Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 6 May 2009 12:10:51 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request (sort of): Quagga BGP crasher


======================================================
Name: CVE-2009-1572
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1572
Reference: MLIST:[oss-security] 20090501 CVE request (sort of): Quagga BGP crasher
Reference: URL:http://www.openwall.com/lists/oss-security/2009/05/01/1
Reference: MLIST:[oss-security] 20090501 Re: CVE request (sort of): Quagga BGP crasher
Reference: URL:http://www.openwall.com/lists/oss-security/2009/05/01/2
Reference: MLIST:[quagga-dev] 20090203 [quagga-dev 6391]  [PATCH] BGP 4-byte ASN bug fixes
Reference: URL:http://marc.info/?l=quagga-dev&m=123364779626078&w=2
Reference: MISC:http://thread.gmane.org/gmane.network.quagga.devel/6513
Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526311
Reference: DEBIAN:DSA-1788
Reference: URL:http://www.debian.org/security/2009/dsa-1788
Reference: BID:34817
Reference: URL:http://www.securityfocus.com/bid/34817
Reference: OSVDB:54200
Reference: URL:http://www.osvdb.org/54200
Reference: SECUNIA:34999
Reference: URL:http://secunia.com/advisories/34999
Reference: XF:quagga-systemnumber-dos(50317)
Reference: URL:http://xforce.iss.net/xforce/xfdb/50317

The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote
attackers to cause a denial of service (crash) via an AS path
containing ASN elements whose string representation is longer than
expected, which triggers an assert error.


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ