OpenBSD patches DoS vulnerability in the BGP daemon
It seems that the internet snarl-up at the start of this week, caused by an incorrectly configured Czech BGP (border gateway protocol) router, didn't only affect routers with an elderly version of software. Current OpenBSD systems also had problems dealing with over-long AS (autonomous system) paths: an error in the BGP daemon in the aspath_prepend() function caused it to crash when adding its own AS to an over lengthy one.
The developers say OpenBSD 4.3 and 4.4 are affected, and have prepared appropriate patches for 4.4 and 4.3 (these links are to direct patch downloads).
On Monday this week, a Czech BGP router had sent over-long routing paths (AS long paths containing more than 255 entries) to the global routing table. Several other routers had problems processing them, so there was a loss of performance. It has long been known that the software in some routers has difficulty handling over-long paths, so this problem was not totally unexpected.
See also:
(trk)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
