Cisco IOS Malformed BGP Packet Causes Reload - Cisco Systems
Medium Nessus Plugin ID 48975
SynopsisThe remote device is missing a vendor-supplied security patch
DescriptionA Cisco device running IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DOS) attack from a malformed BGP packet. The BGP protocol is not enabled by default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet.
Cisco has made free software available to address this problem.
SolutionApply the relevant patch referenced in Cisco Security Advisory cisco-sa-20040616-bgp.