jim_duffy
Managing Editor

BGP vulnerabilities in Cisco IOS

Analysis
Aug 3, 20092 mins

Company issues security advisory for 4-byte AS numbers

Cisco last week issued — and today updated — a security advisory for its IOS software. The vulnerability has to do with 4-byte Autonomous System numbers in BGP updates.

Cisco IOS software supporting IETF RFC 4893 for four octet AS number spaces in BGP are susceptible to denial of service attacks when handling BGP updates. There are two DoS vulnerabilities in the software, according to the advisory:

The first vulnerability could cause an affected device to reload when processing a BGP update that contains autonomous system (AS) path segments made up of more than one thousand autonomous systems.

The second vulnerability could cause an affected device to reload when the affected device processes a malformed BGP update that has been crafted to trigger the issue.

Cisco says it released free software updates to address these vulnerabilities. There are no workarounds available for the first vulnerability but there is one for the second.

More from Cisco Subnet:  
  • Can Cisco benefit from Avaya/Nortel deal?
  • Move to FCoE expected to favor Cisco, NetApp
  • Alcatel-Lucent follows Juniper with 100G Ethernet; where’s Cisco?
  • Juniper tries to pound spike into Cisco’s heart
  • Password Cracking with CUDA
  • Cisco Releases substantial update to its Enterprise Security Management Platform
  • NANOG46 and Cisco Live had Significant Focus on IPv6
Win training and books from Cisco SubnetCisco Alert newsletter. Like RSS readers? Subscribe to the Cisco Subnet RSS feed

Like e-mail? Subscribe to the

Follow Cisco Subnet on Twitter.