The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
Check Point response to OSPF LSA spoofing vulnerability (CVE-2013-0149, CVE-2013-7311)
Technical Level
Solution ID
sk94490
Technical Level
Severity
High
Product
Security Gateway
Version
R70, R71, R75, R76
OS
IPSO 6.2, Gaia
Platform / Model
All
Date Created
21-Aug-2013
Last Modified
28-Mar-2016
Symptoms
OSPF protocol implementation is vulnerable to spoofing of Link State Advertisement (LSA) messages.
This OSPF LSA spoofing vulnerability may allow attacker, who controls a router in an Autonomous System to divert traffic, create black holes, etc.
For more details, refer to CVE-2013-0149 and the following resources:
For more details, refer to CVE-2013-7311:
The following Check Point products are affected by this vulnerability:R75.X on Gaia OS with enabled OSPF without MD5 authentication R76 on Gaia OS with enabled OSPF without MD5 authentication R75.X and earlier on IPSO 6.2 OS with enabled OSPF without MD5 authentication R76 on IPSO 6.2 OS with enabled OSPF without MD5 authentication
Customers, who do not use OSPF functionality at all, or use MD5 authentication for OSPF are not affected.
SecurePlatform OS is not affected.
Solution
This problem was fixed. The fix is included in:
Check Point recommends to always upgrade to the most recent version .
For other supported versions , Check Point offers a hotfix for this issue.
Table of Contents:
Hotfix availability
Hotfix is available for:
Other versions must be upgraded to one of the above versions (in order to get the most stable, secure and robust system).
Hotfix installation instructions
Note: Hotfix has to be installed on Security Gateway / each cluster member .
Show / Hide instructions for Gaia OS - R75.47 - using Legacy CLI
Hotfix has to be installed on Security Gateway / each cluster member .
Download this hotfix package:
Transfer the hotfix package to the machine (into some directory, e.g., /some_path_to_fix/
).
Unpack the hotfix package: [Expert@HostName]# cd /some_path_to_fix/
[Expert@HostName]# tar -zxvf Check_Point_OSPF_R75.47_HOTFIX_003.tgz
Install the hotfix: [Expert@HostName]# ./SecurePlatform_HOTFIX_NAME
Note: The script will stop all of Check Point services (cpstop
) - read the output on the screen.
Reboot the machine.
Show / Hide instructions for Gaia OS - freshly installed R76 (not upgraded to R76)
Hotfix has to be installed on Security Gateway / each cluster member .
Download this hotfix package:
Transfer the hotfix package to the machine (into some directory, e.g., /some_path_to_fix/
).
Unpack the hotfix package: [Expert@HostName]# cd /some_path_to_fix/
[Expert@HostName]# tar -zxvf Check_Point_OSPF_R76_HOTFIX_050.tgz
Install the hotfix: [Expert@HostName]# ./SecurePlatform_HOTFIX_NAME
Note: The script will stop all of Check Point services (cpstop
) - read the output on the screen.
Reboot the machine.
Show / Hide instructions for Gaia OS - upgraded to R76
Hotfix has to be installed on Security Gateway / each cluster member .
Check whether other hotfixes for RouteD daemon were installed. Run the following command in Clish: HostName> show routed version
If the RouteD version is not routed-0.1-cp989000090
, then Contact Check Point Support to get a combined Hotfix for this issue (package that will include the current hotfixes and the hotfix for OSPF LSA spoofing vulnerability).
If the RouteD version is routed-0.1-cp989000090
(native version), then install the hotfix - proceed to next step.
Download this hotfix package:
Transfer the hotfix package to the machine (into some directory, e.g., /some_path_to_fix/
).
Unpack the hotfix package: [Expert@HostName]# cd /some_path_to_fix/
[Expert@HostName]# tar -zxvf Check_Point_OSPF_R76_HOTFIX_050.tgz
Install the hotfix (note the "-NODEP
" flag at the end): [Expert@HostName]# ./SecurePlatform_HOTFIX_NAME -NODEP
Note: The script will stop all of Check Point services (cpstop
) - read the output on the screen.
Reboot the machine.
This solution is about products that are no longer supported and it will not be updated
Applies To:
00264533 , 00264538 , 00264548 , 00264549 , 00264550 , 00264551 , 01208862 , 01215316 , 01226524 , 01230962 , 01245947 , 01256991 , 01262863 , 01294048 , 01294051 , 01351878 , 01365797 , 01378649 , 01403734