[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE Request: BGP protocol vulnerability
From:       "Steven M. Christey" <coley () linus ! mitre ! org>
Date:       2010-08-31 21:42:27
Message-ID: Pine.GSO.4.64.1008311734300.3520 () faron ! mitre ! org
[Download RAW message or body]


On Sat, 28 Aug 2010, Kurt Seifried wrote:

>> The BGP protocol and its various extensions require that BGP peering
>> sessions are terminated when a peer receives a BGP update message
>> which it considers semantically incorrect, leading to a persistent
>> denial-of-service condition if the update is received again after the
>> terminated session is reestablished.
>>
>> (This is not something new at all---we just need to get up, treat it
>> as a vulnerability, and fix it.)
>
> This sounds like CVE-2010-3035
> http://www.cisco.com/warp/public/707/cisco-sa-20100827-bgp.shtml

The way Cisco has written up this CVE, they are clearly focusing on the 
generation of corrupted attributes, not a protocol problem.  So, I'd want 
a separate CVE for the general BGP design issue.

> or are you talking about another BGP issue? (but in the same "family"
> as CVE-2009-2055 and  CVE-2010-3035).

I can't quite tell the difference between CVE-2009-2055 and what Florian 
is requesting a CVE for.  In CVE-2009-2055, Cisco seems to be implying 
that it's a problem in XR, not the design of the whole protocol - but it's 
not immediately clear if they even "fixed" it.  The issue at hand is 
whether we need a new CVE or a rewrite for the old CVE-2009-2055.

- Steve
[prev in list] [next in list] [prev in thread] [next in thread]