Hi,
Does anybody have details on what this vulnerability is?
https://www.blackhat.com/us-13/briefings.html#Nakibly
Glen
Cisco published an advisory on OSPF vulnerability yesterday I think. I
assume it's related.
OSPFv3 is not vulnerable, and connections protected by MD5 are safe too,
apparently.
Aled
On 2 August 2013 17:40, Glen Kent wrote:
> Hi,
>
> Does anybody have details on what this vulnerability is?
>
These were published recently:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130801-lsaospf
http://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2013-08-987&actionBtn=Search
--
Tassos
Glen Kent wrote on 02/08/2013 19:40:
> Hi,
>
> Does anybody have de
Glen Kent wrote:
Hi,
Does anybody have details on what this vulnerability is?
https://www.blackhat.com/us-13/briefings.html#Nakibly
Glen
Could it be related to:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130801-lsaospf
announced very recently?
There i
: Glen Kent; nanog@nanog.org
Subject: Re: OSPF Vulnerability - Owning the Routing Table
These were published recently:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130801-lsaospf
http://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2013-08-987&actio
So, only Cisco and Juniper are hit by this one? What about "the rest"?
Michael
Am 02.08.2013 21:34, schrieb John Stuppi (jstuppi):
> Yes, these advisories (from both Cisco and Juniper), covering CVE-2013-0149,
> are both related to the announcement yesterday (1-Aug) at BlackHat regarding
> the
Hi,
As for Ericsson (Redback) products.
We found the issue quite some time ago and fixed it immediately.
Smart Edge code base (SEOS) has been fixed back to the release 6.3
SSR code base (IPOS) - not affected.
Please let me know if you have got any questions.
Regards,
Jeff
On Aug 3, 2013, at 10
On 8/2/13, Aled Morris wrote:
> Cisco published an advisory on OSPF vulnerability yesterday I think. I
> assume it's related.
OSPF is a dynamic routing protocol. It automatically discovers
neighbors on a multi-access segment claiming to be routers.
In what way could it possibly be unexpected th
On (2013-08-03 18:38 -0500), Jimmy Hess wrote:
> That's not news to me, but fully expected.
> Do the vendors /really/ have a code fix to what would seem to be an
> inherent problem; if you failed to properly secure your OSPF
> implementation (via MD5 authentication)?
It is news to me. It's des
On 8/4/13, Saku Ytti wrote:
> On (2013-08-03 18:38 -0500), Jimmy Hess wrote:
>
>> That's not news to me, but fully expected.
>> Do the vendors /really/ have a code fix to what would seem to be an
>> inherent problem; if you failed to properly secure your OSPF
>> implementation (via MD5 authenti
On (2013-08-04 05:01 -0500), Jimmy Hess wrote:
> I would say the risk score of the advisory is overstated. And if you
> think "ospf is secure" against LAN activity after any patch, that
> would be wishful thinking. Someone just rediscovered one of the
> countless innumerable holes in the back o
Agree, that't why using p2p has been mentioned as BCP in networking "howto's"
for at least last 10 years.
Regards,
Jeff
On Aug 4, 2013, at 3:14 AM, "Saku Ytti" wrote:
> On (2013-08-04 05:01 -0500), Jimmy Hess wrote:
>
>> I would say the risk score of the advisory is overstated. And if you
>
I was forwarded a link to a blog post that vividly describes the attack.
Sharing it with others in case they're interested ..
http://routingfreak.wordpress.com/2013/09/09/how-bad-is-the-ospf-vulnerability-exposed-by-black-hat/
Glen
On Fri, Aug 2, 2013 at 10:10 PM, Glen Kent wrote:
> Hi,
>
> D
13 matches
Mail list logo
