CVE-2013-0149 Information

Description

The OSPF implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.3 IOS-XE 2.x through 3.9.xS ASA and PIX 7.x through 9.1 FWSM NX-OS and StarOS before 14.0.50488 does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a (1) unicast or (2) multicast packet aka Bug IDs CSCug34485 CSCug34469 CSCug39762 CSCug63304 and CSCug39795.

Reference

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130801-lsaospf http://www.kb.cert.org/vuls/id/229804