CVE-2013-5385
IBM i 6.1 and 7.1 - Denial of Service via OSPF LSA Packet Handling
Title source: llmDescription
The OSPF implementation in IBM i 6.1 and 7.1, in z/OS on zSeries servers, and in Networking Operating System (aka NOS, formerly BLADE Operating System) does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=nas8N1010309
Various Sources x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=isg3T1019716
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/229804
Third Party Advisory, US Government Resource x_refsource_confirm
http://www.kb.cert.org/vuls/id/BLUU-985QTG
Scores
EPSS
0.0347
EPSS Percentile
87.7%
Details
CWE
CWE-20
Status
published
Products (3)
ibm/i
6.1
ibm/i
7.1
ibm/z\/os
Published
Jan 02, 2014
Tracked Since
Feb 18, 2026