OSPF Vulnerability - Owning the Routing Table

[jstuppi at cisco.com (John Stuppi (jstuppi))]

Yes, these advisories (from both Cisco and Juniper), covering CVE-2013-0149, are both related to the announcement yesterday (1-Aug) at BlackHat regarding the OSPF LSA Manipulation vulnerability. 

Thanks,
John

?Optimism is the faith that leads to achievement. Nothing can be done without hope and confidence?.


 


John Stuppi, CISSP
Technical Leader
Strategic Security Research
jstuppi at cisco.com
Phone: +1 732 516 5994
Mobile: 732 319 3886

CCIE, Security - 11154
Cisco Systems
Mail Stop INJ01/2/ 
111 Wood Avenue South 
Iselin, New Jersey 08830
United States
Cisco.com



Think before you print.
This email may contain confidential and privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message.
For corporate legal information go to:
http://www.cisco.com/web/about/doing_business/legal/cri/index.html





-----Original Message-----
From: Tassos Chatzithomaoglou [mailto:achatz at forthnetgroup.gr] 
Sent: Friday, August 02, 2013 12:59 PM
To: Glen Kent; nanog at nanog.org
Subject: Re: OSPF Vulnerability - Owning the Routing Table


These were published recently:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130801-lsaospf
http://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2013-08-987&actionBtn=Search

--
Tassos

Glen Kent wrote on 02/08/2013 19:40:
> Hi,
>
> Does anybody have details on what this vulnerability is?
>
> https://www.blackhat.com/us-13/briefings.html#Nakibly
>
> Glen
>