IOS 12.0(16)S8
Cisco IOS 12.0(16)SC3
Cisco IOS 12.0(16)ST1
Cisco IOS 12.0(16)W5(21)
Cisco IOS 12.0(16.06)S
Cisco IOS 12.0(16A)
Cisco IOS 12.0(17)
Cisco IOS 12.0(17)S
Cisco IOS 12.0(17)S4
Cisco IOS 12.0(17)SL2
Cisco IOS 12.0(17)SL6
Cisco IOS 12.0(17)ST1
Cisco IOS 12.0(17)ST5
Cisco IOS 12.0(17A)
Cisco IOS 12.0(18)S
Cisco IOS 12.0(18)S5
Cisco IOS 12.0(18)ST1
Cisco IOS 12.0(18)W5(22B)
Cisco IOS 12.0(18B)
Cisco IOS 12.0(2)
Cisco IOS 12.0(2)XC
Cisco IOS 12.0(2)XD
Cisco IOS 12.0(2)XE
Cisco IOS 12.0(2)XF
Cisco IOS 12.0(2)XG
Cisco IOS 12.0(2B)
Cisco IOS 12.0(3)
Cisco IOS 12.0(3)T2
Cisco IOS 12.0(3D)
Cisco IOS 12.0(4)S
Cisco IOS 12.0(4)T
Cisco IOS 12.0(4)XE
Cisco IOS 12.0(4)XE1
Cisco IOS 12.0(4)XM
Cisco IOS 12.0(4)XM1
Cisco IOS 12.0(5)T
Cisco IOS 12.0(5)T1
Cisco IOS 12.0(5)WC
Cisco IOS 12.0(5)WC2
Cisco IOS 12.0(5)WC2B
Cisco IOS 12.0(5)WC3
Cisco IOS 12.0(5)WC3B
Cisco IOS 12.0(5)WX
Cisco IOS 12.0(5)XE
Cisco IOS 12.0(5)XK
Cisco IOS 12.0(5)XK2
Cisco IOS 12.0(5)XN
Cisco IOS 12.0(5)XN1
Cisco IOS 12.0(5)XS
Cisco IOS 12.0(5)XU
Cisco IOS 12.0(5)YB4
Cisco IOS 12.0(5.1)XP
Cisco IOS 12.0(5.2)XU
Cisco IOS 12.0(5.3)WC1
Cisco IOS 12.0(5.4)WC1
Cisco IOS 12.0(6B)
Cisco IOS 12.0(7)DB2
Cisco IOS 12.0(7)DC1
Cisco IOS 12.0(7)S1
Cisco IOS 12.0(7)SC
Cisco IOS 12.0(7)T
Cisco IOS 12.0(7)T2
Cisco IOS 12.0(7)WX5(15A)
Cisco IOS 12.0(7)XE
Cisco IOS 12.0(7)XE2
Cisco IOS 12.0(7)XF
Cisco IOS 12.0(7)XF1
Cisco IOS 12.0(7)XK
Cisco IOS 12.0(7)XK3
Cisco IOS 12.0(7)XV
Cisco IOS 12.0(7.4)S
Cisco IOS 12.0(7A)
Cisco IOS 12.0(8)
Cisco IOS 12.0(8)S1
Cisco IOS 12.0(8.0.2)S
Cisco IOS 12.0(8.3)SC
Cisco IOS 12.0(8A)
Cisco IOS 12.0(9)
Cisco IOS 12.0(9)S
Cisco IOS 12.0(9)S8
Cisco IOS 12.0(9A)
Cisco IOS 12.0DA
Cisco IOS 12.0DB
Cisco IOS 12.0DC
Cisco IOS 12.0S
Cisco IOS 12.0SC
Cisco IOS 12.0SL
Cisco IOS 12.0SP
Cisco IOS 12.0ST
Cisco IOS 12.0SX
Cisco IOS 12.0T
Cisco IOS 12.0W5
Cisco IOS 12.0WC
Cisco IOS 12.0WT
Cisco IOS 12.0WX
Cisco IOS 12.0XA
Cisco IOS 12.0XB
Cisco IOS 12.0XC
Cisco IOS 12.0XD
Cisco IOS 12.0XE
Cisco IOS 12.0XF
Cisco IOS 12.0XG
Cisco IOS 12.0XH
Cisco IOS 12.0XI
Cisco IOS 12.0XJ
Cisco IOS 12.0XK
Cisco IOS 12.0XL
Cisco IOS 12.0XM
Cisco IOS 12.0XN
Cisco IOS 12.0XP
Cisco IOS 12.0XQ
Cisco IOS 12.0XR
Cisco IOS 12.0XS
Cisco IOS 12.0XU
Cisco IOS 12.0XV
Cisco IOS 12.0XW

Reported:

Feb 20, 2003

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page