Cisco Patches IOS XR Software Border Gateway Protocol Vulnerability That Crashed 1 Percent of Internet

Cisco fixed a bug in its IOS (Internetwork Operating System) router software that contributed to a brief blackout of about 1% Internet. The bug was discovered last Friday when Reseaux IP Europeens Network Coordination Centre and researchers at Duke University started distributing experimental BGP (Border Gateway Protocol) data via RIPE NCC's systems. A large number […]

Cisco fixed a bug in its IOS (Internetwork Operating System) router software that contributed to a brief blackout of about 1% Internet. The bug was discovered last Friday when Reseaux IP Europeens Network Coordination Centre and researchers at Duke University started distributing experimental BGP (Border Gateway Protocol) data via RIPE NCC's systems. A large number of routers on Internet became unreachable within minutes and the experiment was quickly stopped.

In a security advisory released hours after the incident, Cisco confirmed "An advertisement of an unrecognized but valid BGP attribute resulted in resetting of several BGP neighbors on 27 August 2010. This advertisement wasn't malicious but inadvertently triggered this vulnerability."

Cisco's IOS XR operating system is built for its carrier-grade CRS-1 routers, used by large telecommunications companies.

[Source]