oss-sec mailing list archives
Re: CVE Request: BGP protocol vulnerability
From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 31 Aug 2010 17:42:27 -0400 (EDT)
On Sat, 28 Aug 2010, Kurt Seifried wrote:
The BGP protocol and its various extensions require that BGP peering sessions are terminated when a peer receives a BGP update message which it considers semantically incorrect, leading to a persistent denial-of-service condition if the update is received again after the terminated session is reestablished. (This is not something new at all---we just need to get up, treat it as a vulnerability, and fix it.)This sounds like CVE-2010-3035 http://www.cisco.com/warp/public/707/cisco-sa-20100827-bgp.shtml
The way Cisco has written up this CVE, they are clearly focusing on the generation of corrupted attributes, not a protocol problem. So, I'd want a separate CVE for the general BGP design issue.
or are you talking about another BGP issue? (but in the same "family" as CVE-2009-2055 and CVE-2010-3035).
I can't quite tell the difference between CVE-2009-2055 and what Florian is requesting a CVE for. In CVE-2009-2055, Cisco seems to be implying that it's a problem in XR, not the design of the whole protocol - but it's not immediately clear if they even "fixed" it. The issue at hand is whether we need a new CVE or a rewrite for the old CVE-2009-2055.
- Steve
Current thread:
- CVE Request: BGP protocol vulnerability Florian Weimer (Aug 28)
- Re: CVE Request: BGP protocol vulnerability Kurt Seifried (Aug 28)
- Re: CVE Request: BGP protocol vulnerability Florian Weimer (Aug 29)
- Re: CVE Request: BGP protocol vulnerability Josh Bressers (Aug 30)
- Re: CVE Request: BGP protocol vulnerability Steven M. Christey (Aug 31)
- Re: CVE Request: BGP protocol vulnerability Florian Weimer (Aug 29)
- Re: CVE Request: BGP protocol vulnerability Kurt Seifried (Aug 28)