CVE-2013-5385
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The OSPF implementation in IBM i 6.1 and 7.1, in z/OS on zSeries servers, and in Networking Operating System (aka NOS, formerly BLADE Operating System) does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.
La implementación OSPF en IBM i versiones 6.1 y 7.1, en z/OS sobre servidores zSeries y en el Networking Operating System (también se conoce como NOS, anteriormente BLADE Operating System), no comprueba apropiadamente Link State Advertisement (LSA ) los paquetes del tipo 1 antes de realizar las operaciones en la base de datos LSA, que permite a los atacantes remotos causar una denegación de servicio (interrupción del ruteo) u obtener información confidencial del paquete por medio de un paquete LSA diseñado, un problema relacionado con el CVE-2013-0149.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-08-22 CVE Reserved
- 2014-01-02 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=isg3T1019716 | X_refsource_confirm | |
| http://www.kb.cert.org/vuls/id/229804 | Third Party Advisory |
|
| http://www.kb.cert.org/vuls/id/BLUU-985QTG | X_refsource_confirm |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=nas8N1010309 | 2014-01-28 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ibm Search vendor "Ibm" | I Search vendor "Ibm" for product "I" | 6.1 Search vendor "Ibm" for product "I" and version "6.1" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | I Search vendor "Ibm" for product "I" | 7.1 Search vendor "Ibm" for product "I" and version "7.1" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Z\/os Search vendor "Ibm" for product "Z\/os" | * | - |
Affected
| ||||||