Package: quagga-bgpd Version: 1.1.1-3 Severity: important Tags: security upstream
Dear Maintainer,
there is a longstanding bug in quagga where certain BGP update messages
cause a quagga bgpd to drop a session, possibly resulting in loss of
network connectivity.
Details:
Long paths in update messages are segmented in BGP, and the bug is in
the recalculation of the framing information if there are more than two
segments. The resulting data is invalid but will will be used for
redistribution. At least if the receiver is another quagga bgpd, that
message is rejected, eventually resulting in a BGP session termination.
The receiver's log (if written) contains an error message like
| BGP: 172.23.97.181: BGP type 2 length 3074 is too large, attribute total
length is 2069. attr_endp is 0x562feb368121. endp is 0x562feb367d2c
then.
So if a site's BGP peers all run quagga, that site will lose network
connectivity due to frequent session termination. Additionally, the
repeated initial full table transfer will result in a significantly
bigger network load, I've seen around 1 MByte/sec/link, compared to
usually less than one 1 kbyte/sec/link.
Such extremely long AS paths have occured in the global BGP table at
least four times since June. Last time started on Oct 13th around 20:43
UTC and lasted until the following week.
All versions of quagga in Debian are affected.
How to fix:
Kudos to Andreas Jaggi who identified the bug and provided a fix[1].
After some hours of work I was able to reproduce the issue and can
confirm this patch resolves the issues for all versions of quagga in
Debian (wheezy, jessie, stretch = buster = sid). Details about the
setup available upon request, it's just some stuff to write down.
In my opinion this is serious enough to justify a security upload. If
stable security disagrees, please fix this in the next stable point
release.
Regards,
Christoph
[1] https://lists.quagga.net/pipermail/quagga-dev/2017-September/033284.html
http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=7a42b78be9a4108d98833069a88e6fddb9285008
signature.asc
Description: Digital signature
