Vigil@nce: Cisco IOS XR, denials of service via BGP
August 2009 by Vigil@nce
A peer can send malicious BGP messages in order to generate a
denial of service on Cisco IOS XR.
Severity: 2/4
Consequences: denial of service of service
Provenance: intranet client
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Number of vulnerabilities in this bulletin: 3
Creation date: 19/08/2009
Revision date: 20/08/2009
IMPACTED PRODUCTS
– Cisco IOS XR
DESCRIPTION OF THE VULNERABILITY
Three denials of service were announced in Cisco IOS XR.
When Cisco IOS XR receives a prefix with an invalid attribute, it
closes the session over which the update was received. [grav:2/4;
BID-36063, CSCtb42995, CVE-2009-2055]
When the BGP process sends an update message containing numerous
ASN (Autonomous System Number), it stops. [grav:1/4; BID-36092,
CSCtb05382, CVE-2009-1154]
When the BGP process prepends numerous ASN (Autonomous System
Number) in a path, it stops. [grav:1/4; BID-36093, CSCtb12726,
CVE-2009-2056]
A peer can therefore send malicious BGP messages in order to
generate a denial of service on Cisco IOS XR.
CHARACTERISTICS
Identifiers: 110825, BID-36063, BID-36092, BID-36093,
cisco-sa-20090818-bgp, CSCtb05382, CSCtb12726, CSCtb18562,
CSCtb42995, CVE-2009-1154, CVE-2009-2055, CVE-2009-2056,
VIGILANCE-VUL-8956
http://vigilance.fr/vulnerability/Cisco-IOS-XR-denials-of-service-via-BGP-8956