Lucene search

Gentoo FoundationGLSA-200705-05

HistoryMay 02, 2007 - 12:00 a.m.

Quagga: Denial of service

2007-05-0200:00:00

Gentoo Foundation

security.gentoo.org

6.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:N/I:N/A:C

0.025 Low

EPSS

Percentile

90.2%

JSON

Background

Quagga is a free routing daemon, supporting RIP, OSPF and BGP protocols.

Description

The Quagga development team reported a vulnerability in the BGP routing deamon when processing NLRI attributes inside UPDATE messages.

Impact

A malicious peer inside a BGP area could send a specially crafted packet to a Quagga instance, possibly resulting in a crash of the Quagga daemon.

Workaround

There is no known workaround at this time.

Resolution

All Quagga users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=net-misc/quagga-0.98.6-r2"

OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-misc/quagga< 0.98.6-r2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Gentoo	any	all	net-misc/quagga	< 0.98.6-r2	UNKNOWN

6.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:N/I:N/A:C

0.025 Low

EPSS

Percentile

90.2%

JSON

Related for GLSA-200705-05