what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2007-1995

Status Candidate

Overview

bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read.

Related Files

OpenPKG Security Advisory 2007.15
Posted May 21, 2007
Authored by OpenPKG Foundation | Site openpkg.com

OpenPKG Security Advisory - A Denial of Service (DoS) vulnerability exists in the routing daemon Quagga, versions up to and including 0.99.6. The Quagga bgpd(8) daemon is vulnerable as configured peers may cause it to abort because of an assertion which can be triggered by peers by sending an "UPDATE" message with a specially crafted, malformed Multi-Protocol reachable/unreachable "NLRI" attribute.

tags | advisory, denial of service, protocol
advisories | CVE-2007-1995
SHA-256 | 12492b05bc1c9dd6d3ab14537255e48285c3a6cb1a68486580a7e74f2e78c677
Ubuntu Security Notice 461-1
Posted May 21, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 461-1 - It was discovered that Quagga did not correctly verify length information sent from configured peers. Remote malicious peers could send a specially crafted UPDATE message which would cause bgpd to abort, leading to a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2007-1995
SHA-256 | 3adbef0532f09c1add5f433acda4c39a1efb76b001e83facf47faa01db9d6cd7
Debian Linux Security Advisory 1293-1
Posted May 21, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1293-1 - Paul Jakma discovered that specially crafted UPDATE messages can trigger an out of boundary read that can result in a system crash of quagga, the BGP/OSPF/RIP routing daemon.

tags | advisory
systems | linux, debian
advisories | CVE-2007-1995
SHA-256 | f545db7c8c023ce454ac8c27fd742fc31df9a41e6f3a8c10e8ade58ebc3d0472
Mandriva Linux Security Advisory 2007.096
Posted May 3, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - The BGP routing daemon in Quagga did not properly validate length values in NLRI attributes which could allow a remote attacker to cause a denial of service via a crafted UPDATE message that triggered an assertion error or out of bounds read.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2007-1995
SHA-256 | 751730867882a5c9d6a763a58a6b0a8973c8c346b2b6fea2b84b9e097baff778
Gentoo Linux Security Advisory 200705-5
Posted May 3, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200705-05 - The Quagga development team reported a vulnerability in the BGP routing daemon when processing NLRI attributes inside UPDATE messages. Versions less than 0.98.6-r2 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2007-1995
SHA-256 | 6a607378c17401310a4268154ac4c1cd8b508e5d326576bb411a8c6602ac212b
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close