CVE-2013-5385

IBM i 6.1 and 7.1 - Denial of Service via OSPF LSA Packet Handling

Title source: llm
STIX 2.1

Description

The OSPF implementation in IBM i 6.1 and 7.1, in z/OS on zSeries servers, and in Networking Operating System (aka NOS, formerly BLADE Operating System) does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.

References (4)

Core 4
Core References
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/229804
Third Party Advisory, US Government Resource x_refsource_confirm
http://www.kb.cert.org/vuls/id/BLUU-985QTG

Scores

EPSS 0.0347
EPSS Percentile 87.7%

Details

CWE
CWE-20
Status published
Products (3)
ibm/i 6.1
ibm/i 7.1
ibm/z\/os
Published Jan 02, 2014
Tracked Since Feb 18, 2026