Quagga Denial Of Service Vulnerability Network Vulnerability

Summary

This host is installed with Quagga for Linux and is prone to Denial of Service Vulnerability.

Impact

Successful exploitation will let the attacker crash the daemon by advertising specially crafted AS paths and cause denial of service. Impact level: Application

Solution

Apply the security update with the patch 0.99.10-1lenny2 for stable versions. Apply the security update with the patch 0.99.11-2 for unstable versions. http://www.debian.org/security/2009/dsa-1788 ***** NOTE: Please ignore the warning if patch has been already applied. *****

Insight

This flaw is due to an assertion error in the BGP daemon while handling an AS path containing multiple 4 byte AS numbers.

Affected

Quagga version 0.99.11 and prior

References

http://osvdb.org/54200
http://secunia.com/advisories/34999
http://www.openwall.com/lists/oss-security/2009/05/01/2

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-1572
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Apache Subversion 'mod_dav_svn' log REPORT Request DoS Vulnerability
Adobe Reader 'AcroPDF.DLL' Denial of Service Vulnerability (Windows)
Eggdrop 'ctcpbuf' Remote Denial Of Service Vulnerability
ClamAV Invalid Memory Access Denial Of Service Vulnerability
Apache Traffic Server HTTP Host Header Denial of Service Vulnerability

Quagga Denial of Service Vulnerability

Take action and discover your vulnerabilities