[NEWS] Quagga bgpd DoS Vulnerability
- From: SecuriTeam <support@xxxxxxxxxxxxxx>
- Date: 20 Sep 2007 14:45:39 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Quagga bgpd DoS Vulnerability
------------------------------------------------------------------------
SUMMARY
<http://www.quagga.net/> Quagga is "a routing software suite. Quagga bgpd
implements the BGP routing protocol". There are two vulnerabilities in the
Quagga prodcut. In both vulnerabilies, the attacker must be a configured
peer.
DETAILS
Vulnerable Systems:
* Quagga version 0.99.8
Immune Systems:
* Quagga version 0.99.9
Two issues have been discovered in Quagga:
* A BGP OPEN message with an invalid message length and a valid option
parameters length (or vice versa) from a configured peer can cause a
assertion failure in the stream library.
* An empty or malformed COMMUNITIES attribute in an UPDATE from a
configured peer can cause a NULL pointer dereference when the attribute is
printed if "debug bgp updates" is enabled.
Vendor Response / Solution:
Update to 0.99.9, available from <http://www.quagga.net/>
http://www.quagga.net/
History:
August 29, 2007 - First contact with vendor
August 30, 2007 - Vendor acknowledges vulnerability
August 31, 2007 - Second issue reported
September 1, 2007 - Vendor acknowledges second vulnerability
September 7, 2007 - Vendor releases 0.99.9
September 12, 2007 - Advisory released
ADDITIONAL INFORMATION
The information has been provided by MuSecurity.
The original article can be found at:
<http://labs.musecurity.com/wp-content/uploads/2007/09/mu-200709-01.txt>
http://labs.musecurity.com/wp-content/uploads/2007/09/mu-200709-01.txt
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Prev by Date: [NT] RemoteDocs R-Viewer Code Execution and Sensitive Information Disclosure
- Next by Date: [NT] CA ARCServe Backup for Laptops and Desktops Multiple Buffer Overflow Vulnerabilities
- Previous by thread: [NT] RemoteDocs R-Viewer Code Execution and Sensitive Information Disclosure
- Next by thread: [NT] CA ARCServe Backup for Laptops and Desktops Multiple Buffer Overflow Vulnerabilities
- Index(es):
Relevant Pages
|
|
