Vulnerability Note VU#784540
BGP implementations do not adequately handle malformed BGP OPEN and UPDATE messages
Multiple implementations of the Border Gateway Protocol (BGP) contain vulnerabilities related to the processing of UPDATE and OPEN messages. The impacts of these vulnerabilities appear to be limited to denial of service.
BGP (RFC 1771) is designed to exchange network reachability information between peer nodes. Information advertised by a BGP system to its peers includes timers, metrics, and paths to different Autonomous System (AS) networks. Routing between AS networks depends on BGP, and the Internet is a network of AS networks. Therefore, vulnerabilities in BGP have the potential to affect the Internet infrastructure.
Multiple BGP implementations contain vulnerabilities handling exceptional OPEN and UPDATE messages. While the details of the individual vulnerabilities are different, the impacts appear to be limited to denial of service. In addition, most BGP implementations do not accept messages from arbitrary sources. Some BGP implementations only accept TCP connections (179/tcp) from properly configured peers, and some implementations require a valid AS number in the BGP message data. To deliver malicious messages to such systems, an attacker would need to spoof a TCP connection or have access to a trusted BGP peer. The attacker may also need to know a valid AS number.
A remote attacker can cause a denial of service in a vulnerable system. In most cases, the attacker would need to act as a valid BGP peer. BGP session instability can result in "flapping" and other routing problems that may adversely affect Internet traffic.
Apply a patch or upgrade
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Cisco Systems Inc.||Affected||-||16 Jun 2004|
|Extreme Networks||Affected||-||16 Jun 2004|
|Redback Networks Inc.||Affected||07 May 2004||21 Jun 2004|
|Apple Computer Inc.||Not Affected||15 Jun 2004||16 Jun 2004|
|Avici Systems Inc.||Not Affected||06 May 2004||23 Jun 2004|
|Check Point||Not Affected||-||16 Jun 2004|
|Chiaro Networks||Not Affected||-||03 Jun 2004|
|Juniper Networks||Not Affected||07 May 2004||16 Jun 2004|
|Network Appliance||Not Affected||07 May 2004||28 Jun 2004|
|NextHop||Not Affected||08 Jun 2004||23 Jun 2004|
|Riverstone Networks||Not Affected||07 May 2004||21 Jun 2004|
|3Com||Unknown||06 May 2004||22 Jun 2004|
|Alcatel||Unknown||06 May 2004||22 Jun 2004|
|AT&T||Unknown||-||16 Jun 2004|
|Avaya||Unknown||-||16 Jun 2004|
CVSS Metrics (Learn More)
These vulnerabilities were reported as a result of research done by Cisco. Thanks to Cisco for sharing this research and helping to coordinate the disclosure of information about these vulnerabilities.
This document was written by Art Manion.
- CVE IDs: CAN-2004-0589
- Date Public: 16 Jun 2004
- Date First Published: 16 Jun 2004
- Date Last Updated: 28 Jun 2004
- Severity Metric: 8.60
- Document Revision: 39
If you have feedback, comments, or additional information about this vulnerability, please send us email.