Quagga BGPD UPDATE Message Remote Denial Of Service Vulnerability
BID:23417
Info
Quagga BGPD UPDATE Message Remote Denial Of Service Vulnerability
| Bugtraq ID: | 23417 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2007-1995 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 11 2007 12:00AM |
| Updated: | Apr 23 2008 04:27PM |
| Credit: | This issue was disclosed by Paul Jakma. |
| Vulnerable: |
Ubuntu Ubuntu Linux 7.04 sparc Ubuntu Ubuntu Linux 7.04 powerpc Ubuntu Ubuntu Linux 7.04 i386 Ubuntu Ubuntu Linux 7.04 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linux 6.10 i386 Ubuntu Ubuntu Linux 6.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 Trustix Secure Linux 3.0.5 Trustix Secure Linux 3.0 SuSE SUSE Linux Enterprise Server 9 SP3 SuSE SUSE Linux Enterprise Server 10 SuSE SUSE Linux Enterprise SDK 9 SuSE SUSE Linux Enterprise SDK 10 SuSE SUSE Linux Enterprise SDK 10 SuSE SUSE Linux Enterprise Desktop 10 SuSE Linux Professional 10.2 x86_64 SuSE Linux Personal 10.2 x86_64 Sun Solaris 10_x86 Sun Solaris 10 SGI ProPack 3.0 SP6 S.u.S.E. UnitedLinux 1.0 S.u.S.E. SuSE Linux Standard Server 8.0 S.u.S.E. SuSE Linux School Server for i386 S.u.S.E. SUSE LINUX Retail Solution 8.0 S.u.S.E. SuSE Linux Openexchange Server 4.0 S.u.S.E. SuSE Linux Open-Xchange 4.1 S.u.S.E. SUSE CORE 9 for x86 S.u.S.E. openSUSE 10.2 S.u.S.E. Open-Enterprise-Server 9.0 S.u.S.E. Open-Enterprise-Server 1 S.u.S.E. Open-Enterprise-Server 0 S.u.S.E. Office Server S.u.S.E. Novell Linux POS 9 S.u.S.E. Novell Linux Desktop 9.0 S.u.S.E. Novell Linux Desktop 1.0 S.u.S.E. Novell Linux Desktop 9 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 10.0 S.u.S.E. Linux Professional 9.3 x86_64 S.u.S.E. Linux Professional 9.3 S.u.S.E. Linux Professional 10.2 S.u.S.E. Linux Professional 10.1 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 9.3 x86_64 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 10.2 S.u.S.E. Linux Personal 10.1 S.u.S.E. Linux Openexchange Server S.u.S.E. Linux Office Server S.u.S.E. Linux Enterprise Server 9-SP3 S.u.S.E. Linux Enterprise Server 9 S.u.S.E. Linux Enterprise Server 10 S.u.S.E. Linux Desktop 1.0 S.u.S.E. Linux Desktop 10 S.u.S.E. Linux Database Server 0 S.u.S.E. Linux Connectivity Server S.u.S.E. Linux 10.1 x86-64 S.u.S.E. Linux 10.1 x86 S.u.S.E. Linux 10.1 ppc S.u.S.E. Linux 10.0 x86-64 S.u.S.E. Linux 10.0 x86 S.u.S.E. Linux 10.0 ppc RedHat Enterprise Linux WS 4 RedHat Enterprise Linux ES 4 RedHat Enterprise Linux ES 3 RedHat Enterprise Linux Desktop Workstation 5 client RedHat Enterprise Linux Desktop version 4 Red Hat Enterprise Linux Desktop 5 client Red Hat Enterprise Linux AS 4 Red Hat Enterprise Linux AS 3 Red Hat Enterprise Linux 5 Server Quagga Quagga Routing Software Suite 0.99.6 Quagga Quagga Routing Software Suite 0.99.4 Quagga Quagga Routing Software Suite 0.99.3 Quagga Quagga Routing Software Suite 0.99.2 Quagga Quagga Routing Software Suite 0.99.1 Quagga Quagga Routing Software Suite 0.98.6 Quagga Quagga Routing Software Suite 0.98.5 Quagga Quagga Routing Software Suite 0.98.3 Quagga Quagga Routing Software Suite 0.98.3 OpenPKG OpenPKG E1.0-Solid OpenPKG OpenPKG Current MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 4.0 Gentoo Linux Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 Avaya Interactive Response 2.0 |
| Not Vulnerable: | |
Discussion
Quagga BGPD UPDATE Message Remote Denial Of Service Vulnerability
Quagga is prone to a remote denial-of-service vulnerability because it fails to handle a malformed multi-protocol message.
A remote attacker can exploit this issue by submitting a maliciously crafted message to the application.
Successful exploits will cause the Quagga 'bgpd' daemon to abort, denying further service to legitimate users.
Quagga 0.99.6 and prior versions (0.99 branch) as well as 0.98.6 and prior versions (0.98 branch) are vulnerable.
Quagga is prone to a remote denial-of-service vulnerability because it fails to handle a malformed multi-protocol message.
A remote attacker can exploit this issue by submitting a maliciously crafted message to the application.
Successful exploits will cause the Quagga 'bgpd' daemon to abort, denying further service to legitimate users.
Quagga 0.99.6 and prior versions (0.99 branch) as well as 0.98.6 and prior versions (0.98 branch) are vulnerable.
Exploit / POC
Quagga BGPD UPDATE Message Remote Denial Of Service Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Quagga BGPD UPDATE Message Remote Denial Of Service Vulnerability
Solution:
The vendor has released fixes. Please see the references for more information.
Quagga Quagga Routing Software Suite 0.98.6
Quagga Quagga Routing Software Suite 0.99.1
Quagga Quagga Routing Software Suite 0.99.3
Quagga Quagga Routing Software Suite 0.99.4
Quagga Quagga Routing Software Suite 0.99.6
Solution:
The vendor has released fixes. Please see the references for more information.
Quagga Quagga Routing Software Suite 0.98.6
-
Quagga bgp_attr.c (0.98 Branch)
http://bugzilla.quagga.net/attachment.cgi?id=145&action=view
Quagga Quagga Routing Software Suite 0.99.1
-
Quagga bgp_attr.c (0.99 Branch)
http://bugzilla.quagga.net/attachment.cgi?id=144&action=view
Quagga Quagga Routing Software Suite 0.99.3
-
Quagga bgp_attr.c (0.99 Branch)
http://bugzilla.quagga.net/attachment.cgi?id=144&action=view
Quagga Quagga Routing Software Suite 0.99.4
-
Ubuntu quagga-doc_0.99.4-4ubuntu1.1_all.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.4 -4ubuntu1.1_all.deb -
Ubuntu quagga_0.99.4-4ubuntu1.1_amd64.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4-4ub untu1.1_amd64.deb -
Ubuntu quagga_0.99.4-4ubuntu1.1_i386.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4-4ub untu1.1_i386.deb -
Ubuntu quagga_0.99.4-4ubuntu1.1_powerpc.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4-4ub untu1.1_powerpc.deb -
Ubuntu quagga_0.99.4-4ubuntu1.1_sparc.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4-4ub untu1.1_sparc.deb
Quagga Quagga Routing Software Suite 0.99.6
-
Quagga bgp_attr.c (0.99 Branch)
http://bugzilla.quagga.net/attachment.cgi?id=144&action=view -
Ubuntu quagga-doc_0.99.6-2ubuntu3.1_all.deb
Ubuntu 7.04:
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.6 -2ubuntu3.1_all.deb -
Ubuntu quagga_0.99.6-2ubuntu3.1_amd64.deb
Ubuntu 7.04:
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6-2ub untu3.1_amd64.deb -
Ubuntu quagga_0.99.6-2ubuntu3.1_i386.deb
Ubuntu 7.04:
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6-2ub untu3.1_i386.deb -
Ubuntu quagga_0.99.6-2ubuntu3.1_powerpc.deb
Ubuntu 7.04:
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6-2ub untu3.1_powerpc.deb -
Ubuntu quagga_0.99.6-2ubuntu3.1_sparc.deb
Ubuntu 7.04:
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6-2ub untu3.1_sparc.deb
References
Quagga BGPD UPDATE Message Remote Denial Of Service Vulnerability
References:
References: