4.3 - cisco-sa-20090818-bgp

Cisco IOS XR Software contains multiple vulnerabilities in the Border Gateway Protocol (BGP) feature. These vulnerabilities include:

* Cisco IOS XR Software will reset a BGP peering session when receiving a specific invalid BGP update. The vulnerability manifests when a BGP peer announces a prefix with a specific invalid attribute. On receipt of this prefix, the Cisco IOS XR device will restart the peering session by sending a notification. The peering session will flap until the sender stops sending the invalid/corrupt update. This vulnerability was disclosed in revision 1.0 of this advisory.

* Cisco IOS XR BGP process will crash when sending a long length BGP update message When Cisco IOS XR sends a long length BGP update message, the BGP process may crash. The number of AS numbers required to exceed the total/maximum length of update message and cause the crash are well above normal limits seen within production environments.

* Cisco IOS XR BGP process will crash when constructing a BGP update with a large number of AS prepends If the Cisco IOS XR BGP process is configured to prepend a very large number of Autonomous System (AS) Numbers to the AS path, the BGP process will crash. The number of AS numbers required to be prepended and cause the crash are well above normal limits seen within production environments.

All three vulnerabilities are different vulnerabilities from what was disclosed in the Cisco Security Advisory "Cisco IOS Software Border Gateway Protocol 4-Byte Autonomous System Number Vulnerabilities" on the 2009 July 29 1600 UTC at the following link:

http://www.cisco.com/warp/public/707/cisco-sa-20090729-bgp.shtml.

Cisco has released a free software maintenance upgrade (SMU) that addresses these vulnerabilities.

Workarounds that mitigates these vulnerabilities are available.