WAN, Routing and Switching: BGP Vulnerability - all IOSes affected
 Replied by:
|
|
|
Replied by:
p.bevilacqua - BYTE WORKS SISTEMI SRL -
Aug 14, 2007, 12:48pm PST
Slidersv, it's a good finding. However I don't think they will consider that a vulnerability and even to be opened as a bug will require a customer with a contract complaining.
|
Rating: 3.0 (1 vote)
|
Replied by:
slidersv - Senior Systems Engineer, Alef Nula, a.s., CCIE -
Aug 16, 2007, 11:34am PST
Seems I'll have to persuade our integrator to open a TAC case then...
|
|
Replied by:
royalblues - Network Engineer, MphasiS -
Aug 16, 2007, 12:44pm PST
Thats a good finding.
I will try it on one of my routers and report it TAC as well
Narayan
|
|
Replied by:
slidersv - Senior Systems Engineer, Alef Nula, a.s., CCIE -
Aug 16, 2007, 1:31pm PST
Oops. Sorry. Didn't check the command before posting. Forgot the underline:
show ip bgp regexp (.*)(_\1)+
Also, i found that some platforms have different interpretations of ".*" in conjuncture with repetition of "\1".
In case somewhere it won't work (although so far it worked everywhere i tried), following surely will:
show ip bgp regexp ([0-9]*)(_\1)+
|
|
Replied by:
mohammedmahmoud - Noor Advanced Technology, CCIE -
Aug 16, 2007, 10:49pm PST
Hi,
I've tried both commands on one of my 7206VXR (NPE300) in the lab (having full internet routing table) and both commands did no harm, the router is running 12.2(25)S5, maybe Cisco got this fixed, you can further try it on one of the internet route servers running the same code (try this one 213.200.64.94 - TISCALI).
HTH,
Mohammed Mahmoud.
|
Rating: 4.0 (1 vote)
|
Replied by:
slidersv - Senior Systems Engineer, Alef Nula, a.s., CCIE -
Aug 17, 2007, 12:23am PST
You're right, it works on the said route-server.
I guess not all versions are affected, and i just had a string of luck with IOS/platform combinations.
This route server crashes for example:
route-server.ip.att.net
Do you know of any other route servers?
I'll add all platforms and IOSes I have tried it on to my tac request.
Here is a quick list of LAB at hand, all of which crashed by the command just now:
1.
cisco 2610 (MPC860) processor (revision 0x202)
c2600-j1s3-mz.123-20.bin
2.
Cisco 3725 (R7000) processor
c3725-entservicesk9-mz.124-1.bin
AT&T's route server is down for now, so i can't post it's HW/SW combination. I know my LAB's 7206, 2851, 2821, and 3745 all crashed.
I'll just have to write add of the HW/SW combinations to TAC
|
|
Replied by:
mohammedmahmoud - Noor Advanced Technology, CCIE -
Aug 17, 2007, 12:49am PST
Hi Pavlo,
Both crashed my lab 2821 router running c2800nm-spservicesk9-mz.124-3g.bin :)
HTH,
Mohammed Mahmoud.
|
|
Replied by:
royalblues - Network Engineer, MphasiS -
Aug 17, 2007, 1:01am PST
My 3825 crashed as well :-)
|
Rating: 3.0 (1 vote)
|
Replied by: jtantsura - Senior IP Engineer, UPC Broadband, CCIE - Aug 17, 2007, 7:28am PST
12410 12.0.32S7 didn't crash
|
Rating: 3.0 (1 vote)
|
Replied by: mlasarko - BALTIMORE COUNTY GOVERNMENT - Aug 17, 2007, 7:45am PST
Not an issue on:
2621XM w/ c2600-adventerprisek9-mz.124-10a
3845 w/ c3845-adventerprisek9-mz.124-10a
Both accept the posted commands without a problem.
~M
|
Rating: 3.0 (1 vote)
|
Replied by: dciccaro - Incident Manager, CISCO SYSTEMS, CCIE - Aug 17, 2007, 7:46am PST
Hi there. This is Dario Ciccarone from the Cisco PSIRT (Product Security Incident Response Team).
We've been notified of this issue. It looks similar to CSCsb08386 - customers experiencing the issue are suggested to open a TAC SR and provide the TAC CSE with any information available that would help troubleshoot the issue - including show tech, crashdump (if available), traceback, etc.
Any customer experiencing the issue who would be interested in a PSIRT escalation for evaluation should notify the TAC CSE of such - asking the CSE to contact PSIRT with the TAC SR number for further evaluation.
In addition to that, the Cisco PSIRT Security Vulnerability Policy is available at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html - for any customer, with our without a service contract, which might be interested in contacting us.
Thanks,
Dario
|
Rating: 4.0 (1 vote)
|
Replied by:
slidersv - Senior Systems Engineer, Alef Nula, a.s., CCIE -
Aug 17, 2007, 8:56am PST
Thank you Dario. I didn't know about PSIRT at all - not much into security (More of a BGP/QoS/VAservices). And thanks to all for input and eventually reporting the problem. I'd like to see this issue fixed.
For info, here are some other HW/SW combinations that crash:
1. cisco 7206VXR (NPE-G1) processor (revision B) with 491520K/32768K bytes of memory.
(C7200-JK9O3S-M), Version 12.3(21)
2. cisco 7206VXR (NPE400) processor (revision A) with 491520K/32768K bytes of memory.
(C7200-JS-M), Version 12.2(18)S12
3. Cisco 2851 (revision 53.51) with 249856K/12288K bytes of memory.
(C2800NM-ENTSERVICESK9-M), Version 12.3(14)T7
I'm tempted to test it on production 7206 with 12.3 T-train since we are dual homed, but I am too responsible for that... Besides, it's NPE-G1, which I know crashes, and 2851 with T-train crashes as well.
|
|
Replied by: hdommath@ford.com - Senior Network Engineer, Ford, CCIE - Aug 21, 2007, 8:56am PST
I tested with 12.2.23f as well, but could not simulate.
|
|
Replied by: jmla8900 - The Creepy Network Guy, - Sep 15, 2007, 5:49pm PST
I tried it on some of my lab stuff running 12.3 and it was affected, but my old 12.2 enterprise stuff ran it just fine without blowing up. Odd that it affects the newer stuff and not the old.
|
|
Replied by: carl.gruber - Charter Communications - Sep 17, 2007, 4:48am PST
3550 running 12.2(37)SE died when running the reg exp as 'show running-config | include'.
|
|
| Return To Top | < Previous Conversation | Next Conversation > |