VuXML ID | Description |
70c44cd0-e717-11e5-85be-14dae9d210b8 | quagga -- stack based buffer overflow vulnerability
Donald Sharp reports:
A malicious BGP peer may execute arbitrary code in
particularly configured remote bgpd hosts.
Discovery 2016-01-27 Entry 2016-03-10 quagga
< 1.0.20160309
https://www.kb.cert.org/vuls/id/270232
http://savannah.nongnu.org/forum/forum.php?forum_id=8476
CVE-2016-2342
|
1e14d46f-af1f-11e1-b242-00215af774f0 | quagga -- BGP OPEN denial of service vulnerability
CERT reports:
If a pre-configured BGP peer sends a specially-crafted OPEN
message with a malformed ORF capability TLV, Quagga bgpd process
will erroneously try to consume extra bytes from the input packet
buffer. The process will detect a buffer overrun attempt before
it happens and immediately terminate with an error message. All
BGP sessions established by the attacked router will be closed
and its BGP routing disrupted.
Discovery 2012-06-04 Entry 2012-06-05 quagga
le 0.99.20.1
quagga-re
< 0.99.17.10
CVE-2012-1820
http://www.kb.cert.org/vuls/id/962587
|
b2a40507-5c88-11e0-9e85-00215af774f0 | quagga -- two DoS vulnerabilities
Quagga developers report:
Quagga 0.99.18 has been released.
This release fixes 2 denial of services in bgpd, which can be
remotely triggered by malformed AS-Pathlimit or Extended-Community
attributes. These issues have been assigned CVE-2010-1674 and
CVE-2010-1675. Support for AS-Pathlimit has been removed with this
release.
Discovery 2010-04-30 Entry 2011-04-01 quagga
< 0.99.17_6
CVE-2010-1674
CVE-2010-1675
http://www.quagga.net/news2.php?y=2011&m=3&d=21#id1300723200
|
e15a22ce-f16f-446b-9ca7-6859350c2e75 | quagga -- several security issues
Quagga reports:
The Quagga BGP daemon, bgpd, does not properly bounds
check the data sent with a NOTIFY to a peer, if an attribute
length is invalid. Arbitrary data from the bgpd process
may be sent over the network to a peer and/or it may crash.
The Quagga BGP daemon, bgpd, can double-free memory
when processing certain forms of UPDATE message, containing
cluster-list and/or unknown attributes.
The Quagga BGP daemon, bgpd, can overrun internal BGP
code-to-string conversion tables used for debug by 1
pointer value, based on input.
The Quagga BGP daemon, bgpd, can enter an infinite
loop if sent an invalid OPEN message by a configured peer.
Discovery 2018-01-31 Entry 2018-02-15 quagga
< 1.2.3
https://www.quagga.net/security/Quagga-2018-0543.txt
https://www.quagga.net/security/Quagga-2018-1114.txt
https://www.quagga.net/security/Quagga-2018-1550.txt
https://www.quagga.net/security/Quagga-2018-1975.txt
CVE-2018-5378
CVE-2018-5379
CVE-2018-5380
CVE-2018-5381
|
167953a4-b01c-11df-9a98-0015587e2cc1 | quagga -- stack overflow and DoS vulnerabilities
The Red Hat security team reported two vulnerabilities:
A stack buffer overflow flaw was found in the way Quagga's bgpd
daemon processed Route-Refresh messages. A configured
Border Gateway Protocol (BGP) peer could send a
Route-Refresh message with specially-crafted Outbound
Route Filtering (ORF) record, which would cause the
master BGP daemon (bgpd) to crash or, possibly, execute
arbitrary code with the privileges of the user running
bgpd.
A NULL pointer dereference flaw was found in the way
Quagga's bgpd daemon parsed paths of autonomous systems
(AS). A configured BGP peer could send a BGP update AS
path request with unknown AS type, which could lead to
denial of service (bgpd daemon crash).
Discovery 2010-08-24 Entry 2010-08-25 quagga
< 0.99.17
http://www.openwall.com/lists/oss-security/2010/08/24/3
http://www.quagga.net/news2.php?y=2010&m=8&d=19#id1282241100
|
ab9be2c8-ef91-11e0-ad5a-00215c6a37bb | quagga -- multiple vulnerabilities
CERT-FI reports:
Five vulnerabilities have been found in the BGP, OSPF, and
OSPFv3 components of Quagga. The vulnerabilities allow an
attacker to cause a denial of service or potentially to
execute his own code by sending a specially modified packets
to an affected server. Routing messages are typically accepted
from the routing peers. Exploiting these vulnerabilities may
require an established routing session (BGP peering or
OSPF/OSPFv3 adjacency) to the router.
The vulnerability CVE-2011-3327
is related to the extended communities handling in BGP
messages. Receiving a malformed BGP update can result
in a buffer overflow and disruption of IPv4 routing.
The vulnerability CVE-2011-3326
results from the handling of LSA (Link State Advertisement)
states in the OSPF service. Receiving a modified Link State
Update message with malicious state information can result in
denial of service in IPv4 routing.
The vulnerability CVE-2011-3325
is a denial of service vulnerability related to Hello message
handling by the OSPF service. As Hello messages are used to
initiate adjacencies, exploiting the vulnerability may be
feasible from the same broadcast domain without an established
adjacency. A malformed packet may result in denial of service
in IPv4 routing.
The vulnerabilities CVE-2011-3324
and CVE-2011-3323
are related to the IPv6 routing protocol (OSPFv3) implemented
in ospf6d daemon. Receiving modified Database Description and
Link State Update messages, respectively, can result in denial
of service in IPv6 routing.
Discovery 2011-09-26 Entry 2011-10-05 quagga
< 0.99.19
CVE-2011-3323
CVE-2011-3324
CVE-2011-3325
CVE-2011-3326
CVE-2011-3327
|
2748fdde-3a3c-11de-bbc5-00e0815b8da8 | quagga -- Denial of Service
Debian Security Team reports:
It was discovered that Quagga, an IP routing daemon, could
no longer process the Internet routing table due to broken
handling of multiple 4-byte AS numbers in an AS path. If such
a prefix is received, the BGP daemon crashes with an assert
failure leading to a denial of service.
Discovery 2009-05-04 Entry 2009-05-06 Modified 2009-05-07 quagga
< 0.99.11_3
34656
http://lists.quagga.net/pipermail/quagga-dev/2009-April/006541.html
CVE-2009-1572
|
42a2c82a-75b9-11e1-89b4-001ec9578670 | quagga -- multiple vulnerabilities
CERT reports:
The ospfd implementation of OSPF in Quagga allows a remote
attacker (on a local network segment with OSPF enabled) to cause
a denial of service (daemon aborts due to an assert) with a
malformed OSPF LS-Update message.
The ospfd implementation of OSPF in Quagga allows a remote
attacker (on a local network segment with OSPF enabled) to cause
a denial of service (daemon crash) with a malformed OSPF Network-
LSA message.
The bgpd implementation of BGP in Quagga allows remote attackers
to cause a denial of service (daemon aborts due to an assert) via
BGP Open message with an invalid AS4 capability.
Discovery 2012-03-23 Entry 2012-03-24 Modified 2012-03-26 quagga
< 0.99.20.1
quagga-re
< 0.99.17.8
CVE-2012-0249
CVE-2012-0250
CVE-2012-0255
http://www.kb.cert.org/vuls/id/551715
|