ospfd: address CVE-2017-3224 - matthieu/frr.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Chirag Shah <chirag@cumulusnetworks.com>	2019-01-25 17:21:24 -0800
committer	Philippe Guibert <philippe.guibert@6wind.com>	2019-02-18 16:00:57 +0100
commit	7791d3deab8f4bbee2ccdd98ea596617536bc681 (patch)
tree	ff413bbd018b5f5a9499ea1617d457716fa2ff0e /tools/render_md.py
parent	8862b2f86ff7671bc60276c2dd6bf3aa9496c7c3 (diff)

ospfd: address CVE-2017-3224

Based on the vulnerability mentioned in 793496 an attacker can craft an LSA with MaxSequence number wtih invalid links and not set age to MAX_AGE so the lsa would not be flush from the database. To address the issue, check incoming LSA is MaxSeq but Age is not set to MAX_AGE 3600, discard the LSA from processing it. Based on RFC-2328 , When a LSA update sequence reaches MaxSequence number, it should be prematurely aged out from the database with age set to MAX_AGE (3600). Ticket:CM-18989 Reviewed By: Testing Done: Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>

Diffstat (limited to 'tools/render_md.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: