GoBGP AIGP Attribute Parser Buffer Overflow Vulnerability

A buffer overflow vulnerability has been identified in the osrg GoBGP software, specifically affecting versions up to 4.3.0. The vulnerability resides in the PathAttributeAigp.DecodeFromBytes function of the pkg/packet/bgp/bgp.go file, which is part of the AIGP Attribute Parser component. An attacker can remotely trigger this vulnerability by sending a crafted BGP message containing a malicious AIGP attribute. Successful exploitation could lead to arbitrary code execution on the affected system. GoBGP is an open source BGP implementation. Organizations using GoBGP for routing purposes should upgrade to version 4.4.0 or apply the provided patch (51ad1ada06cb41ce47b7066799981816f50b7ced) to mitigate this risk.

Attack Chain

1. Attacker identifies a GoBGP instance running a vulnerable version (<= 4.3.0).
2. Attacker crafts a malicious BGP update message containing a specially crafted AIGP attribute.
3. The crafted AIGP attribute is designed to trigger a buffer overflow in the PathAttributeAigp.DecodeFromBytes function.
4. The attacker sends the malicious BGP update message to the vulnerable GoBGP instance over TCP port 179.
5. The GoBGP instance receives the message and attempts to parse the AIGP attribute using the vulnerable function.
6. The PathAttributeAigp.DecodeFromBytes function fails to properly validate the size of the input data, leading to a buffer overflow.
7. The buffer overflow overwrites adjacent memory regions, potentially including critical program data or executable code.
8. The attacker leverages the memory corruption to execute arbitrary code on the GoBGP instance, gaining control of the system.

Impact

Successful exploitation of this vulnerability allows a remote attacker to execute arbitrary code on the affected GoBGP instance. This can lead to a complete compromise of the routing infrastructure, allowing the attacker to intercept, modify, or disrupt network traffic. In service provider environments, this could affect a large number of customers and cause significant network outages. Given the CVSS v3.1 score of 7.3, this is considered a high-severity vulnerability.

Recommendation

• Upgrade to GoBGP version 4.4.0 to remediate the vulnerability as mentioned in the overview.
• Apply the patch 51ad1ada06cb41ce47b7066799981816f50b7ced to the affected component to mitigate the vulnerability if upgrading is not immediately possible.
• Monitor network traffic for BGP update messages with unusually large or malformed AIGP attributes, using a network intrusion detection system.
• Deploy the Sigma rule detecting connections to port 179 from unusual sources to identify potentially malicious hosts attempting to exploit the vulnerability.
• Review and harden BGP configuration to limit accepted peer connections to trusted sources only.