Lucene search

K
archlinuxArchLinuxASA-201712-7
HistoryDec 13, 2017 - 12:00 a.m.

[ASA-201712-7] quagga: denial of service

2017-12-1300:00:00
security.archlinux.org
19

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.011

Percentile

84.7%

Arch Linux Security Advisory ASA-201712-7

Severity: Medium
Date : 2017-12-13
CVE-ID : CVE-2017-16227
Package : quagga
Type : denial of service
Remote : Yes
Link : https://security.archlinux.org/AVG-481

Summary

The package quagga before version 1.2.2-1 is vulnerable to denial of
service.

Resolution

Upgrade to 1.2.2-1.

pacman -Syu “quagga>=1.2.2-1”

The problem has been fixed upstream in version 1.2.2.

Workaround

None.

Description

A denial of service flaw was found in the way the bgpd daemon in quagga
before 1.2.2 handled the processing of large BGP update messages. A
remote, previously trusted attacker could potentially use this flaw to
cause bgpd to terminate existing BGP sessions, thereby leading to
denial of service.

Impact

A remote previously trusted attacker is able to crash quagga with a
maliciously crafted message.

References

https://bugs.archlinux.org/task/56250
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879474
https://lists.quagga.net/pipermail/quagga-dev/2017-September/033284.html
https://git.savannah.gnu.org/cgit/quagga.git/commit/?id=7a42b78be9a4108d98833069a88e6fddb9285008
https://security.archlinux.org/CVE-2017-16227

OSVersionArchitecturePackageVersionFilename
ArchLinuxanyanyquagga< 1.2.2-1UNKNOWN

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.011

Percentile

84.7%