Multiple Vendors Malformed BGP 'UPDATE' Message Remote Denial of Service Vulnerability

Multiple vendors' BGP implementations are prone to a remote denial-of-service vulnerability that arises when the software handles specially crafted BGP packets.

NOTE: This issue is related to the vulnerability discussed in BID 26869 (Juniper Networks JUNOS Malformed BGP Remote Denial of Service Vulnerability). It has been assigned its own record because details regarding what technologies are vulnerable and how the various vendors have implemented BGP are not currently available. As more information emerges, we will create individual records to further document the vulnerability for the various vulnerable technologies.

AlaxalA Networks AX series and Hitachi GR series are reported vulnerable to this issue. Unspecified technologies from Avici Systems, Inc., Century Systems Inc., and Yamaha Corporation are also reported vulnerable.


Privacy Statement
Copyright 2010, SecurityFocus