Cisco routers use the Open Shortest Path First (OSPF) protocol to exchange information about changes in the routing tables.
Modern Cisco routers also include the Service Assurance Agent (SAA), formerly known as the Response Time Reporter (RTR). This feature, if enabled, allows the router to monitor network performance by taking periodic measurements of the response time between two points on the network. Some of the measurements require the RTR Responder service to be running on the remote node. This service is not enabled by default.
3/5/03
CAN 2003-0100
Due to a buffer overflow condition in the processing of
malformed OSPF packets, it could be possible for a remote
attacker to create a denial of service or take control
of a router by sending it more than 255 OSPF neighbor
announcements. Cisco IOS 11.1 through 12.0.7 are affected
by this vulnerability.
5/20/03
CAN 2003-0305
A flaw in the processing of RTR packets could allow a remote
attacker to crash the router by sending a malformed packet
to port 1967/udp. The router is only vulnerable to this
attack if the RTR Responder service is enabled. Various
releases of Cisco IOS 12.0 through 12.2 are affected by
this vulnerability.