Search This Blog

Thursday, September 20, 2007

[NEWS] Quagga bgpd DoS Vulnerability

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html


- - - - - - - - -

Quagga bgpd DoS Vulnerability
------------------------------------------------------------------------


SUMMARY

<http://www.quagga.net/> Quagga is "a routing software suite. Quagga bgpd
implements the BGP routing protocol". There are two vulnerabilities in the
Quagga prodcut. In both vulnerabilies, the attacker must be a configured
peer.

DETAILS

Vulnerable Systems:
* Quagga version 0.99.8

Immune Systems:
* Quagga version 0.99.9

Two issues have been discovered in Quagga:
* A BGP OPEN message with an invalid message length and a valid option
parameters length (or vice versa) from a configured peer can cause a
assertion failure in the stream library.

* An empty or malformed COMMUNITIES attribute in an UPDATE from a
configured peer can cause a NULL pointer dereference when the attribute is
printed if "debug bgp updates" is enabled.

Vendor Response / Solution:
Update to 0.99.9, available from <http://www.quagga.net/>

http://www.quagga.net/

History:
August 29, 2007 - First contact with vendor
August 30, 2007 - Vendor acknowledges vulnerability
August 31, 2007 - Second issue reported
September 1, 2007 - Vendor acknowledges second vulnerability
September 7, 2007 - Vendor releases 0.99.9
September 12, 2007 - Advisory released


ADDITIONAL INFORMATION

The information has been provided by MuSecurity.
The original article can be found at:
<http://labs.musecurity.com/wp-content/uploads/2007/09/mu-200709-01.txt>

http://labs.musecurity.com/wp-content/uploads/2007/09/mu-200709-01.txt

========================================


This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com


====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)