Spectre/Meltdown impact on network devices
bortzmeyer at nic.fr
Mon Jan 8 10:41:04 UTC 2018
On Sun, Jan 07, 2018 at 02:02:24PM -0500,
Jean | ddostest.me via NANOG <nanog at nanog.org> wrote
a message of 21 lines which said:
> I'm curious to hear the impact on network devices of this new hardware
> flaws that everybody talk about. Yes, the Meltdown/Spectre flaws.
> I understand that one need access but still it could be possible for one
> to social engineer a NOC user, hijack the account with limited access
> and maybe run the "exploit".
but, of course, the typical router does not have a Web browser. So,
the best solution, for the attacker, is probably to exploit a bug in
the BGP parser (as we have seen with attribute 99, BGP parsers have
bugs): with a buffer overflow, you may be able to run code you
choose. Purely theoretical at this stage, I didn't try.
More information about the NANOG