Several Border Gateway Protocol flaws were discovered in Quagga routing software. What were the flaws and how did...
they affect the software? Should enterprises be concerned about BGP security?
Border Gateway Protocol (BGP) flaws in Quagga routing software enabled attackers to gain remote code execution abilities, acquire sensitive information and cause denial-of-service (DoS) issues. The affected Unix platforms include Debian GNU/Linux, SUSE Linux and Ubuntu.
The vulnerabilities are listed below in descending order of CVSS scores earned.
The most critical vulnerability among the BGP flaws is CVE-2018-5379, which has a CVSS score of 9.0. The Quagga BGP daemon (BGPD) can double free memory when processing certain forms of update message, containing cluster-list or unknown attributes. A successful exploitation of this flaw enables attackers to execute remote code and caused DoS issues.
Next is CVE-2018-5381 with a score of 7.5. This vulnerability leads the BGPD process into an endless loop, which eventually stops responding due to DoS issues. This flaw's ratings on integrity and confidentiality of the data are not provided.
Then, CVE-2018-5378 has a score of 5.9. With this vulnerability, the BGPD process doesn't properly restrict operations within the bounds of a memory buffer. An arbitrary length with an invalid attribute length is sent over the network to a peer or causes the BGPD process to crash. The rating of this risk is low in terms of confidentiality.
Last is CVE-2018-5380 with a score of 4.3. This flaw enables an out of bounds read bug in the BGPD process to overrun internal BGP code-to-string conversion tables by the value of one point. Unlike the other three vulnerabilities, the impact of this flaw on availability is low, while its ratings for integrity and confidentiality are not provided.
Enterprises should be concerned about BGP flaws on the affected Unix platforms running the Quagga BGP daemon prior to version 1.2.3, as an authenticated attacker can gain full control of the affected BGPD process, maliciously modify the routes and take over the routing service to transfer data between autonomous systems.
Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)
Dig Deeper on Penetration testing, ethical hacking and vulnerability assessments
Related Q&A from Judith Myerson
Air-gapped computers subject to PowerHammer attack: Proof-of-concept attack enables data exfiltration through control of current flow over power ... Continue Reading
Bastille researchers created the SirenJack proof of concept to show how a vulnerability could put San Francisco's emergency warning system at risk. ... Continue Reading
A QR code vulnerability was recently discovered in the Apple iOS 11 camera app. Learn how an attacker could exploit it and how to avoid the issue ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.