[nsp-sec] mpls MFI dos
Ilker Temir
itemir at cisco.com
Thu Sep 25 11:56:32 EDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Chris,
For vulnerabilities that may impact multiple vendors (i.e. a generic
protocol issue), our practice is to work with third-party coordination
centers such as CERT/CC or CPNI to manage a coordinated industry
disclosure. Our policy is available at the following link:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
Regarding this specific vulnerability, if we have any reason to believe
that it can affect other vendors, we will not hesitate to do a
coordinated disclosure.
Thanks,
Ilker
Chris Morrow wrote:
>
>
> On Thu, 25 Sep 2008, Ilker Temir wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>>> On Wed, 24 Sep 2008, Ilker Temir wrote:
>>>
>>>> ----------- nsp-security Confidential --------
>>>>
>>> Don, All,
>>>
>>> As you can appreciate we cannot share the exact details of the offending
>>> packet. But I can confirm that the trigger is a malformed MPLS packet.
>>> Such packets need to be crafted specifically. This issue will not be
>>> triggered by normal/legitimate MPLS packets.
>>>
>>> Hope this answers your question.
>>>
>>>> sure.. what about corrupted packets leaving an interface though? so, is
>>>> this a controlplane packet? (rsvp/ldp or even mpbgp?) or is this a
>>>> labelled data packet?
>>
>> It can't be triggered by control plane packets. Trigger is a malformed
>> labeled packet.
>
> great, and the details have been shared with Juniper/blah so in the case
> that they mishandle packets in the same way we'd get notifications from
> their PSIRT equivalents as well?
>
> -Chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkjbtLAACgkQ8/wE0ppYtwVFdwCfVkY6XuFHIrFYr5KmM4MEs3oM
hjMAoO9LhUJVeEAlvVBFm7TTk0hjY8eF
=4Elc
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list