BGP implementations do not adequately handle malformed BGP OPEN and UPDATE messages

Overview

Multiple implementations of the Border Gateway Protocol (BGP) contain vulnerabilities related to the processing of UPDATE and OPEN messages. The impacts of these vulnerabilities appear to be limited to denial of service.

Description

BGP (RFC 1771) is designed to exchange network reachability information between peer nodes. Information advertised by a BGP system to its peers includes timers, metrics, and paths to different Autonomous System (AS) networks. Routing between AS networks depends on BGP, and the Internet is a network of AS networks. Therefore, vulnerabilities in BGP have the potential to affect the Internet infrastructure.

Multiple BGP implementations contain vulnerabilities handling exceptional OPEN and UPDATE messages. While the details of the individual vulnerabilities are different, the impacts appear to be limited to denial of service. In addition, most BGP implementations do not accept messages from arbitrary sources. Some BGP implementations only accept TCP connections (179/tcp) from properly configured peers, and some implementations require a valid AS number in the BGP message data. To deliver malicious messages to such systems, an attacker would need to spoof a TCP connection or have access to a trusted BGP peer. The attacker may also need to know a valid AS number.

For information about specific BGP implementations, please see the Systems Affected section below.

---

Impact

A remote attacker can cause a denial of service in a vulnerable system. In most cases, the attacker would need to act as a valid BGP peer. BGP session instability can result in “flapping” and other routing problems that may adversely affect Internet traffic.

---

Solution

Apply a patch or upgrade
Apply a patch or upgrade as specified by your vendor.

---

Restrict BGP access

Using access control lists (ACLs) and BGP configuration settings, restrict access to valid networks and BGP peers.

Authenticate BGP messages

TCP MD5 (RFC 2385), IPsec, and S-BGP provide cryptographic authentication of network connections and/or BGP messages. Various performance and key distribution issues are associated with these authentication methods.

Use out-of-band management channels

When possible, use an out-of-band channel, such as a separate network, to transmit BGP other management traffic.

---

Vendor Information

784540

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Cisco Systems Inc. __ Affected

Updated: June 16, 2004

Status

Affected

Vendor Statement

Cisco may have products which are vulnerable to this issue. Cisco’s response is now published at <http://www.cisco.com/warp/public/707/cisco-sa-20040616-bgp.shtml&gt;.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23784540 Feedback>).

Extreme Networks __ Affected

Updated: June 16, 2004

Status

Affected

Vendor Statement

Found one vulnerability in Extreme switch products.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23784540 Feedback>).

Redback Networks Inc. __ Affected

Notified: May 07, 2004 Updated: June 21, 2004

Status

Affected

Vendor Statement

1. SmartEdge family of products is not vulnerable.

2. SMS Family of products is vulnerable in one case.

Mitigation: While there is no way a network operator can completely defend against various vulnerabilities and hacker attacks, Redback Networks products already implement many mechanisms to guard against such attacks.

SMS has the following features, which make the system more secure:

* MD5 authentication for BGP
* IP source address validation

Vulnerability Resolution: While there is no way a network operator can completely defend against these types of vulnerabilities, Redback has also incorporated additional modifications within the BGP Protocol that provides more favorable connectivity capable of avoiding the above adverse condition.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23784540 Feedback>).

Apple Computer Inc. __ Not Affected

Notified: June 15, 2004 Updated: June 16, 2004

Status

Not Affected

Vendor Statement

Apple: Apple products are not affected by the issue reported in Vulnerability Note VU#784540.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23784540 Feedback>).

Avici Systems Inc. __ Not Affected

Notified: May 06, 2004 Updated: June 23, 2004

Status

Not Affected

Vendor Statement

We have taken the time to analyze the issue and have verified that the Avici product line:

(1) suffers no ill effect when we receive a BGP message as per your
instructions

(2) put a descriptive message in our log when this condition occurs.

The message is as follows:

INFORMATION:bgp-updates:BGP peer <ip_address of peer> (External AS
<AS number>): Open message arrived with length 19

The message is then dropped with no ill effect on any Avici product.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23784540 Feedback>).

Check Point __ Not Affected

Updated: June 16, 2004

Status

Not Affected

Vendor Statement

Check Point does not use gated in any products, and is not vulnerable. It is possible that some Check Point partners may use gated or a derivative on their appliance platforms, but we are not aware of any (and did not distribute this advisory beyond Check Point).

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23784540 Feedback>).

Chiaro Networks __ Not Affected

Updated: June 03, 2004

Status

Not Affected

Vendor Statement

Chiaro Networks, Inc. has extensively tested the Enstara IP/MPLS platform for vulnerabilities identified in CERT/CC VU#784540 (BGP vulnerabilities discovered by Cisco test suite), and no vulnerabilities have been identified.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23784540 Feedback>).

Juniper Networks __ Not Affected

Notified: May 07, 2004 Updated: June 16, 2004

Status

Not Affected

Vendor Statement

Juniper Networks has tested all of its implementations of the BGP protocol using the tools supplied by CERT/CC. None of the tests results in any anomalous behavior. Therefore, our products are not susceptible to these vulnerabilities.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23784540 Feedback>).

Network Appliance __ Not Affected

Notified: May 07, 2004 Updated: June 28, 2004

Status

Not Affected

Vendor Statement

6/25/04

Network Appliance does not ship any products that incorporate BGP routing code, and therefore no NetApp products are vulnerable to CERT VU784540.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23784540 Feedback>).

NextHop __ Not Affected

Notified: June 08, 2004 Updated: June 23, 2004

Status

Not Affected

Vendor Statement

NextHop Technologies has extensively tested its BGP implementation in GateD NGC 2.2 with the tools provided by CERT, and the tests do not result in any anomalous behavior. The latest version of GateD from NextHop Technologies is not susceptible to the vulnerabilities described in this vulnerability report.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23784540 Feedback>).

Riverstone Networks __ Not Affected

Notified: May 07, 2004 Updated: June 21, 2004

Status

Not Affected

Vendor Statement

Riverstone Networks has run the test suite against its routers. All test cases were handled without failure, and thus Riverstone Networks routers are not vulnerable to this test suite.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23784540 Feedback>).

3Com Unknown

Notified: May 06, 2004 Updated: June 22, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23784540 Feedback>).

AT&T Unknown

Updated: June 16, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23784540 Feedback>).

Alcatel Unknown

Notified: May 06, 2004 Updated: June 22, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23784540 Feedback>).

Avaya Unknown

Updated: June 16, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23784540 Feedback>).

Charlotte’s Web Networks Unknown

Updated: June 16, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23784540 Feedback>).

Conectiva Unknown

Updated: June 16, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23784540 Feedback>).

Cray Inc. Unknown

Updated: June 16, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23784540 Feedback>).

D-Link Systems Unknown

Updated: June 16, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23784540 Feedback>).

Data Connection Unknown

Updated: June 16, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23784540 Feedback>).

Debian Unknown

Updated: June 16, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23784540 Feedback>).

EMC Corporation Unknown

Updated: June 16, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23784540 Feedback>).

F5 Networks Unknown

Updated: June 16, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23784540 Feedback>).

Foundry Networks Inc. __ Unknown

Updated: June 21, 2004

Status

Unknown

Vendor Statement

Foundry Networks is currently investigating this vulnerability. Foundry have reviewed and understood the vulnerability and have tested its latest shipping code v07.6.05g (as of June 16, 2004) against the vulnerability. This version of code is NOT vulnerable to the BGP flaw stated in VU#784540.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23784540 Feedback>).

FreeBSD Unknown

Updated: June 16, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23784540 Feedback>).

Fujitsu Unknown

Updated: June 16, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23784540 Feedback>).

Guardian Digital Inc. Unknown

Updated: June 16, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23784540 Feedback>).

Hewlett-Packard Company Unknown

Updated: June 16, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23784540 Feedback>).

Hitachi __ Unknown

Notified: May 06, 2004 Updated: June 16, 2004

Status

Unknown

Vendor Statement

Hitachi GR4000/GS4000/GS3000 are NOT Vulnerable to this issue. Hitachi is investigating the potential impact to GR2000 gigabit router. As further information becomes available Hitachi will provide notice of the information.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23784540 Feedback>).

Hyperchip Unknown

Updated: June 08, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23784540 Feedback>).

IBM Unknown

Notified: May 07, 2004 Updated: June 17, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23784540 Feedback>).

Ingrian Networks Unknown

Updated: June 16, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23784540 Feedback>).

Intel Unknown

Updated: June 16, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23784540 Feedback>).

Lucent Technologies Unknown

Updated: June 16, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23784540 Feedback>).

MandrakeSoft Unknown

Updated: June 16, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23784540 Feedback>).

MontaVista Software Unknown

Updated: June 16, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23784540 Feedback>).

Multi-Tech Systems Inc. Unknown

Updated: June 16, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23784540 Feedback>).

NEC Corporation Unknown

Updated: June 16, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23784540 Feedback>).

NetScreen Unknown

Updated: June 16, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23784540 Feedback>).

Nokia Unknown

Updated: June 16, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23784540 Feedback>).

Nortel Networks Unknown

Updated: June 16, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23784540 Feedback>).

Novell Unknown

Updated: June 16, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23784540 Feedback>).

Openwall GNU/*/Linux Unknown

Updated: June 16, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23784540 Feedback>).

Red Hat Inc. Unknown

Updated: June 16, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23784540 Feedback>).

SCO Unknown

Updated: June 16, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23784540 Feedback>).

SGI Unknown

Updated: June 16, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23784540 Feedback>).

Sony Corporation Unknown

Updated: June 16, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23784540 Feedback>).

SuSE Inc. Unknown

Updated: June 16, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23784540 Feedback>).

Sun Microsystems Inc. Unknown

Updated: June 16, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23784540 Feedback>).

TurboLinux Unknown

Updated: June 17, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23784540 Feedback>).

Unisys Unknown

Notified: June 15, 2004 Updated: June 22, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23784540 Feedback>).

Wind River Systems Inc. Unknown

Updated: June 16, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23784540 Feedback>).

ZyXEL Unknown

Updated: June 16, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23784540 Feedback>).

View all 53 vendors __View less vendors __

CVSS Metrics

Group	Score	Vector
Base
Temporal
Environmental

References

• <http://www.ietf.org/rfc/rfc1771.txt&gt;
• <http://www.ietf.org/internet-drafts/draft-ietf-idr-bgp4-experience-protocol-04.txt&gt;
• <http://www.ietf.org/rfc/rfc2385.txt&gt;
• <http://www.net-tech.bbn.com/sbgp/draft-clynn-s-bgp-protocol-01.txt&gt;
• <http://www.nanog.org/mtg-0306/pdf/franz.pdf&gt;
• <http://www.cisco.com/warp/public/707/cisco-sa-20040616-bgp.shtml&gt;

Acknowledgements

These vulnerabilities were reported as a result of research done by Cisco. Thanks to Cisco for sharing this research and helping to coordinate the disclosure of information about these vulnerabilities.

This document was written by Art Manion.

Other Information

CVE IDs:	CVE-2004-0589
Severity Metric:	8.60 Date Public: