Avici Systems Inc. Information for VU#784540

BGP implementations do not adequately handle malformed BGP OPEN and UPDATE messages

Status

Not Affected

Vendor Statement

We have taken the time to analyze the issue and have verified that the Avici product line:

(1) suffers no ill effect when we receive a BGP message as per your
instructions


(2) put a descriptive message in our log when this condition occurs.

The message is as follows:

INFORMATION:bgp-updates:BGP peer <ip_address of peer> (External AS
<AS number>): Open message arrived with length 19

The message is then dropped with no ill effect on any Avici product.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.