CVE-2013-7311

Summary

CVE	CVE-2013-7311
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2014-01-23 17:55:00 UTC
Updated	2014-01-23 19:40:00 UTC
Description	The OSPF implementation in Check Point Gaia OS R75.X and R76 and IPSO OS 6.2 R75.X and R76 does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.

Risk And Classification

Problem Types: NVD-CWE-Other

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Checkpoint	Gaia Os	r75.0	All	All	All
Operating System	Checkpoint	Gaia Os	r76.0	All	All	All
Operating System	Checkpoint	Gaia Os	r75.0	All	All	All
Operating System	Checkpoint	Gaia Os	r76.0	All	All	All
Operating System	Checkpoint	Ipso Os	6.2	All	All	All
Operating System	Checkpoint	Ipso Os	6.2	All	All	All

References

Reference	Source	Link	Tags
Check Point Software Technologies Information for VU#229804	CONFIRM	www.kb.cert.org	US Government Resource
Check Point response to OSPF LSA spoofing vulnerability (CVE-2013-0149, CVE-2013-7311)	CONFIRM	supportcenter.checkpoint.com	Vendor Advisory
Vulnerability Note VU#229804 - Open Shortest Path First (OSPF) Protocol does not specify unique LSA lookup identifers	CERT-VN	www.kb.cert.org	US Government Resource
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.