CVE-2017-15865: Malformed BGP UPDATE Triggers Information Disclosure

Follow

Note: This issue was announced on the Cumulus Networks security announcement mailing list on November 6, 2017.

An issue has been found in the FRRouting bgpd daemon (CVE-2017-15865). This issue has been fixed in Cumulus Linux 3.4.3, and patched upstream in all FRR versions (2.0, 3.0).

If a connected BGP peer sends a malformed BGP UPDATE packet to bgpd, bgpd may return up to 4075 bytes of data that should not have been sent to the requestor. The extra data sent may contain sensitive information.

There is no known denial of service, however there is a theoretical possibility of a bgpd crash. In those cases, bgpd would normally be restarted automatically by the watchfrr daemon.

Have more questions? Submit a request

Comments

This support portal has moved

Cumulus Networks is now part of the NVIDIA Networking Business Unit! The NVIDIA Cumulus Global Support Services (GSS) team has merged its operations with the NVIDIA Mellanox support services team.

You can access NVIDIA Cumulus support content from the Mellanox support portal.

You open and update new cases on the Mellanox support portal. Any previous cases that have been closed have been migrated to the Mellanox support portal.

Cases that are still open on the Cumulus portal will continue to be managed on the Cumulus portal. Once these cases close, they will be moved to the Mellanox support portal.

Powered by Zendesk