oss-sec mailing list archives

Re: CVE request (sort of): Quagga BGP crasher

From: "Steven M. Christey" <coley () linus mitre org>
Date: Wed, 6 May 2009 12:10:51 -0400 (EDT)


======================================================
Name: CVE-2009-1572
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1572
Reference: MLIST:[oss-security] 20090501 CVE request (sort of): Quagga BGP crasher
Reference: URL:http://www.openwall.com/lists/oss-security/2009/05/01/1
Reference: MLIST:[oss-security] 20090501 Re: CVE request (sort of): Quagga BGP crasher
Reference: URL:http://www.openwall.com/lists/oss-security/2009/05/01/2
Reference: MLIST:[quagga-dev] 20090203 [quagga-dev 6391]  [PATCH] BGP 4-byte ASN bug fixes
Reference: URL:http://marc.info/?l=quagga-dev&m=123364779626078&w=2
Reference: MISC:http://thread.gmane.org/gmane.network.quagga.devel/6513
Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526311
Reference: DEBIAN:DSA-1788
Reference: URL:http://www.debian.org/security/2009/dsa-1788
Reference: BID:34817
Reference: URL:http://www.securityfocus.com/bid/34817
Reference: OSVDB:54200
Reference: URL:http://www.osvdb.org/54200
Reference: SECUNIA:34999
Reference: URL:http://secunia.com/advisories/34999
Reference: XF:quagga-systemnumber-dos(50317)
Reference: URL:http://xforce.iss.net/xforce/xfdb/50317

The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote
attackers to cause a denial of service (crash) via an AS path
containing ASN elements whose string representation is longer than
expected, which triggers an assert error.

Current thread:

CVE request (sort of): Quagga BGP crasher Florian Weimer (May 01)
- Re: CVE request (sort of): Quagga BGP crasher Jon Oberheide (May 01)
  - Re: CVE request (sort of): Quagga BGP crasher Florian Weimer (May 01)
    - Re: CVE request (sort of): Quagga BGP crasher Florian Weimer (May 04)
- Re: CVE request (sort of): Quagga BGP crasher Steven M. Christey (May 06)