OpenPKG Security Advisory
OpenPKG-SA-2007.015
Publisher Name: OpenPKG GmbH Publisher Home: http://openpkg.com/ Advisory Id (public): OpenPKG-SA-2007.015 Advisory Type: OpenPKG Security Advisory (SA) Advisory Directory: http://openpkg.com/go/OpenPKG-SA Advisory Document: http://openpkg.com/go/OpenPKG-SA-2007.015 Advisory Published: 2008-08-07 22:03 UTC Issue Id (internal): OpenPKG-SI-20070518.01 Issue First Created: 2007-05-18 Issue Last Modified: 2007-05-18 Issue Revision: 02
Subject Name: Quagga Subject Summary: Routing Daemon Subject Home: http://www.quagga.net/ Subject Versions: * <= 0.99.6 Vulnerability Id: CVE-2007-1995 Vulnerability Scope: global (not OpenPKG specific) Attack Feasibility: run-time Attack Vector: remote network Attack Impact: denial of service Description: A Denial of Service (DoS) vulnerability exists in the routing daemon Quagga [0], versions up to and including 0.99.6. The Quagga bgpd(8) daemon is vulnerable as configured peers may cause it to abort because of an assertion which can be triggered by peers by sending an "UPDATE" message with a specially crafted, malformed Multi-Protocol reachable/unreachable "NLRI" attribute [1]. References: [0] http://www.quagga.net/ [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1995
Primary Package Name: quagga Primary Package Home: http://openpkg.org/go/package/quagga Affected Distribution: Affected Branch: Affected Package: OpenPKG Enterprise E1.0-SOLID quagga-0.99.5-E1.0.0 OpenPKG Community CURRENT quagga-0.99.6-20061209 Corrected Distribution: Corrected Branch: Corrected Package: OpenPKG Enterprise E1.0-SOLID quagga-0.99.5-E1.0.1 OpenPKG Community CURRENT quagga-0.99.7-20070430
