Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 25 Aug 2010 10:21:59 -0400 (EDT)
From: Josh Bressers <>
Cc: CERT-FI Vulnerability Co-ordination <>,
        Chris Hall <>,
        Denis Ovsienko <>,
        "Steven M. Christey" <>
Subject: Re: CVE Request -- Quagga (bgpd) [two ids] -- 1,
 Stack buffer overflow by processing crafted Refresh-Route msgs 2, NULL ptr
 deref by parsing certain AS paths by BGP update request

----- "Jan Lieskovsky" <> wrote:

> Hi Steve, vendors,
>    Quagga upstream has released latest vQuagga 0.99.17 version,
>    addressing two security flaws:
> A, Stack buffer overflow by processing certain Route-Refresh messages
>    A stack buffer overflow flaw was found in the way Quagga's bgpd daemon
>    processed Route-Refresh messages. A configured Border Gateway Protocol
>    (BGP) peer could send a Route-Refresh message with specially-crafted
>    Outbound Route Filtering (ORF) record, which would cause the master
>    BGP daemon (bgpd) to crash or, possibly, execute arbitrary code with
>    the privileges of the user running bgpd.
>    Upstream changeset:
>    [1]
>    References:
>    [2]
>    [3]

Use CVE-2010-2948 for this one.

> B, DoS (crash) while processing certain BGP update AS path messages
>    A NULL pointer dereference flaw was found in the way Quagga's bgpd
>    daemon parsed paths of autonomous systems (AS). A configured BGP peer
>    could send a BGP update AS path request with unknown AS type, which
>    could lead to denial of service (bgpd daemon crash).
>    Upstream changeset:
>    [4]
>    References:
>    [5]
>    [6]

Use CVE-2010-2949 for this one.



Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ