SB2017112944 - Information disclosure in FRRouting
Published: November 29, 2017 Updated: September 26, 2024
Security Bulletin ID
SB2017112944
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Information disclosure (CVE-ID: CVE-2017-15865)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to an error when handling attribute length in BPG packets. A remote attacker can send a malformed BGP UPDATE packet from a connected peer and trigger transmission of up to a few thousand unintended bytes.
Remediation
Install update from vendor's website.
References
- https://lists.cumulusnetworks.com/pipermail/cumulus-security-announce/2017-November/000009.html
- https://support.cumulusnetworks.com/hc/en-us/articles/115014754307#rn690
- https://support.cumulusnetworks.com/hc/en-us/articles/115014778107-CVE-2017-15865-Malformed-BGP-UPDATE-Triggers-Information-Disclosure