Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: OpenBSD, denial of service of bgpd

February 2009 by

SYNTHESIS OF THE VULNERABILITY

An attacker can send a BGP message with a long AS path, in order
to stop the bgpd daemon.

Gravity: 2/4

Consequences: denial of service of service

Provenance: internet client

Means of attack: 1 attack

Ability of attacker: technician (2/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: high (3/3)

Creation date: 19/02/2009

IMPACTED PRODUCTS

 OpenBSD

DESCRIPTION OF THE VULNERABILITY

The BGP protocol is used to maintain routes on a large IP network.
Each provider network has an ASN (Autonomous System Number), and
BGP establishes the list of paths which can be taken to reach
another AS. For example, to reach the AS 5:
 path a: AS 1, AS 2, AS 3, AS 5
 path b: AS 1, AS 4, AS 5 (shorter, and thus better)

The as_path attribute of a BGP packet indicates the list of ASN
already traversed.

When the bgpd daemon of OpenBSD receives a packet, it thus have to
complete the as_path attribute. In order to do so, the
aspath_prepend() function of the usr.sbin/bgpd/rde_attr.c file
computes the required size. However, when the number of ASN in a
path exceeds 255, the size is truncated, which creates an error
and stops the daemon.

An attacker can therefore send a BGP message with a long AS path,
in order to stop the bgpd daemon.

CHARACTERISTICS

Identifiers: BID-33828, VIGILANCE-VUL-8483

http://vigilance.fr/vulnerability/OpenBSD-denial-of-service-of-bgpd-8483


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts