Security Vulnerabilities in the GNU Zebra and Quagga BGP Routing Daemon May Allow for Denial of Service |
|
| Category : | Security |
| Release Phase : | Resolved |
| Bug Id : | 6607647, 6554276
|
| Product : | Solaris 10 Operating System
|
| Date of Resolved Release : | 08-Apr-2008
|
Security Vulnerabilities in the GNU Zebra and Quagga BGP Routing Daemon May Allow for Denial of Service
1. Impact
Multiple security vulnerabilities in the Quagga and GNU Zebra routing
software shipped with Solaris 10 may allow a remote unprivileged user
connecting from an untrusted remote BGP peer to cause a Denial of
Service (DoS) to the BGP daemon.
These issue are described in the following documents:
2. Contributing Factors
These issues can occur in the following releases:
SPARC Platform:
x86 Platform:
These issues affect only users who have enabled the BGP routing
protocol AND have configured BGP sessions with untrusted, remote BGP
peers. These issues apply equally to the 'GNU Zebra' BGP daemon and its
successor, 'Quagga'.
In such cases, it is possible for the remote peer to send certain
malformed BGP packets which will cause the BGP daemon to assert and
exit, disrupting or even disabling BGP service.
To determine if the BGP protocol is enabled, use the 'pgrep bgpd'
command:
$ pgrep -l bgpd
169570 bgpd
On a Solaris 10 system which has patch 126206-02 (SPARC) or 126207-02
(x86) or later applied, or on a Solaris 10 8/07 system, SMF can be
queried:
$ svcs network/routing/bgp:quagga
STATE
STIME FMRI
enabled Mar_18
svc:/network/routing/bgp:quagga
3. Symptoms
There are no predictable symptoms that would indicate the described
issues have occurred.
4. Workaround
To work around the described issues until a patch can be applied,
disable sessions to untrusted BGP peers. This can be done by
configuring a BGP peer/neighbor as 'shutdown' in the configuration
file, or via the telnet interface (if enabled):
router bgp 65512
neighbor <neighbor IP or peer-group> shutdown
Alternatively, on Solaris 10 8/07 and Solaris 10 systems with patch
126206-02 (SPARC) or 126207-02 (x86) or later applied, the BGP service
can be disabled entirely via SMF:
# svcadm disable
network/routing/bgp:quagga
On other Solaris 10 systems, the BGP daemon can be disabled with the
following command:
# /usr/sfw/sbin/bgpdstop
5. Resolution
These issues are addressed in the following releases:
SPARC Platform:
x86 Platform:
For more information
on Security Sun Alerts, see Technical
Instruction
ID 213557.
This Sun Alert notification is being provided to you on
an "AS IS"
basis. This Sun Alert notification may contain information provided by
third parties. The issues described in this Sun Alert notification may
or may not impact your system(s). Sun makes no representations,
warranties, or guarantees as to the information contained herein. ANY
AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION
WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR
NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU
ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT
OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This
Sun Alert notification contains Sun proprietary and confidential
information. It is being provided to you pursuant to the provisions of
your agreement to purchase services from Sun, or, if you do not have
such an agreement, the Sun.com Terms of Use. This Sun Alert
notification may only be used for the purposes contemplated by these
agreements.
Copyright 2000-2008 Sun Microsystems, Inc., 4150 Network Circle, Santa
Clara, CA 95054 U.S.A. All rights reserved.
AttachmentsThis solution has no attachment
|
Subscribe |
Careers |
Contact Us |
Site Maps |
Legal Notices |
Terms of Use |
Your Privacy Rights |
Sun Contracted Content
Sun Contracted Feature
