Spectre/Meltdown impact on network devices

• Subject: Spectre/Meltdown impact on network devices
• From: saku at ytti.fi (Saku Ytti)
• Date: Mon, 8 Jan 2018 13:30:44 +0200
• In-reply-to: <[email protected]>
• References: <[email protected]> <[email protected]>

On 8 January 2018 at 12:41, Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:

> the best solution, for the attacker, is probably to exploit a bug in
> the BGP parser (as we have seen with attribute 99, BGP parsers have
> bugs): with a buffer overflow, you may be able to run code you
> choose. Purely theoretical at this stage, I didn't try.

BGP runs as a privileged user, if you're already executing code as
BGP, why do you need Spectre or Meltdown? Just read the memory you're
interested in, or setup port mirror, or reroute traffic.

-- 
  ++ytti

• References:
  • Spectre/Meltdown impact on network devices
    • From: jean at ddostest.me (Jean | ddostest.me)
  • Spectre/Meltdown impact on network devices
    • From: bortzmeyer at nic.fr (Stephane Bortzmeyer)

• Prev by Date: Spectre/Meltdown impact on network devices
• Next by Date: DSL Operators Mailing List?
• Previous by thread: Spectre/Meltdown impact on network devices
• Next by thread: Spectre/Meltdown impact on network devices
• Index(es):
  • Date
  • Thread