CVE-2013-5385 - Vulnerability Details - OpenCVE

The OSPF implementation in IBM i 6.1 and 7.1, in z/OS on zSeries servers, and in Networking Operating System (aka NOS, formerly BLADE Operating System) does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	I Z\/os

Configuration 1 [-]

OR	cpe:2.3:o:ibm:i:6.1:::::::*
	cpe:2.3:o:ibm:i:7.1:::::::*
	cpe:2.3:o:ibm:z\/os::::::::

No data.

References

Link	Providers
http://www-01.ibm.com/support/docview.wss?uid=isg3T1019716
http://www-01.ibm.com/support/docview.wss?uid=nas8N1010309
http://www.kb.cert.org/vuls/id/229804
http://www.kb.cert.org/vuls/id/BLUU-985QTG

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2014-01-02T11:00:00

Updated: 2024-08-06T17:06:52.345Z

Reserved: 2013-08-22T00:00:00

Link: CVE-2013-5385

Vulnrichment

No data.

NVD

Status : Modified

Published: 2014-01-02T14:59:03.503

Modified: 2024-11-21T01:57:23.707

Link: CVE-2013-5385

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-07-31T00:00:00", "descriptions": [{"lang": "en", "value": "The OSPF implementation in IBM i 6.1 and 7.1, in z/OS on zSeries servers, and in Networking Operating System (aka NOS, formerly BLADE Operating System) does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-01-23T19:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1010309"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1019716"}, {"name": "VU#229804", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/229804"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kb.cert.org/vuls/id/BLUU-985QTG"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2013-5385", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The OSPF implementation in IBM i 6.1 and 7.1, in z/OS on zSeries servers, and in Networking Operating System (aka NOS, formerly BLADE Operating System) does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1010309", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1010309"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1019716", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1019716"}, {"name": "VU#229804", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/229804"}, {"name": "http://www.kb.cert.org/vuls/id/BLUU-985QTG", "refsource": "CONFIRM", "url": "http://www.kb.cert.org/vuls/id/BLUU-985QTG"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T17:06:52.345Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1010309"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1019716"}, {"name": "VU#229804", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/229804"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/BLUU-985QTG"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2013-5385", "datePublished": "2014-01-02T11:00:00", "dateReserved": "2013-08-22T00:00:00", "dateUpdated": "2024-08-06T17:06:52.345Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:i:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "912719C3-463E-4E8E-9FC9-23BEF3942A0F", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:i:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "75F0F975-DD09-4851-A536-1B8484715FEE", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:z\\/os:*:*:*:*:*:*:*:*", "matchCriteriaId": "28A9DB7F-187D-42BA-B271-1C302E529BFB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The OSPF implementation in IBM i 6.1 and 7.1, in z/OS on zSeries servers, and in Networking Operating System (aka NOS, formerly BLADE Operating System) does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149."}, {"lang": "es", "value": "La implementaci\u00f3n OSPF en IBM i versiones 6.1 y 7.1, en z/OS sobre servidores zSeries y en el Networking Operating System (tambi\u00e9n se conoce como NOS, anteriormente BLADE Operating System), no comprueba apropiadamente Link State Advertisement (LSA ) los paquetes del tipo 1 antes de realizar las operaciones en la base de datos LSA, que permite a los atacantes remotos causar una denegaci\u00f3n de servicio (interrupci\u00f3n del ruteo) u obtener informaci\u00f3n confidencial del paquete por medio de un paquete LSA dise\u00f1ado, un problema relacionado con el CVE-2013-0149."}], "id": "CVE-2013-5385", "lastModified": "2024-11-21T01:57:23.707", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 8.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 7.8, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-01-02T14:59:03.503", "references": [{"source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1019716"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1010309"}, {"source": "psirt@us.ibm.com", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/229804"}, {"source": "psirt@us.ibm.com", "url": "http://www.kb.cert.org/vuls/id/BLUU-985QTG"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1019716"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1010309"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/229804"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.kb.cert.org/vuls/id/BLUU-985QTG"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}