oss-sec mailing list archives
Re: CVE request (sort of): Quagga BGP crasher
From: "Steven M. Christey" <coley () linus mitre org>
Date: Wed, 6 May 2009 12:10:51 -0400 (EDT)
====================================================== Name: CVE-2009-1572 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1572 Reference: MLIST:[oss-security] 20090501 CVE request (sort of): Quagga BGP crasher Reference: URL:http://www.openwall.com/lists/oss-security/2009/05/01/1 Reference: MLIST:[oss-security] 20090501 Re: CVE request (sort of): Quagga BGP crasher Reference: URL:http://www.openwall.com/lists/oss-security/2009/05/01/2 Reference: MLIST:[quagga-dev] 20090203 [quagga-dev 6391] [PATCH] BGP 4-byte ASN bug fixes Reference: URL:http://marc.info/?l=quagga-dev&m=123364779626078&w=2 Reference: MISC:http://thread.gmane.org/gmane.network.quagga.devel/6513 Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526311 Reference: DEBIAN:DSA-1788 Reference: URL:http://www.debian.org/security/2009/dsa-1788 Reference: BID:34817 Reference: URL:http://www.securityfocus.com/bid/34817 Reference: OSVDB:54200 Reference: URL:http://www.osvdb.org/54200 Reference: SECUNIA:34999 Reference: URL:http://secunia.com/advisories/34999 Reference: XF:quagga-systemnumber-dos(50317) Reference: URL:http://xforce.iss.net/xforce/xfdb/50317 The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote attackers to cause a denial of service (crash) via an AS path containing ASN elements whose string representation is longer than expected, which triggers an assert error.
Current thread:
- CVE request (sort of): Quagga BGP crasher Florian Weimer (May 01)
- Re: CVE request (sort of): Quagga BGP crasher Jon Oberheide (May 01)
- Re: CVE request (sort of): Quagga BGP crasher Florian Weimer (May 01)
- Re: CVE request (sort of): Quagga BGP crasher Florian Weimer (May 04)
- Re: CVE request (sort of): Quagga BGP crasher Florian Weimer (May 01)
- Re: CVE request (sort of): Quagga BGP crasher Steven M. Christey (May 06)
- Re: CVE request (sort of): Quagga BGP crasher Jon Oberheide (May 01)