{"id": "DEBIAN_DSA-1293.NASL", "bulletinFamily": "scanner", "title": "Debian DSA-1293-1 : quagga - out of boundary read", "description": "Paul Jakma discovered that specially crafted UPDATE messages can\ntrigger an out of boundary read that can result in a system crash of\nquagga, the BGP/OSPF/RIP routing daemon.", "published": "2007-05-20T00:00:00", "modified": "2007-05-20T00:00:00", "cvss": {"score": 6.3, "vector": "AV:N/AC:M/Au:S/C:N/I:N/A:C"}, "href": "https://www.tenable.com/plugins/nessus/25258", "reporter": "This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.debian.org/security/2007/dsa-1293", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=418323"], "cvelist": ["CVE-2007-1995"], "type": "nessus", "lastseen": "2021-01-06T09:44:47", "edition": 27, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-1995"]}, {"type": "openvas", "idList": ["OPENVAS:840001", "OPENVAS:861488", "OPENVAS:58342", "OPENVAS:861433", "OPENVAS:1361412562310122702", "OPENVAS:58255", "OPENVAS:861045", "OPENVAS:136141256231065029", "OPENVAS:65029"]}, {"type": "redhat", "idList": ["RHSA-2007:0389"]}, {"type": "ubuntu", "idList": ["USN-461-1"]}, {"type": "osvdb", "idList": ["OSVDB:34812"]}, {"type": "centos", "idList": ["CESA-2007:0389"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:7590"]}, {"type": "gentoo", "idList": ["GLSA-200705-05"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1293-1:CF3D9"]}, {"type": "oraclelinux", "idList": ["ELSA-2007-0389"]}, {"type": "fedora", "idList": ["FEDORA:L8IJLSDN009715", "FEDORA:L56HR2QW011221", "FEDORA:L63GOL5B025086"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2007-0389.NASL", "FEDORA_2007-0838.NASL", "UBUNTU_USN-461-1.NASL", "SUSE_QUAGGA-3233.NASL", "SUSE_QUAGGA-3230.NASL", "QUAGGA_0_99_7.NASL", "REDHAT-RHSA-2007-0389.NASL", "GENTOO_GLSA-200705-05.NASL", "SL_20070530_QUAGGA_ON_SL5_X__SL4_X__SL3_X.NASL", "ORACLELINUX_ELSA-2007-0389.NASL"]}], "modified": "2021-01-06T09:44:47", "rev": 2}, "score": {"value": 5.9, "vector": "NONE", "modified": "2021-01-06T09:44:47", "rev": 2}, "vulnersScore": 5.9}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1293. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(25258);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-1995\");\n script_bugtraq_id(23417);\n script_xref(name:\"DSA\", value:\"1293\");\n\n script_name(english:\"Debian DSA-1293-1 : quagga - out of boundary read\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Paul Jakma discovered that specially crafted UPDATE messages can\ntrigger an out of boundary read that can result in a system crash of\nquagga, the BGP/OSPF/RIP routing daemon.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=418323\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2007/dsa-1293\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the quagga package.\n\nFor the old stable distribution (sarge) this problem has been fixed in\nversion 0.98.3-7.4.\n\nFor the stable distribution (etch) this problem has been fixed in\nversion 0.99.5-5etch2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:quagga\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/05/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"quagga\", reference:\"0.98.3-7.4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"quagga-doc\", reference:\"0.98.3-7.4\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"quagga\", reference:\"0.99.5-5etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"quagga-doc\", reference:\"0.99.5-5etch2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "pluginID": "25258", "cpe": ["p-cpe:/a:debian:debian_linux:quagga", "cpe:/o:debian:debian_linux:4.0", "cpe:/o:debian:debian_linux:3.1"], "scheme": null}

{"cve": [{"lastseen": "2020-12-09T19:26:05", "description": "bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read.", "edition": 5, "cvss3": {}, "published": "2007-04-12T10:19:00", "title": "CVE-2007-1995", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 6.3, "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-1995"], "modified": "2017-10-11T01:32:00", "cpe": ["cpe:/a:quagga:quagga:0.97.1", "cpe:/a:quagga:quagga:0.96.2", "cpe:/a:quagga:quagga:0.98.3", "cpe:/a:quagga:quagga:0.97.2", "cpe:/a:quagga:quagga:0.96", "cpe:/a:quagga:quagga:0.97.3", "cpe:/a:quagga:quagga:0.98.2", "cpe:/a:quagga:quagga:0.98.6", "cpe:/a:quagga:quagga:0.96.1", "cpe:/a:quagga:quagga:0.98.4", "cpe:/a:quagga:quagga:0.97.5", "cpe:/a:quagga:quagga:0.98.5", "cpe:/a:quagga:quagga:0.96.4", "cpe:/a:quagga:quagga:0.98.0", "cpe:/a:quagga:quagga:0.98.1", "cpe:/a:quagga:quagga:0.97.4", "cpe:/a:quagga:quagga:0.96.5", "cpe:/a:quagga:quagga:0.95", "cpe:/a:quagga:quagga:0.96.3", "cpe:/a:quagga:quagga:0.97.0"], "id": "CVE-2007-1995", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1995", "cvss": {"score": 6.3, "vector": "AV:N/AC:M/Au:S/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:quagga:quagga:0.98.2:*:*:*:*:*:*:*", "cpe:2.3:a:quagga:quagga:0.98.0:*:*:*:*:*:*:*", "cpe:2.3:a:quagga:quagga:0.96.1:*:*:*:*:*:*:*", "cpe:2.3:a:quagga:quagga:0.97.1:*:*:*:*:*:*:*", "cpe:2.3:a:quagga:quagga:0.98.4:*:*:*:*:*:*:*", "cpe:2.3:a:quagga:quagga:0.98.3:*:*:*:*:*:*:*", "cpe:2.3:a:quagga:quagga:0.98.1:*:*:*:*:*:*:*", "cpe:2.3:a:quagga:quagga:0.97.4:*:*:*:*:*:*:*", "cpe:2.3:a:quagga:quagga:0.96.5:*:*:*:*:*:*:*", "cpe:2.3:a:quagga:quagga:0.95:*:*:*:*:*:*:*", "cpe:2.3:a:quagga:quagga:0.96.3:*:*:*:*:*:*:*", "cpe:2.3:a:quagga:quagga:0.96:*:*:*:*:*:*:*", "cpe:2.3:a:quagga:quagga:0.97.0:*:*:*:*:*:*:*", "cpe:2.3:a:quagga:quagga:0.98.5:*:*:*:*:*:*:*", "cpe:2.3:a:quagga:quagga:0.97.3:*:*:*:*:*:*:*", "cpe:2.3:a:quagga:quagga:0.96.2:*:*:*:*:*:*:*", "cpe:2.3:a:quagga:quagga:0.97.2:*:*:*:*:*:*:*", "cpe:2.3:a:quagga:quagga:0.96.4:*:*:*:*:*:*:*", "cpe:2.3:a:quagga:quagga:0.98.6:*:*:*:*:*:*:*", "cpe:2.3:a:quagga:quagga:0.97.5:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2019-05-29T18:36:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1995"], "description": "Oracle Linux Local Security Checks ELSA-2007-0389", "modified": "2018-09-28T00:00:00", "published": "2015-10-08T00:00:00", "id": "OPENVAS:1361412562310122702", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122702", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2007-0389", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2007-0389.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122702\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:51:27 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2007-0389\");\n script_tag(name:\"insight\", value:\"ELSA-2007-0389 - Moderate: quagga security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2007-0389\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2007-0389.html\");\n script_cve_id(\"CVE-2007-1995\");\n script_tag(name:\"cvss_base\", value:\"6.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"quagga\", rpm:\"quagga~0.98.6~2.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"quagga-contrib\", rpm:\"quagga-contrib~0.98.6~2.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"quagga-devel\", rpm:\"quagga-devel~0.98.6~2.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.3, "vector": "AV:N/AC:M/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2017-07-25T10:57:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1995"], "description": "Check for the Version of quagga", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:861433", "href": "http://plugins.openvas.org/nasl.php?oid=861433", "type": "openvas", "title": "Fedora Update for quagga FEDORA-2007-0838", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for quagga FEDORA-2007-0838\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Quagga is a free software that manages TCP/IP based routing\n protocol. It takes multi-server and multi-thread approach to resolve\n the current complexity of the Internet.\n\n Quagga supports BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng.\n \n Quagga is intended to be used as a Route Server and a Route Reflector. It is\n not a toolkit, it provides full routing power under a new architecture.\n Quagga by design has a process for each protocol.\n \n Quagga is a fork of GNU Zebra.\";\n\ntag_affected = \"quagga on Fedora 7\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-July/msg00060.html\");\n script_id(861433);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:31:39 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:N/I:N/A:C\");\n script_xref(name: \"FEDORA\", value: \"2007-0838\");\n script_cve_id(\"CVE-2007-1995\");\n script_name( \"Fedora Update for quagga FEDORA-2007-0838\");\n\n script_summary(\"Check for the Version of quagga\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"quagga\", rpm:\"quagga~0.99.7~1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"quagga-contrib\", rpm:\"quagga-contrib~0.99.7~1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"quagga\", rpm:\"quagga~0.99.7~1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"quagga-debuginfo\", rpm:\"quagga-debuginfo~0.99.7~1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"quagga-devel\", rpm:\"quagga-devel~0.99.7~1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"quagga-devel\", rpm:\"quagga-devel~0.99.7~1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"quagga-debuginfo\", rpm:\"quagga-debuginfo~0.99.7~1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"quagga-contrib\", rpm:\"quagga-contrib~0.99.7~1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"quagga\", rpm:\"quagga~0.99.7~1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1995"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n quagga\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5014412 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:136141256231065029", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065029", "type": "openvas", "title": "SLES9: Security update for quagga", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5014412.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for quagga\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n quagga\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5014412 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65029\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2007-1995\");\n script_tag(name:\"cvss_base\", value:\"6.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:N/I:N/A:C\");\n script_name(\"SLES9: Security update for quagga\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"quagga\", rpm:\"quagga~0.96.4~31.19\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1995"], "description": "The remote host is missing an update to quagga\nannounced via advisory DSA 1293-1.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:58342", "href": "http://plugins.openvas.org/nasl.php?oid=58342", "type": "openvas", "title": "Debian Security Advisory DSA 1293-1 (quagga)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1293_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1293-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Paul Jakma discovered that specially crafted UPDATE messages can\ntrigger an out of boundary read that can result in a system crash of\nquagga, the BGP/OSPF/RIP routing daemon.\n\nFor the old stable distribution (sarge) this problem has been fixed in\nversion 0.98.3-7.4.\n\nFor the stable distribution (etch) this problem has been fixed in\nversion 0.99.5-5etch2.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 0.99.6-5.\n\nWe recommend that you upgrade your quagga package.\";\ntag_summary = \"The remote host is missing an update to quagga\nannounced via advisory DSA 1293-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201293-1\";\n\nif(description)\n{\n script_id(58342);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:17:11 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2007-1995\");\n script_bugtraq_id(23417);\n script_tag(name:\"cvss_base\", value:\"6.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:N/I:N/A:C\");\n script_name(\"Debian Security Advisory DSA 1293-1 (quagga)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"quagga-doc\", ver:\"0.98.3-7.4\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"quagga\", ver:\"0.98.3-7.4\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"quagga-doc\", ver:\"0.99.5-5etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"quagga\", ver:\"0.99.5-5etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1995"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200705-05.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:58255", "href": "http://plugins.openvas.org/nasl.php?oid=58255", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200705-05 (quagga)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been discovered in Quagga allowing for a Denial of\nService.\";\ntag_solution = \"All Quagga users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/quagga-0.98.6-r2'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200705-05\nhttp://bugs.gentoo.org/show_bug.cgi?id=174206\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200705-05.\";\n\n \n\nif(description)\n{\n script_id(58255);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2007-1995\");\n script_tag(name:\"cvss_base\", value:\"6.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:N/I:N/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200705-05 (quagga)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-misc/quagga\", unaffected: make_list(\"ge 0.98.6-r2\"), vulnerable: make_list(\"lt 0.98.6-r2\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1995"], "description": "Check for the Version of quagga", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:861488", "href": "http://plugins.openvas.org/nasl.php?oid=861488", "type": "openvas", "title": "Fedora Update for quagga FEDORA-2007-525", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for quagga FEDORA-2007-525\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Quagga is a free software that manages TCP/IP based routing\n protocol. It takes multi-server and multi-thread approach to resolve\n the current complexity of the Internet.\n\n Quagga supports BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng.\n \n Quagga is intended to be used as a Route Server and a Route Reflector. It is\n not a toolkit, it provides full routing power under a new architecture.\n Quagga by design has a process for each protocol.\n \n Quagga is a fork of GNU Zebra.\";\n\ntag_affected = \"quagga on Fedora Core 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-June/msg00068.html\");\n script_id(861488);\n script_version(\"$Revision: 6622 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 07:52:50 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:31:39 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:N/I:N/A:C\");\n script_xref(name: \"FEDORA\", value: \"2007-525\");\n script_cve_id(\"CVE-2007-1995\");\n script_name( \"Fedora Update for quagga FEDORA-2007-525\");\n\n script_summary(\"Check for the Version of quagga\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora_core\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC6\")\n{\n\n if ((res = isrpmvuln(pkg:\"quagga\", rpm:\"quagga~0.99.7~1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/quagga-devel\", rpm:\"x86_64/quagga-devel~0.99.7~1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/debug/quagga-debuginfo\", rpm:\"x86_64/debug/quagga-debuginfo~0.99.7~1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/quagga\", rpm:\"x86_64/quagga~0.99.7~1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/quagga-contrib\", rpm:\"x86_64/quagga-contrib~0.99.7~1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/quagga\", rpm:\"i386/quagga~0.99.7~1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/debug/quagga-debuginfo\", rpm:\"i386/debug/quagga-debuginfo~0.99.7~1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/quagga-contrib\", rpm:\"i386/quagga-contrib~0.99.7~1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/quagga-devel\", rpm:\"i386/quagga-devel~0.99.7~1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:29:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1995"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-461-1", "modified": "2017-12-01T00:00:00", "published": "2009-03-23T00:00:00", "id": "OPENVAS:840001", "href": "http://plugins.openvas.org/nasl.php?oid=840001", "type": "openvas", "title": "Ubuntu Update for quagga vulnerability USN-461-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_461_1.nasl 7969 2017-12-01 09:23:16Z santu $\n#\n# Ubuntu Update for quagga vulnerability USN-461-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that Quagga did not correctly verify length\n information sent from configured peers. Remote malicious peers could\n send a specially crafted UPDATE message which would cause bgpd to abort,\n leading to a denial of service.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-461-1\";\ntag_affected = \"quagga vulnerability on Ubuntu 6.06 LTS ,\n Ubuntu 6.10 ,\n Ubuntu 7.04\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-461-1/\");\n script_id(840001);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-23 10:55:18 +0100 (Mon, 23 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:N/I:N/A:C\");\n script_xref(name: \"USN\", value: \"461-1\");\n script_cve_id(\"CVE-2007-1995\");\n script_name( \"Ubuntu Update for quagga vulnerability USN-461-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU7.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"quagga\", ver:\"0.99.6-2ubuntu3.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"quagga-doc\", ver:\"0.99.6-2ubuntu3.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"quagga\", ver:\"0.99.2-1ubuntu3.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"quagga-doc\", ver:\"0.99.2-1ubuntu3.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"quagga\", ver:\"0.99.4-4ubuntu1.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"quagga-doc\", ver:\"0.99.4-4ubuntu1.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:56:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1995"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n quagga\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5014412 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:65029", "href": "http://plugins.openvas.org/nasl.php?oid=65029", "type": "openvas", "title": "SLES9: Security update for quagga", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5014412.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for quagga\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n quagga\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5014412 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65029);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2007-1995\");\n script_tag(name:\"cvss_base\", value:\"6.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:N/I:N/A:C\");\n script_name(\"SLES9: Security update for quagga\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"quagga\", rpm:\"quagga~0.96.4~31.19\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4826", "CVE-2007-1995"], "description": "Check for the Version of quagga", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:861045", "href": "http://plugins.openvas.org/nasl.php?oid=861045", "type": "openvas", "title": "Fedora Update for quagga FEDORA-2007-2196", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for quagga FEDORA-2007-2196\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Quagga is a free software that manages TCP/IP based routing\n protocol. It takes multi-server and multi-thread approach to resolve\n the current complexity of the Internet.\n\n Quagga supports BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng.\n \n Quagga is intended to be used as a Route Server and a Route Reflector. It is\n not a toolkit, it provides full routing power under a new architecture.\n Quagga by design has a process for each protocol.\n \n Quagga is a fork of GNU Zebra.\";\n\ntag_affected = \"quagga on Fedora 7\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00304.html\");\n script_id(861045);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:01:32 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:N/I:N/A:C\");\n script_xref(name: \"FEDORA\", value: \"2007-2196\");\n script_cve_id(\"CVE-2007-4826\", \"CVE-2007-1995\");\n script_name( \"Fedora Update for quagga FEDORA-2007-2196\");\n\n script_summary(\"Check for the Version of quagga\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"quagga\", rpm:\"quagga~0.99.9~1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"quagga-contrib\", rpm:\"quagga-contrib~0.99.9~1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"quagga\", rpm:\"quagga~0.99.9~1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"quagga-devel\", rpm:\"quagga-devel~0.99.9~1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"quagga-debuginfo\", rpm:\"quagga-debuginfo~0.99.9~1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"quagga-devel\", rpm:\"quagga-devel~0.99.9~1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"quagga-contrib\", rpm:\"quagga-contrib~0.99.9~1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"quagga-debuginfo\", rpm:\"quagga-debuginfo~0.99.9~1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"quagga\", rpm:\"quagga~0.99.9~1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2019-08-13T18:45:34", "bulletinFamily": "unix", "cvelist": ["CVE-2007-1995"], "description": "Quagga is a TCP/IP based routing software suite.\r\n\r\nAn out of bounds memory read flaw was discovered in Quagga's bgpd. A\r\nconfigured peer of bgpd could cause Quagga to crash, leading to a denial of\r\nservice (CVE-2007-1995).\r\n\r\nAll users of Quagga should upgrade to this updated package, which\r\ncontains a backported patch to correct these issues.", "modified": "2017-09-08T12:08:06", "published": "2007-05-30T04:00:00", "id": "RHSA-2007:0389", "href": "https://access.redhat.com/errata/RHSA-2007:0389", "type": "redhat", "title": "(RHSA-2007:0389) Moderate: quagga security update", "cvss": {"score": 6.3, "vector": "AV:N/AC:M/Au:S/C:N/I:N/A:C"}}], "ubuntu": [{"lastseen": "2020-07-09T00:20:27", "bulletinFamily": "unix", "cvelist": ["CVE-2007-1995"], "description": "It was discovered that Quagga did not correctly verify length \ninformation sent from configured peers. Remote malicious peers could \nsend a specially crafted UPDATE message which would cause bgpd to abort, \nleading to a denial of service.", "edition": 6, "modified": "2007-05-17T00:00:00", "published": "2007-05-17T00:00:00", "id": "USN-461-1", "href": "https://ubuntu.com/security/notices/USN-461-1", "title": "Quagga vulnerability", "type": "ubuntu", "cvss": {"score": 6.3, "vector": "AV:N/AC:M/Au:S/C:N/I:N/A:C"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:31", "bulletinFamily": "software", "cvelist": ["CVE-2007-1995"], "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://bugzilla.quagga.net/show_bug.cgi?id=354\nVendor Specific News/Changelog Entry: http://www.quagga.net/news2.php?y=2007&m=4&d=8#id1176073740\nVendor Specific News/Changelog Entry: http://bugzilla.quagga.net/show_bug.cgi?id=355\n[Secunia Advisory ID:25312](https://secuniaresearch.flexerasoftware.com/advisories/25312/)\n[Secunia Advisory ID:25591](https://secuniaresearch.flexerasoftware.com/advisories/25591/)\n[Secunia Advisory ID:25084](https://secuniaresearch.flexerasoftware.com/advisories/25084/)\n[Secunia Advisory ID:25428](https://secuniaresearch.flexerasoftware.com/advisories/25428/)\n[Secunia Advisory ID:25119](https://secuniaresearch.flexerasoftware.com/advisories/25119/)\n[Secunia Advisory ID:25293](https://secuniaresearch.flexerasoftware.com/advisories/25293/)\n[Secunia Advisory ID:24808](https://secuniaresearch.flexerasoftware.com/advisories/24808/)\n[Secunia Advisory ID:25255](https://secuniaresearch.flexerasoftware.com/advisories/25255/)\nRedHat RHSA: RHSA-2007:0389\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200705-05.xml\nOther Advisory URL: http://www.ubuntu.com/usn/usn-461-1\nOther Advisory URL: http://www.quagga.net/news2.php?y=2007&m=4&d=8#id1176073740\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2007-May/0002.html\nOther Advisory URL: http://www.us.debian.org/security/2007/dsa-1293\nOther Advisory URL: http://www.trustix.org/errata/2007/0017/\nOther Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20070601-01-P.asc\nISS X-Force ID: 33547\nFrSIRT Advisory: ADV-2007-1336\n[CVE-2007-1995](https://vulners.com/cve/CVE-2007-1995)\nBugtraq ID: 23417\n", "edition": 1, "modified": "2007-04-10T10:18:55", "published": "2007-04-10T10:18:55", "href": "https://vulners.com/osvdb/OSVDB:34812", "id": "OSVDB:34812", "title": "Quagga bgpd/bgp_attr.c Crafted UPDATE Message DoS", "type": "osvdb", "cvss": {"score": 6.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}], "centos": [{"lastseen": "2019-12-20T18:24:58", "bulletinFamily": "unix", "cvelist": ["CVE-2007-1995"], "description": "**CentOS Errata and Security Advisory** CESA-2007:0389\n\n\nQuagga is a TCP/IP based routing software suite.\r\n\r\nAn out of bounds memory read flaw was discovered in Quagga's bgpd. A\r\nconfigured peer of bgpd could cause Quagga to crash, leading to a denial of\r\nservice (CVE-2007-1995).\r\n\r\nAll users of Quagga should upgrade to this updated package, which\r\ncontains a backported patch to correct these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-May/025863.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-May/025864.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-May/025865.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-May/025866.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-May/025867.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-May/025868.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-May/025870.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-May/025872.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-May/025875.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-May/025876.html\n\n**Affected packages:**\nquagga\nquagga-contrib\nquagga-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2007-0389.html", "edition": 4, "modified": "2007-05-31T10:11:32", "published": "2007-05-30T18:29:44", "href": "http://lists.centos.org/pipermail/centos-announce/2007-May/025863.html", "id": "CESA-2007:0389", "title": "quagga security update", "type": "centos", "cvss": {"score": 6.3, "vector": "AV:N/AC:M/Au:S/C:N/I:N/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:25", "bulletinFamily": "software", "cvelist": ["CVE-2007-1995"], "description": "Denial of service on BGP UPDATE messages processing.", "edition": 1, "modified": "2007-04-16T00:00:00", "published": "2007-04-16T00:00:00", "id": "SECURITYVULNS:VULN:7590", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7590", "title": "Quagga bgpd BGP service DoS", "type": "securityvulns", "cvss": {"score": 6.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:34", "bulletinFamily": "unix", "cvelist": ["CVE-2007-1995"], "edition": 1, "description": "### Background\n\nQuagga is a free routing daemon, supporting RIP, OSPF and BGP protocols. \n\n### Description\n\nThe Quagga development team reported a vulnerability in the BGP routing deamon when processing NLRI attributes inside UPDATE messages. \n\n### Impact\n\nA malicious peer inside a BGP area could send a specially crafted packet to a Quagga instance, possibly resulting in a crash of the Quagga daemon. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Quagga users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/quagga-0.98.6-r2\"", "modified": "2007-05-02T00:00:00", "published": "2007-05-02T00:00:00", "id": "GLSA-200705-05", "href": "https://security.gentoo.org/glsa/200705-05", "type": "gentoo", "title": "Quagga: Denial of Service", "cvss": {"score": 6.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}], "debian": [{"lastseen": "2020-11-11T13:19:48", "bulletinFamily": "unix", "cvelist": ["CVE-2007-1995"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1293-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nMay 17th, 2007 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : quagga\nVulnerability : out of boundary read\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2007-1995\nBugTraq ID : 23417\nDebian Bug : 418323\n\nPaul Jakma discovered that specially crafted UPDATE messages can\ntrigger an out of boundary read that can result in a system crash of\nquagga, the BGP/OSPF/RIP routing daemon.\n\nFor the old stable distribution (sarge) this problem has been fixed in\nversion 0.98.3-7.4.\n\nFor the stable distribution (etch) this problem has been fixed in\nversion 0.99.5-5etch2.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 0.99.6-5.\n\nWe recommend that you upgrade your quagga package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given at the end of this advisory:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4.dsc\n Size/MD5 checksum: 1017 668014e3d7bde772eac63fc2809538c8\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4.diff.gz\n Size/MD5 checksum: 45503 ce79e6a7a23c57551af673936957b520\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3.orig.tar.gz\n Size/MD5 checksum: 2118348 68be5e911e4d604c0f5959338263356e\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.98.3-7.4_all.deb\n Size/MD5 checksum: 488726 9176bb6c2d44c83c6b0235fe2d787c24\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_alpha.deb\n Size/MD5 checksum: 1613754 754e865cef5379625e6ac77fc03a1175\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_amd64.deb\n Size/MD5 checksum: 1413316 5aa1b7a4d2a9a262d89e6ff050b61140\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_arm.deb\n Size/MD5 checksum: 1290700 071171571b6afb1937cfe6d535a571dc\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_hppa.deb\n Size/MD5 checksum: 1447856 c4137c1ad75efb58c080a96aa9c0699e\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_i386.deb\n Size/MD5 checksum: 1193528 52640ebe894244e34b98b43150028c01\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_ia64.deb\n Size/MD5 checksum: 1829130 27191432085ad6ebff2160874aa06826\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_m68k.deb\n Size/MD5 checksum: 1160000 c2f78f24982732c9804de4297c4c2672\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_mips.deb\n Size/MD5 checksum: 1353040 6ceb137f2908165b4d1420f56b8be65b\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_mipsel.deb\n Size/MD5 checksum: 1355964 a1685523eede48afe70b1861a6b38038\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_powerpc.deb\n Size/MD5 checksum: 1317034 2d80694cf741a3ed85617dbf4e7b4776\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_s390.deb\n Size/MD5 checksum: 1401630 458f1f892e6ed57677971334589ecc45\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_sparc.deb\n Size/MD5 checksum: 1287812 e92233bfc759de15910da4241e27ebd1\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2.dsc\n Size/MD5 checksum: 762 667f0d6ae4984aa499d912b12d9146b9\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2.diff.gz\n Size/MD5 checksum: 33122 ac7da5cf6b143338aef2b8c6da3b2b3a\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5.orig.tar.gz\n Size/MD5 checksum: 2311140 3f9c71aca6faa22a889e2f84ecfd0076\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.99.5-5etch2_all.deb\n Size/MD5 checksum: 719938 01bcc6c571f620c957e1ea2b5cacf9f6\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_alpha.deb\n Size/MD5 checksum: 1681634 1f05ece668256dce58fe303801eb80b9\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_amd64.deb\n Size/MD5 checksum: 1415656 6e88dd4c6f56eba87c752369590cf486\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_arm.deb\n Size/MD5 checksum: 1347388 c33f7ed4aed2e8f846975ace01cee97c\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_hppa.deb\n Size/MD5 checksum: 1531224 22ce4a12ec77dae40ab0d064a7caeb9b\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_i386.deb\n Size/MD5 checksum: 1246878 d358565ab725d69a366115ff6ef277c3\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_ia64.deb\n Size/MD5 checksum: 1955390 9327ea2cf8778b8cca45d1ccea8092f7\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_mips.deb\n Size/MD5 checksum: 1455582 a415e82fd838b9ce0f5badcdf4278770\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_mipsel.deb\n Size/MD5 checksum: 1460546 af16aa91c13c54fa84769e3e30d521f0\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_powerpc.deb\n Size/MD5 checksum: 1379422 e7f92220a37daac49ddb3b0da124b9f7\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_s390.deb\n Size/MD5 checksum: 1482556 87509f6d9afef8940e0b35055f590ed8\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_sparc.deb\n Size/MD5 checksum: 1347908 db02aaf16c68dfac81a509b8145ca001\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n\n", "edition": 3, "modified": "2007-05-17T00:00:00", "published": "2007-05-17T00:00:00", "id": "DEBIAN:DSA-1293-1:CF3D9", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00049.html", "title": "[SECURITY] [DSA 1293-1] New quagga packages fix denial of service", "type": "debian", "cvss": {"score": 6.3, "vector": "AV:N/AC:M/Au:S/C:N/I:N/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:37", "bulletinFamily": "unix", "cvelist": ["CVE-2007-1995"], "description": " [0.98.3-2.4.0.1]\n - rebuild and nvr fix\n - resolves: #240481: CVE-2007-1995 Quagga bgpd DoS\n \n [0.98.3-2.0.1]\n - resolves: #240481: CVE-2007-1995 Quagga bgpd DoS ", "edition": 4, "modified": "2007-05-30T00:00:00", "published": "2007-05-30T00:00:00", "id": "ELSA-2007-0389", "href": "http://linux.oracle.com/errata/ELSA-2007-0389.html", "title": "Moderate: quagga security update ", "type": "oraclelinux", "cvss": {"score": 6.3, "vector": "AV:N/AC:M/Au:S/C:N/I:N/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:48", "bulletinFamily": "unix", "cvelist": ["CVE-2007-1995"], "description": "Quagga is a free software that manages TCP/IP based routing protocol. It takes multi-server and multi-thread approach to resolve the current complexity of the Internet. Quagga supports BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng. Quagga is intended to be used as a Route Server and a Route Reflector. It is not a toolkit, it provides full routing power under a new architecture. Quagga by design has a process for each protocol. Quagga is a fork of GNU Zebra. ", "modified": "2007-06-06T17:27:02", "published": "2007-06-06T17:27:02", "id": "FEDORA:L56HR2QW011221", "href": "", "type": "fedora", "title": "[SECURITY] Fedora Core 6 Update: quagga-0.99.7-1.fc6", "cvss": {"score": 6.3, "vector": "AV:N/AC:M/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:48", "bulletinFamily": "unix", "cvelist": ["CVE-2007-1995"], "description": "Quagga is a free software that manages TCP/IP based routing protocol. It takes multi-server and multi-thread approach to resolve the current complexity of the Internet. Quagga supports BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng. Quagga is intended to be used as a Route Server and a Route Reflector. It is not a toolkit, it provides full routing power under a new architecture. Quagga by design has a process for each protocol. Quagga is a fork of GNU Zebra. ", "modified": "2007-07-03T16:24:25", "published": "2007-07-03T16:24:25", "id": "FEDORA:L63GOL5B025086", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: quagga-0.99.7-1.fc7", "cvss": {"score": 6.3, "vector": "AV:N/AC:M/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:48", "bulletinFamily": "unix", "cvelist": ["CVE-2007-1995", "CVE-2007-4826"], "description": "Quagga is a free software that manages TCP/IP based routing protocol. It takes multi-server and multi-thread approach to resolve the current complexity of the Internet. Quagga supports BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng. Quagga is intended to be used as a Route Server and a Route Reflector. It is not a toolkit, it provides full routing power under a new architecture. Quagga by design has a process for each protocol. Quagga is a fork of GNU Zebra. ", "modified": "2007-09-18T19:21:48", "published": "2007-09-18T19:21:48", "id": "FEDORA:L8IJLSDN009715", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: quagga-0.99.9-1.fc7", "cvss": {"score": 6.3, "vector": "AV:N/AC:M/Au:S/C:N/I:N/A:C"}}], "nessus": [{"lastseen": "2021-01-01T04:55:14", "description": "According to its self-reported version number, the installation of\nQuagga's BGP daemon listening on the remote host is affected by a\ndenial of service vulnerability. The issue can be triggered by a\nspecially crafted UPDATE message from an explicitly configured BGP\npeer.", "edition": 26, "published": "2012-06-29T00:00:00", "title": "Quagga < 0.98.7 / 0.99.7 BGPD Denial of Service Vulnerability", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1995"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:quagga:quagga"], "id": "QUAGGA_0_99_7.NASL", "href": "https://www.tenable.com/plugins/nessus/59794", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(59794);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/12/04\");\n\n script_cve_id(\"CVE-2007-1995\");\n script_bugtraq_id(23417);\n\n script_name(english:\"Quagga < 0.98.7 / 0.99.7 BGPD Denial of Service Vulnerability\");\n script_summary(english:\"Check the version of Quagga\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote service may be affected by a denial of service\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the installation of\nQuagga's BGP daemon listening on the remote host is affected by a\ndenial of service vulnerability. The issue can be triggered by a\nspecially crafted UPDATE message from an explicitly configured BGP\npeer.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.quagga.net/show_bug.cgi?id=354\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.quagga.net/show_bug.cgi?id=355\");\n script_set_attribute(attribute:\"see_also\", value:\"http://web.archive.org/web/20100629132657/http://www.quagga.net/download/attic/quagga-0.99.7.changelog.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to version 0.98.7 / 0.99.7 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2007-1995\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/04/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:quagga:quagga\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"quagga_zebra_detect.nasl\");\n script_require_keys(\"Quagga/Installed\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\napp = \"Quagga Zebra\";\nkb = \"Quagga/\";\n\nif (report_paranoia < 2)\n audit(AUDIT_PARANOID);\n\nport = get_kb_item_or_exit(kb + \"Installed\");\n\nkb += port + \"/\";\nbanner = get_kb_item_or_exit(kb + \"Banner\");\nver = get_kb_item_or_exit(kb + \"Version\");\n\nif (ver !~ \"^\\d+(\\.\\d+)*$\")\n audit(AUDIT_NONNUMERIC_VER, app, port, ver);\n\nif (version =~ \"^0\\.98([^0-9]|$)\")\n fix = \"0.98.7\";\nelse\n fix = \"0.99.7\";\n\nif (ver_compare(ver:ver, fix:fix, strict:TRUE) >= 0)\n audit(AUDIT_LISTEN_NOT_VULN, app, port, ver);\n\nreport = NULL;\nif (report_verbosity > 0)\n{\n report =\n '\\n Version source : ' + banner +\n '\\n Installed version : ' + ver +\n '\\n Fixed version : ' + fix +\n '\\n';\n}\n\nsecurity_warning(port:port, extra:report);\n", "cvss": {"score": 6.3, "vector": "AV:N/AC:M/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2021-01-07T10:52:13", "description": "The remote host is affected by the vulnerability described in GLSA-200705-05\n(Quagga: Denial of Service)\n\n The Quagga development team reported a vulnerability in the BGP routing\n deamon when processing NLRI attributes inside UPDATE messages.\n \nImpact :\n\n A malicious peer inside a BGP area could send a specially crafted\n packet to a Quagga instance, possibly resulting in a crash of the\n Quagga daemon.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 24, "published": "2007-05-03T00:00:00", "title": "GLSA-200705-05 : Quagga: Denial of Service", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1995"], "modified": "2007-05-03T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:quagga"], "id": "GENTOO_GLSA-200705-05.NASL", "href": "https://www.tenable.com/plugins/nessus/25155", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200705-05.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(25155);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-1995\");\n script_bugtraq_id(23417);\n script_xref(name:\"GLSA\", value:\"200705-05\");\n\n script_name(english:\"GLSA-200705-05 : Quagga: Denial of Service\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200705-05\n(Quagga: Denial of Service)\n\n The Quagga development team reported a vulnerability in the BGP routing\n deamon when processing NLRI attributes inside UPDATE messages.\n \nImpact :\n\n A malicious peer inside a BGP area could send a specially crafted\n packet to a Quagga instance, possibly resulting in a crash of the\n Quagga daemon.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200705-05\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Quagga users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/quagga-0.98.6-r2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:quagga\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/05/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/05/03\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/04/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-misc/quagga\", unaffected:make_list(\"ge 0.98.6-r2\"), vulnerable:make_list(\"lt 0.98.6-r2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Quagga\");\n}\n", "cvss": {"score": 6.3, "vector": "AV:N/AC:M/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2021-01-17T13:05:49", "description": "An updated quagga package that fixes a security bug is now available\nfor Red Hat Enterprise Linux 3, 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nQuagga is a TCP/IP based routing software suite.\n\nAn out of bounds memory read flaw was discovered in Quagga's bgpd. A\nconfigured peer of bgpd could cause Quagga to crash, leading to a\ndenial of service (CVE-2007-1995).\n\nAll users of Quagga should upgrade to this updated package, which\ncontains a backported patch to correct these issues.", "edition": 28, "published": "2007-06-01T00:00:00", "title": "RHEL 3 / 4 / 5 : quagga (RHSA-2007:0389)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1995"], "modified": "2007-06-01T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:quagga-devel", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:quagga-contrib", "p-cpe:/a:redhat:enterprise_linux:quagga", "cpe:/o:redhat:enterprise_linux:4.5"], "id": "REDHAT-RHSA-2007-0389.NASL", "href": "https://www.tenable.com/plugins/nessus/25363", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0389. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(25363);\n script_version(\"1.26\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-1995\");\n script_bugtraq_id(23417);\n script_xref(name:\"RHSA\", value:\"2007:0389\");\n\n script_name(english:\"RHEL 3 / 4 / 5 : quagga (RHSA-2007:0389)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated quagga package that fixes a security bug is now available\nfor Red Hat Enterprise Linux 3, 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nQuagga is a TCP/IP based routing software suite.\n\nAn out of bounds memory read flaw was discovered in Quagga's bgpd. A\nconfigured peer of bgpd could cause Quagga to crash, leading to a\ndenial of service (CVE-2007-1995).\n\nAll users of Quagga should upgrade to this updated package, which\ncontains a backported patch to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-1995\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2007:0389\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected quagga, quagga-contrib and / or quagga-devel\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:quagga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:quagga-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:quagga-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/05/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/06/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2007:0389\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"quagga-0.96.2-12.3E\")) flag++;\n\n\n if (rpm_check(release:\"RHEL4\", reference:\"quagga-0.98.3-2.4.0.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"quagga-contrib-0.98.3-2.4.0.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"quagga-devel-0.98.3-2.4.0.1.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"quagga-0.98.6-2.1.0.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"quagga-0.98.6-2.1.0.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"quagga-0.98.6-2.1.0.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"quagga-contrib-0.98.6-2.1.0.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"quagga-contrib-0.98.6-2.1.0.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"quagga-contrib-0.98.6-2.1.0.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"quagga-devel-0.98.6-2.1.0.1.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"quagga / quagga-contrib / quagga-devel\");\n }\n}\n", "cvss": {"score": 6.3, "vector": "AV:N/AC:M/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2021-01-12T10:06:13", "description": "This update contains rebase to quagga-0.99.7 along with fix for\nCVE-2007-1995.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 21, "published": "2007-06-07T00:00:00", "title": "Fedora Core 6 : quagga-0.99.7-1.fc6 (2007-525)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1995"], "modified": "2007-06-07T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:quagga-contrib", "p-cpe:/a:fedoraproject:fedora:quagga", "p-cpe:/a:fedoraproject:fedora:quagga-devel", "cpe:/o:fedoraproject:fedora_core:6", "p-cpe:/a:fedoraproject:fedora:quagga-debuginfo"], "id": "FEDORA_2007-525.NASL", "href": "https://www.tenable.com/plugins/nessus/25448", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2007-525.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(25448);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2007-525\");\n\n script_name(english:\"Fedora Core 6 : quagga-0.99.7-1.fc6 (2007-525)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update contains rebase to quagga-0.99.7 along with fix for\nCVE-2007-1995.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2007-June/001852.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2f0cc564\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:quagga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:quagga-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:quagga-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:quagga-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/06/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/06/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 6.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC6\", reference:\"quagga-0.99.7-1.fc6\")) flag++;\nif (rpm_check(release:\"FC6\", reference:\"quagga-contrib-0.99.7-1.fc6\")) flag++;\nif (rpm_check(release:\"FC6\", reference:\"quagga-debuginfo-0.99.7-1.fc6\")) flag++;\nif (rpm_check(release:\"FC6\", reference:\"quagga-devel-0.99.7-1.fc6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"quagga / quagga-contrib / quagga-debuginfo / quagga-devel\");\n}\n", "cvss": {"score": 6.3, "vector": "AV:N/AC:M/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2021-01-12T10:06:03", "description": "Upgrade to new upstream 0.99.7 should also fix the CVE-2007-1995\nQuagga bgpd DoS\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2007-11-06T00:00:00", "title": "Fedora 7 : quagga-0.99.7-1.fc7 (2007-0838)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1995"], "modified": "2007-11-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:quagga-contrib", "p-cpe:/a:fedoraproject:fedora:quagga", "p-cpe:/a:fedoraproject:fedora:quagga-devel", "cpe:/o:fedoraproject:fedora:7", "p-cpe:/a:fedoraproject:fedora:quagga-debuginfo"], "id": "FEDORA_2007-0838.NASL", "href": "https://www.tenable.com/plugins/nessus/27682", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2007-0838.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27682);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2007-1995\");\n script_xref(name:\"FEDORA\", value:\"2007-0838\");\n\n script_name(english:\"Fedora 7 : quagga-0.99.7-1.fc7 (2007-0838)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Upgrade to new upstream 0.99.7 should also fix the CVE-2007-1995\nQuagga bgpd DoS\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2007-July/002516.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?34800286\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:N/A:C\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:quagga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:quagga-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:quagga-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:quagga-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/07/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 7.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC7\", reference:\"quagga-0.99.7-1.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"quagga-contrib-0.99.7-1.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"quagga-debuginfo-0.99.7-1.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"quagga-devel-0.99.7-1.fc7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"quagga / quagga-contrib / quagga-debuginfo / quagga-devel\");\n}\n", "cvss": {"score": 6.3, "vector": "AV:N/AC:M/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2021-01-06T09:25:08", "description": "An updated quagga package that fixes a security bug is now available\nfor Red Hat Enterprise Linux 3, 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nQuagga is a TCP/IP based routing software suite.\n\nAn out of bounds memory read flaw was discovered in Quagga's bgpd. A\nconfigured peer of bgpd could cause Quagga to crash, leading to a\ndenial of service (CVE-2007-1995).\n\nAll users of Quagga should upgrade to this updated package, which\ncontains a backported patch to correct these issues.", "edition": 27, "published": "2007-06-01T00:00:00", "title": "CentOS 3 / 4 / 5 : quagga (CESA-2007:0389)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1995"], "modified": "2007-06-01T00:00:00", "cpe": ["p-cpe:/a:centos:centos:quagga-contrib", "p-cpe:/a:centos:centos:quagga-devel", "cpe:/o:centos:centos:4", "cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:quagga", "cpe:/o:centos:centos:3"], "id": "CENTOS_RHSA-2007-0389.NASL", "href": "https://www.tenable.com/plugins/nessus/25354", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0389 and \n# CentOS Errata and Security Advisory 2007:0389 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(25354);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-1995\");\n script_bugtraq_id(23417);\n script_xref(name:\"RHSA\", value:\"2007:0389\");\n\n script_name(english:\"CentOS 3 / 4 / 5 : quagga (CESA-2007:0389)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated quagga package that fixes a security bug is now available\nfor Red Hat Enterprise Linux 3, 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nQuagga is a TCP/IP based routing software suite.\n\nAn out of bounds memory read flaw was discovered in Quagga's bgpd. A\nconfigured peer of bgpd could cause Quagga to crash, leading to a\ndenial of service (CVE-2007-1995).\n\nAll users of Quagga should upgrade to this updated package, which\ncontains a backported patch to correct these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-May/013825.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?887667e3\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-May/013826.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?617cf6bd\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-May/013827.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b60bd935\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-May/013828.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e0cd5064\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-May/013829.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?da5996bc\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-May/013830.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?598b7f94\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-May/013837.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1794d7ba\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-May/013838.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?33f969ed\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected quagga packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:quagga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:quagga-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:quagga-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/05/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/06/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x / 4.x / 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", reference:\"quagga-0.96.2-12.3E\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"quagga-contrib-0.96.2-12.3E\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"quagga-devel-0.96.2-12.3E\")) flag++;\n\nif (rpm_check(release:\"CentOS-4\", reference:\"quagga-0.98.3-2.4.0.1.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"quagga-contrib-0.98.3-2.4.0.1.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"quagga-devel-0.98.3-2.4.0.1.el4\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"quagga-0.98.6-2.1.0.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"quagga-contrib-0.98.6-2.1.0.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"quagga-devel-0.98.6-2.1.0.1.el5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"quagga / quagga-contrib / quagga-devel\");\n}\n", "cvss": {"score": 6.3, "vector": "AV:N/AC:M/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2021-01-20T15:43:54", "description": "It was discovered that Quagga did not correctly verify length\ninformation sent from configured peers. Remote malicious peers could\nsend a specially crafted UPDATE message which would cause bgpd to\nabort, leading to a denial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2007-11-10T00:00:00", "title": "Ubuntu 6.06 LTS / 6.10 / 7.04 : quagga vulnerability (USN-461-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1995"], "modified": "2007-11-10T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:6.10", "p-cpe:/a:canonical:ubuntu_linux:quagga-doc", "p-cpe:/a:canonical:ubuntu_linux:quagga", "cpe:/o:canonical:ubuntu_linux:7.04", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts"], "id": "UBUNTU_USN-461-1.NASL", "href": "https://www.tenable.com/plugins/nessus/28061", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-461-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(28061);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2007-1995\");\n script_xref(name:\"USN\", value:\"461-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 6.10 / 7.04 : quagga vulnerability (USN-461-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Quagga did not correctly verify length\ninformation sent from configured peers. Remote malicious peers could\nsend a specially crafted UPDATE message which would cause bgpd to\nabort, leading to a denial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/461-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected quagga and / or quagga-doc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:N/A:C\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:quagga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:quagga-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|6\\.10|7\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 6.10 / 7.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"quagga\", pkgver:\"0.99.2-1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"quagga-doc\", pkgver:\"0.99.2-1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"quagga\", pkgver:\"0.99.4-4ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"quagga-doc\", pkgver:\"0.99.4-4ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"quagga\", pkgver:\"0.99.6-2ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"quagga-doc\", pkgver:\"0.99.6-2ubuntu3.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"quagga / quagga-doc\");\n}\n", "cvss": {"score": 6.3, "vector": "AV:N/AC:M/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2021-01-17T13:43:43", "description": "An out of bounds memory read flaw was discovered in Quagga's bgpd. A\nconfigured peer of bgpd could cause Quagga to crash, leading to a\ndenial of service (CVE-2007-1995).", "edition": 25, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : quagga on SL5.x, SL4.x, SL3.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1995"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20070530_QUAGGA_ON_SL5_X__SL4_X__SL3_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60193", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60193);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-1995\");\n\n script_name(english:\"Scientific Linux Security Update : quagga on SL5.x, SL4.x, SL3.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An out of bounds memory read flaw was discovered in Quagga's bgpd. A\nconfigured peer of bgpd could cause Quagga to crash, leading to a\ndenial of service (CVE-2007-1995).\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0706&L=scientific-linux-errata&T=0&P=203\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f3a7adaf\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected quagga, quagga-contrib and / or quagga-devel\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:N/A:C\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/05/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"quagga-0.96.2-12.3E\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"quagga-contrib-0.96.2-12.3E\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"quagga-devel-0.96.2-12.3E\")) flag++;\n\nif (rpm_check(release:\"SL4\", reference:\"quagga-0.98.3-2.4.0.1.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"quagga-contrib-0.98.3-2.4.0.1.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"quagga-devel-0.98.3-2.4.0.1.el4\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"quagga-0.98.6-2.1.0.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"quagga-contrib-0.98.6-2.1.0.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"quagga-devel-0.98.6-2.1.0.1.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.3, "vector": "AV:N/AC:M/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2021-01-17T12:43:59", "description": "From Red Hat Security Advisory 2007:0389 :\n\nAn updated quagga package that fixes a security bug is now available\nfor Red Hat Enterprise Linux 3, 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nQuagga is a TCP/IP based routing software suite.\n\nAn out of bounds memory read flaw was discovered in Quagga's bgpd. A\nconfigured peer of bgpd could cause Quagga to crash, leading to a\ndenial of service (CVE-2007-1995).\n\nAll users of Quagga should upgrade to this updated package, which\ncontains a backported patch to correct these issues.", "edition": 25, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 3 / 4 / 5 : quagga (ELSA-2007-0389)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1995"], "modified": "2013-07-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:quagga", "cpe:/o:oracle:linux:3", "p-cpe:/a:oracle:linux:quagga-devel", "cpe:/o:oracle:linux:4", "p-cpe:/a:oracle:linux:quagga-contrib"], "id": "ORACLELINUX_ELSA-2007-0389.NASL", "href": "https://www.tenable.com/plugins/nessus/67506", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2007:0389 and \n# Oracle Linux Security Advisory ELSA-2007-0389 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67506);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-1995\");\n script_bugtraq_id(23417);\n script_xref(name:\"RHSA\", value:\"2007:0389\");\n\n script_name(english:\"Oracle Linux 3 / 4 / 5 : quagga (ELSA-2007-0389)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2007:0389 :\n\nAn updated quagga package that fixes a security bug is now available\nfor Red Hat Enterprise Linux 3, 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nQuagga is a TCP/IP based routing software suite.\n\nAn out of bounds memory read flaw was discovered in Quagga's bgpd. A\nconfigured peer of bgpd could cause Quagga to crash, leading to a\ndenial of service (CVE-2007-1995).\n\nAll users of Quagga should upgrade to this updated package, which\ncontains a backported patch to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-June/000217.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-May/000160.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-May/000162.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected quagga packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:quagga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:quagga-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:quagga-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/06/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3 / 4 / 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"quagga-0.96.2-12.3E\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"quagga-0.96.2-12.3E\")) flag++;\n\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"quagga-0.98.3-2.4.0.1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"quagga-0.98.3-2.4.0.1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"quagga-contrib-0.98.3-2.4.0.1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"quagga-contrib-0.98.3-2.4.0.1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"quagga-devel-0.98.3-2.4.0.1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"quagga-devel-0.98.3-2.4.0.1.el4\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"quagga-0.98.6-2.1.0.1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"quagga-contrib-0.98.6-2.1.0.1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"quagga-devel-0.98.6-2.1.0.1.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"quagga / quagga-contrib / quagga-devel\");\n}\n", "cvss": {"score": 6.3, "vector": "AV:N/AC:M/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2021-01-17T14:47:01", "description": "Remote attackers could crash quagga via specially crafted 'UPDATE'\nmessages (CVE-2007-1995).", "edition": 25, "published": "2007-10-17T00:00:00", "title": "openSUSE 10 Security Update : quagga (quagga-3233)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1995"], "modified": "2007-10-17T00:00:00", "cpe": ["cpe:/o:novell:opensuse:10.2", "p-cpe:/a:novell:opensuse:quagga-devel", "cpe:/o:novell:opensuse:10.1", "p-cpe:/a:novell:opensuse:quagga"], "id": "SUSE_QUAGGA-3233.NASL", "href": "https://www.tenable.com/plugins/nessus/27417", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update quagga-3233.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27417);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-1995\");\n\n script_name(english:\"openSUSE 10 Security Update : quagga (quagga-3233)\");\n script_summary(english:\"Check for the quagga-3233 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Remote attackers could crash quagga via specially crafted 'UPDATE'\nmessages (CVE-2007-1995).\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected quagga packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:N/A:C\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quagga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quagga-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"quagga-0.98.5-17.9.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"quagga-devel-0.98.5-17.9.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"quagga-0.98.6-29\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"quagga-devel-0.98.6-29\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"quagga / quagga-devel\");\n}\n", "cvss": {"score": 6.3, "vector": "AV:N/AC:M/Au:S/C:N/I:N/A:C"}}]}