CVE-2013-5385

Name of the Vulnerable Software and Affected Versions IBM i versions 6.1 through 7.1 z/OS on zSeries servers (affected versions not specified) Networking Operating System (NOS) (affected versions not specified)

Description The issue concerns the OSPF implementation, which fails to properly validate Link State Advertisement (LSA) type 1 packets. This allows remote attackers to cause a denial of service, resulting in routing disruption, or obtain sensitive packet information by sending a crafted LSA packet.

Recommendations For IBM i versions 6.1 through 7.1, update the OSPF implementation to properly validate LSA type 1 packets. For z/OS on zSeries servers, apply the necessary configuration changes to the OSPF implementation to prevent the issue. For Networking Operating System (NOS), restrict access to the LSA database until a proper validation mechanism is implemented. As a temporary workaround, consider disabling the OSPF implementation until a patch is available.