First published: Thu Jan 02 2014(Updated: )
The OSPF implementation in IBM i 6.1 and 7.1, in z/OS on zSeries servers, and in Networking Operating System (aka NOS, formerly BLADE Operating System) does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM iSeries AS/400 | =6.1 | |
IBM iSeries AS/400 | =7.1 | |
IBM z/OS |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2013-5385 is classified as a high severity vulnerability due to its potential for remote exploitation.
To fix CVE-2013-5385, ensure that your IBM i systems are updated to the latest patches provided by IBM.
CVE-2013-5385 affects IBM i versions 6.1 and 7.1, and IBM z/OS on zSeries servers.
CVE-2013-5385 is a vulnerability related to improper validation of Link State Advertisement packets in the OSPF implementation.
Yes, CVE-2013-5385 allows for remote attackers to exploit the vulnerability by sending specially crafted LSA type 1 packets.