oss-sec mailing list archives
Re: CVE Request: BGP protocol vulnerability
From: Florian Weimer <fw () deneb enyo de>
Date: Sun, 29 Aug 2010 15:07:06 +0200
* Kurt Seifried:
The BGP protocol and its various extensions require that BGP peering sessions are terminated when a peer receives a BGP update message which it considers semantically incorrect, leading to a persistent denial-of-service condition if the update is received again after the terminated session is reestablished. (This is not something new at all---we just need to get up, treat it as a vulnerability, and fix it.)This sounds like CVE-2010-3035 http://www.cisco.com/warp/public/707/cisco-sa-20100827-bgp.shtml
In this context, I don't like that the peer on the receiving end resets the session. It's got a significant impact on availability, and the resulting UPDATE churn hurts everybody a little bit. In short, I think there are two bugs: IOS XR producing bad data, and other implementations dealing badly with it.
Current thread:
- CVE Request: BGP protocol vulnerability Florian Weimer (Aug 28)
- Re: CVE Request: BGP protocol vulnerability Kurt Seifried (Aug 28)
- Re: CVE Request: BGP protocol vulnerability Florian Weimer (Aug 29)
- Re: CVE Request: BGP protocol vulnerability Josh Bressers (Aug 30)
- Re: CVE Request: BGP protocol vulnerability Steven M. Christey (Aug 31)
- Re: CVE Request: BGP protocol vulnerability Florian Weimer (Aug 29)
- Re: CVE Request: BGP protocol vulnerability Kurt Seifried (Aug 28)