diff options
author | David Lamparter <equinox@diac24.net> | 2013-08-02 07:27:53 +0000 |
---|---|---|
committer | David Lamparter <equinox@opensourcerouting.org> | 2013-08-06 12:41:46 +0200 |
commit | 23cd8fb7133befdb84b3a918f7b2f6147161ac6e (patch) | |
tree | b8ef335dcbc2051a5017aa50bc4b759882b638d2 /HACKING.pending | |
parent | a12afd5e8e57c95505d4d0166af234c7f19e9fe1 (diff) |
ospfd: protect vs. VU#229804 (malformed Router-LSA)
VU#229804 reports that, by injecting Router LSAs with the Advertising
Router ID different from the Link State ID, OSPF implementations can be
tricked into retaining and using invalid information.
Quagga is not vulnerable to this because it looks up Router LSAs by
(Router-ID, LS-ID) pair. The relevant code is in ospf_lsa.c l.3140.
Note the double "id" parameter at the end.
Still, we can provide an improvement here by discarding such malformed
LSAs and providing a warning to the administrator. While we cannot
prevent such malformed LSAs from entering the OSPF domain, we can
certainly try to limit their distribution.
cf. http://www.kb.cert.org/vuls/id/229804 for the vulnerability report.
This issue is a specification issue in the OSPF protocol that was
discovered by Dr. Gabi Nakibly.
Reported-by: CERT Coordination Center <cert@cert.org>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Diffstat (limited to 'HACKING.pending')
0 files changed, 0 insertions, 0 deletions