Avici Systems Inc. Information for VU#784540
BGP implementations do not adequately handle malformed BGP OPEN and UPDATE messages
- Vendor Information Help Date Notified: 06 May 2004
- Statement Date:
- Date Updated: 23 Jun 2004
We have taken the time to analyze the issue and have verified that the Avici product line:
(1) suffers no ill effect when we receive a BGP message as per your
(2) put a descriptive message in our log when this condition occurs.
The message is as follows:
INFORMATION:bgp-updates:BGP peer <ip_address of peer> (External AS
<AS number>): Open message arrived with length 19
The message is then dropped with no ill effect on any Avici product.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.