‘Cisco IOS XR Software Border Gateway Protocol Vulnerability’
‘The original article can be found at: http://www.cisco.com/warp/public/707/cisco-sa-20100827-bgp.shtml‘
* Cisco IOS XR devices configured with the BGP routing feature
* Cisco IOS Software
* Cisco IOS XR Software not configured for BGP routing
The vulnerability manifests itself when a BGP peer announces a prefix with a specific, valid but unrecognized transitive attribute. On receipt of this prefix, the Cisco IOS XR device will corrupt the attribute before sending it to the neighboring devices. Neighboring devices that receive this corrupted update may reset the BGP peering session. Affected devices running Cisco IOS XR Software corrupt the unrecognized attribute before sending to neighboring devices, but neighboring devices may be running operating systems other than Cisco IOS XR Software and may still reset the BGP peering session after receiving the corrupted update. This is per RFC 4271 that defines the operation of BGP.
After an affected device running Cisco IOS XR Software sends a corrupted update, it will receive a notification from the neighboring router and will create a log message like the following example:
bgp: %ROUTING-BGP-5-ADJCHANGE : neighbor 172.16.1.251 Down – BGP Notification received: update malformed
There are no workarounds to proactively mitigate this vulnerability. If a route flap is observed, the prefix with the unrecognized attribute can be filtered.
For further information on filtering on Cisco IOS XR Software, please consult the document ‘Implementing Routing Policy on Cisco IOS XR Software’ at the following link:
2010-August-27 Initial public release’