Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (c) 2009 E-Soft Inc. http://www.securityspace.comOPENVAS:63951
HistoryMay 11, 2009 - 12:00 a.m.

Mandrake Security Advisory MDVSA-2009:109 (quagga)

2009-05-1100:00:00
Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
plugins.openvas.org
3

0.109 Low

EPSS

Percentile

94.5%

JSON

The remote host is missing an update to quagga
announced via advisory MDVSA-2009:109.

# OpenVAS Vulnerability Test
# $Id: mdksa_2009_109.nasl 6587 2017-07-07 06:35:35Z cfischer $
# Description: Auto-generated from advisory MDVSA-2009:109 (quagga)
#
# Authors:
# Thomas Reinke <[email protected]>
#
# Copyright:
# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# or at your option, GNU General Public License version 3,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#

include("revisions-lib.inc");
tag_insight = "The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote
attackers to cause a denial of service (crash) via an AS path
containing ASN elements whose string representation is longer than
expected, which triggers an assert error (CVE-2009-1572).

Updated packages are available that bring Quagga to version 0.99.12
which provides numerous bugfixes over the previous 0.99.9 version,
and also corrects this issue.

Affected: Corporate 4.0";
tag_solution = "To upgrade automatically use MandrakeUpdate or urpmi.  The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:109";
tag_summary = "The remote host is missing an update to quagga
announced via advisory MDVSA-2009:109.";

                                                                                

if(description)
{
 script_id(63951);
 script_version("$Revision: 6587 $");
 script_tag(name:"last_modification", value:"$Date: 2017-07-07 08:35:35 +0200 (Fri, 07 Jul 2017) $");
 script_tag(name:"creation_date", value:"2009-05-11 20:24:31 +0200 (Mon, 11 May 2009)");
 script_cve_id("CVE-2009-1572");
 script_tag(name:"cvss_base", value:"5.0");
 script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
 script_name("Mandrake Security Advisory MDVSA-2009:109 (quagga)");



 script_category(ACT_GATHER_INFO);

 script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
 script_family("Mandrake Local Security Checks");
 script_dependencies("gather-package-list.nasl");
 script_mandatory_keys("ssh/login/mandriva_mandrake_linux", "ssh/login/rpms");
 script_tag(name : "insight" , value : tag_insight);
 script_tag(name : "solution" , value : tag_solution);
 script_tag(name : "summary" , value : tag_summary);
 script_tag(name:"qod_type", value:"package");
 script_tag(name:"solution_type", value:"VendorFix");
 exit(0);
}

#
# The script code starts here
#

include("pkg-lib-rpm.inc");

res = "";
report = "";
if ((res = isrpmvuln(pkg:"libquagga0", rpm:"libquagga0~0.99.12~0.1.20060mlcs4", rls:"MNDK_4.0")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"libquagga0-devel", rpm:"libquagga0-devel~0.99.12~0.1.20060mlcs4", rls:"MNDK_4.0")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"quagga", rpm:"quagga~0.99.12~0.1.20060mlcs4", rls:"MNDK_4.0")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"quagga-contrib", rpm:"quagga-contrib~0.99.12~0.1.20060mlcs4", rls:"MNDK_4.0")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"lib64quagga0", rpm:"lib64quagga0~0.99.12~0.1.20060mlcs4", rls:"MNDK_4.0")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"lib64quagga0-devel", rpm:"lib64quagga0-devel~0.99.12~0.1.20060mlcs4", rls:"MNDK_4.0")) != NULL) {
    report += res;
}

if (report != "") {
    security_message(data:report);
} else if (__pkg_match) {
    exit(99); # Not vulnerable.
}

Related

fedora 2
openvas 24
prion 1
nessus 13
debiancve 1
cve 1
freebsd 1
ubuntu 1
ubuntucve 1
fedora
fedora
[SECURITY] Fedora 10 Update: quagga-0.99.12-1.fc10
2009-05-21 23:23:53
[SECURITY] Fedora 11 Update: quagga-0.99.12-1.fc11
2009-05-21 23:31:01
openvas
openvas
SLES11: Security update for quagga
2009-10-11 00:00:00
Fedora Core 10 FEDORA-2009-5284 (quagga)
2009-05-25 00:00:00
FreeBSD Ports: quagga
2009-05-11 00:00:00
prion
prion
Design/Logic Flaw
2009-05-06 17:30:00
nessus
nessus
FreeBSD : quagga -- Denial of Service (2748fdde-3a3c-11de-bbc5-00e0815b8da8)
2009-05-07 00:00:00
Debian DSA-1788-1 : quagga - improper assertion
2009-05-06 00:00:00
Quagga < 0.99.12 BGPD Denial of Service Vulnerability
2012-06-29 00:00:00
debiancve
debiancve
CVE-2009-1572
2009-05-06 17:30:00
cve
cve
CVE-2009-1572
2009-05-06 17:30:00
freebsd
freebsd
quagga -- Denial of Service
2009-05-04 00:00:00
ubuntu
ubuntu
Quagga vulnerability
2009-05-12 00:00:00
ubuntucve
ubuntucve
CVE-2009-1572
2009-05-06 00:00:00

0.109 Low

EPSS

Percentile

94.5%

JSON
Related for OPENVAS:63951
fedora2openvas24prion1nessus13debiancve1cve1freebsd1ubuntu1ubuntucve1