Several Border Gateway Protocol flaws were discovered in Quagga routing software. What were the flaws and how did...
they affect the software? Should enterprises be concerned about BGP security?
Border Gateway Protocol (BGP) flaws in Quagga routing software enabled attackers to gain remote code execution abilities, acquire sensitive information and cause denial-of-service (DoS) issues. The affected Unix platforms include Debian GNU/Linux, SUSE Linux and Ubuntu.
The vulnerabilities are listed below in descending order of CVSS scores earned.
The most critical vulnerability among the BGP flaws is CVE-2018-5379, which has a CVSS score of 9.0. The Quagga BGP daemon (BGPD) can double free memory when processing certain forms of update message, containing cluster-list or unknown attributes. A successful exploitation of this flaw enables attackers to execute remote code and caused DoS issues.
Next is CVE-2018-5381 with a score of 7.5. This vulnerability leads the BGPD process into an endless loop, which eventually stops responding due to DoS issues. This flaw's ratings on integrity and confidentiality of the data are not provided.
Then, CVE-2018-5378 has a score of 5.9. With this vulnerability, the BGPD process doesn't properly restrict operations within the bounds of a memory buffer. An arbitrary length with an invalid attribute length is sent over the network to a peer or causes the BGPD process to crash. The rating of this risk is low in terms of confidentiality.
Last is CVE-2018-5380 with a score of 4.3. This flaw enables an out of bounds read bug in the BGPD process to overrun internal BGP code-to-string conversion tables by the value of one point. Unlike the other three vulnerabilities, the impact of this flaw on availability is low, while its ratings for integrity and confidentiality are not provided.
Enterprises should be concerned about BGP flaws on the affected Unix platforms running the Quagga BGP daemon prior to version 1.2.3, as an authenticated attacker can gain full control of the affected BGPD process, maliciously modify the routes and take over the routing service to transfer data between autonomous systems.
Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)
Dig Deeper on Penetration testing, ethical hacking and vulnerability assessments
Related Q&A from Judith Myerson
The Constrained Application Protocol underpins IoT networks. But the protocol could allow a threat actor to launch an attack. Continue Reading
Dutch researchers discovered flaws in ATA security and TCG Opal affecting self-encrypting drives. What steps can you take to guard data stored on ... Continue Reading
The Signal Desktop application was found to be making decryption keys available in plaintext. Learn how the SQLite database and plaintext passwords ... Continue Reading