[<prev] [next>] [<thread-prev] [month] [year] [list]
Date: Wed, 6 May 2009 12:10:51 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request (sort of): Quagga BGP crasher
======================================================
Name: CVE-2009-1572
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1572
Reference: MLIST:[oss-security] 20090501 CVE request (sort of): Quagga BGP crasher
Reference: URL:http://www.openwall.com/lists/oss-security/2009/05/01/1
Reference: MLIST:[oss-security] 20090501 Re: CVE request (sort of): Quagga BGP crasher
Reference: URL:http://www.openwall.com/lists/oss-security/2009/05/01/2
Reference: MLIST:[quagga-dev] 20090203 [quagga-dev 6391] [PATCH] BGP 4-byte ASN bug fixes
Reference: URL:http://marc.info/?l=quagga-dev&m=123364779626078&w=2
Reference: MISC:http://thread.gmane.org/gmane.network.quagga.devel/6513
Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526311
Reference: DEBIAN:DSA-1788
Reference: URL:http://www.debian.org/security/2009/dsa-1788
Reference: BID:34817
Reference: URL:http://www.securityfocus.com/bid/34817
Reference: OSVDB:54200
Reference: URL:http://www.osvdb.org/54200
Reference: SECUNIA:34999
Reference: URL:http://secunia.com/advisories/34999
Reference: XF:quagga-systemnumber-dos(50317)
Reference: URL:http://xforce.iss.net/xforce/xfdb/50317
The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote
attackers to cause a denial of service (crash) via an AS path
containing ASN elements whose string representation is longer than
expected, which triggers an assert error.
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Hosted by DataForce ISP -
Powered by Openwall GNU/*/Linux