ROSA LABROSA-SA-2021-1960Advisory ROSA-SA-2021-1960
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 Medium
AI Score
Confidence
High
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.575 Medium
EPSS
Percentile
97.7%
Software: quagga 0.99.22.4
OS: Cobalt 7.9
CVE-ID: CVE-2016-1245
CVE-Crit: CRITICAL
CVE-DESC: It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffers from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The main reason was that the BUFSIZ was compatible with the message size; however, BUFSIZ is system dependent.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2017-16227
CVE-Crit: HIGH
CVE-DESC: The aspath_put function in bgpd / bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session break) via BGP UPDATE messages because when calculating the AS_PATH size for long paths, certain bytes are counted twice and therefore creates an invalid message.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2017-5495
CVE-Crit: HIGH
CVE-DESC: All versions of Quagga, from 0.93 to 1.1.0, are vulnerable to unlimited memory allocation in the telnet ‘vty’ CLI, resulting in denial of service to Quagga daemons or even the entire host. When Quagga daemons are configured with the telnet command line interface enabled, anyone who can connect to TCP ports can activate this vulnerability prior to authentication. Most distributions by default limit Quagga’s telnet interface to local access only. The ‘vty’ input buffer of Quagga’s telnet interface telnet interface grows indefinitely until a new line is entered. This allows an attacker to force the Quagga daemon to allocate unlimited memory by sending very long strings without a newline. Eventually, the daemon terminates the system or the system itself runs out of memory. This is fixed in Quagga 1.1.1 and Free Range Routing (FRR) Protocol Suite 2017-01-10.
CVE-STATUS: Default
CVE-REV: default
CVE-ID: CVE-2018-5378
CVE-Crit: MEDIUM
CVE-DESC: The Quagga BGP daemon (bgpd) before version 1.2.3 incorrectly restricts validation of data sent with NOTIFY to a partner if the attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer, and/or bgpd may fail.
CVE-STATUS: Default
CVE-REV: default
CVE-ID: CVE-2018-5380
CVE-Crit: MEDIUM
CVE-DESC: The Quagga BGP daemon (bgpd) prior to version 1.2.3 can override internal BGP code-to-string conversion tables used for debugging by 1 input-based pointer value.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2018-5381
CVE-Crit: HIGH
CVE-DESC: The Quagga BGP daemon (bgpd) before version 1.2.3 has a bug when parsing “Capabilities” in BGP OPEN messages in the bgp_packet.c function: bgp_capability_msg_parse. The analyzer may enter an infinite loop on invalid capabilities if the multiprotocol capability does not have a recognized AFI / SAFI, causing a denial of service.
CVE-STATUS: default
CVE-REV: default
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 Medium
AI Score
Confidence
High
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.575 Medium
EPSS
Percentile
97.7%