‘Cisco IOS XR Software Border Gateway Protocol Vulnerability’

Summary

Cisco IOS XR Software contains a vulnerability in the Border Gateway Protocol (BGP) feature.’

Credit:

‘The original article can be found at: http://www.cisco.com/warp/public/707/cisco-sa-20100827-bgp.shtml


Details

Vulnerable Systems:
 * Cisco IOS XR devices configured with the BGP routing feature

Immune Systems:
 * Cisco IOS Software
 * Cisco IOS XR Software not configured for BGP routing

The vulnerability manifests itself when a BGP peer announces a prefix with a specific, valid but unrecognized transitive attribute. On receipt of this prefix, the Cisco IOS XR device will corrupt the attribute before sending it to the neighboring devices. Neighboring devices that receive this corrupted update may reset the BGP peering session. Affected devices running Cisco IOS XR Software corrupt the unrecognized attribute before sending to neighboring devices, but neighboring devices may be running operating systems other than Cisco IOS XR Software and may still reset the BGP peering session after receiving the corrupted update. This is per RFC 4271 that defines the operation of BGP.

After an affected device running Cisco IOS XR Software sends a corrupted update, it will receive a notification from the neighboring router and will create a log message like the following example:

bgp[122]: %ROUTING-BGP-5-ADJCHANGE : neighbor 172.16.1.251 Down – BGP Notification received: update malformed

Workaround:
There are no workarounds to proactively mitigate this vulnerability. If a route flap is observed, the prefix with the unrecognized attribute can be filtered.

For further information on filtering on Cisco IOS XR Software, please consult the document ‘Implementing Routing Policy on Cisco IOS XR Software’ at the following link:
http://www.cisco.com/en/US/docs/ios_xr_sw/iosxr_r3.0/routing/configuration/guide/rc3rpl.html#wp1118699.

CVE Information:
CVE-2010-3035

Disclosure Timeline:
2010-August-27 Initial public release’

Categories: News