Yes, these advisories (from both Cisco and Juniper), covering CVE-2013-0149, are both related to the announcement yesterday (1-Aug) at BlackHat regarding the OSPF LSA Manipulation vulnerability. Thanks, John “Optimism is the faith that leads to achievement. Nothing can be done without hope and confidence”. John Stuppi, CISSP Technical Leader Strategic Security Research jstuppi@cisco.com Phone: +1 732 516 5994 Mobile: 732 319 3886 CCIE, Security - 11154 Cisco Systems Mail Stop INJ01/2/ 111 Wood Avenue South Iselin, New Jersey 08830 United States Cisco.com Think before you print. This email may contain confidential and privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message. For corporate legal information go to: http://www.cisco.com/web/about/doing_business/legal/cri/index.html -----Original Message----- From: Tassos Chatzithomaoglou [mailto:achatz@forthnetgroup.gr] Sent: Friday, August 02, 2013 12:59 PM To: Glen Kent; nanog@nanog.org Subject: Re: OSPF Vulnerability - Owning the Routing Table These were published recently: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-s... http://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2013-08-987&actionBtn=Search -- Tassos Glen Kent wrote on 02/08/2013 19:40:
Does anybody have details on what this vulnerability is?