OSPF Vulnerability - Owning the Routing Table

Jeff Tantsura jeff.tantsura at ericsson.com
Sat Aug 3 21:09:13 UTC 2013


Hi,

As for Ericsson (Redback) products.
We found the issue quite some time ago and fixed it immediately.
Smart Edge code base (SEOS) has been fixed  back to the release 6.3
SSR code base (IPOS) - not affected.

Please let me know if you have got any questions.

Regards,
Jeff

On Aug 3, 2013, at 10:25, "excelsio at gmx.com" <excelsio at gmx.com> wrote:

> So, only Cisco and Juniper are hit by this one? What about "the rest"?
> Michael
> 
> 
> Am 02.08.2013 21:34, schrieb John Stuppi (jstuppi):
>> Yes, these advisories (from both Cisco and Juniper), covering CVE-2013-0149, are both related to the announcement yesterday (1-Aug) at BlackHat regarding the OSPF LSA Manipulation vulnerability. 
>> 
>> Thanks,
>> John
>> 
>> “Optimism is the faith that leads to achievement. Nothing can be done without hope and confidence”.
>> 
>> 
>> 
>> 
>> 
>> John Stuppi, CISSP
>> Technical Leader
>> Strategic Security Research
>> jstuppi at cisco.com
>> Phone: +1 732 516 5994
>> Mobile: 732 319 3886
>> 
>> CCIE, Security - 11154
>> Cisco Systems
>> Mail Stop INJ01/2/ 
>> 111 Wood Avenue South 
>> Iselin, New Jersey 08830
>> United States
>> Cisco.com
> 
> 



More information about the NANOG mailing list