[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Spectre/Meltdown impact on network devices
- Subject: Spectre/Meltdown impact on network devices
- From: bortzmeyer at nic.fr (Stephane Bortzmeyer)
- Date: Mon, 8 Jan 2018 11:41:04 +0100
- In-reply-to: <[email protected]>
- References: <[email protected]>
On Sun, Jan 07, 2018 at 02:02:24PM -0500,
Jean | ddostest.me via NANOG <nanog at nanog.org> wrote
a message of 21 lines which said:
> I'm curious to hear the impact on network devices of this new hardware
> flaws that everybody talk about. Yes, the Meltdown/Spectre flaws.
> I understand that one need access but still it could be possible for one
> to social engineer a NOC user, hijack the account with limited access
> and maybe run the "exploit".
but, of course, the typical router does not have a Web browser. So,
the best solution, for the attacker, is probably to exploit a bug in
the BGP parser (as we have seen with attribute 99, BGP parsers have
bugs): with a buffer overflow, you may be able to run code you
choose. Purely theoretical at this stage, I didn't try.