Saturday, August 28, 2010

BGP Vulnerability Found In IOS-XR

Cisco IOS XR Software contains a vulnerability in the Border Gateway Protocol (BGP) feature. The vulnerability manifests itself when a BGP peer announces a prefix with a specific, valid but unrecognized transitive attribute. On receipt of this prefix, the Cisco IOS XR device will corrupt the attribute before sending it to the neighboring devices. Neighboring devices that receive this corrupted update may reset the BGP peering session.

Affected devices running Cisco IOS XR Software corrupt the unrecognized attribute before sending to neighboring devices, but neighboring devices may be running operating systems other than Cisco IOS XR Software and may still reset the BGP peering session after receiving the corrupted update. This is per standards defining the operation of BGP.

Cisco developed a fix that addresses this vulnerability and will be releasing free software maintenance upgrades (SMU) progressively starting 28 August 2010. This advisory will be updated accordingly as fixes become available.

Source Cisco

People who read this post also read :



2 comments:

Nicolas said...

Hmmm.... Something very similar happened one year ago, lots of sessions going down due to a IOS XR bug:

http://www.cisco.com/warp/public/707/cisco-sa-20090818-bgp.shtml

Shivlu Jain said...

truly said.