[c-nsp] About the posting entitled "Heads up: "sh ip bgp regexp" crashing router"

Dario Ciccarone (dciccaro) dciccaro at cisco.com
Fri Aug 17 12:59:47 EDT 2007

Hash: SHA1


	Hi there. This is Dario Ciccarone from the Cisco PSIRT (Product
Security Incident Response Team).

	This is in response to the post entitled "Heads up: "sh ip bgp
regexp" crashing router". Based on the available information,
this issue looks similar to the Cisco bug ID CSCsb08386. For
those without access to the Cisco Bug Toolkit, here's the
Release Note for said bug:


	Symptoms: A router crashes when you enter the show ip bgp
regexp command.

	Conditions: This symptom is observed on a Cisco router when BGP
is being updated.

	Workaround: Enable the new deterministic regular expression
engine by entering the bgp regexp deterministic command and then
enter the show ip regexp command. Note that enabling the 
new deterministic regular expression engine may impact the
performance speed of the router.


	It has to be noted that in order to execute a "show ip bgp
regexp" command, a user has to have valid credentials to the
device in question. We have reports of some publicly available
BGP looking glasses (which, as we all know, don't require
credentials to login) being crashed due to this issue. Customers
are suggested to deploy the workaround - but please note the
workaround, as stated on the release note, might impact the
router performance. Or deploy one of the fixed IOS versions
listed on the aforementioned bug.

	In addition to that, any customer which might open a TAC SR for
this issue is encouraged to attach the following information to
the case:

    * show tech from the device in question
    * crashinfo file (if available)
    * traceback

	That would help us diagnose and troubleshoot the issue further.
At the same time, customers opening a TAC SR for this issue are
encouraged to request for the TAC CSE to contact the Cisco PSIRT
with this information for evaluation.

	Once again: this issue looks similar to CSCsb08386 - but
without a TAC SR and the previously requested information, it is
impossible for us to diagnose and troubleshoot the issue further
and decide if it is the same issue or a new one.

	The Cisco PSIRT Security Vulnerability Policy is available at
ty_policy.html - for any customer, with our without a service
contract, which might be interested in contacting us.


Dario Ciccarone <dciccaro at cisco.com>
Incident Manager - CCIE #10395 
Product Security Incident Response Team (PSIRT)
Cisco Systems, Inc.
PGP Key ID: 0xBA1AE0F0

Version: PGP 8.1


More information about the cisco-nsp mailing list