Date: Wed, 6 May 2009 12:10:51 -0400 (EDT) From: "Steven M. Christey" <coley@...us.mitre.org> To: oss-security@...ts.openwall.com Subject: Re: CVE request (sort of): Quagga BGP crasher ====================================================== Name: CVE-2009-1572 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1572 Reference: MLIST:[oss-security] 20090501 CVE request (sort of): Quagga BGP crasher Reference: URL:http://www.openwall.com/lists/oss-security/2009/05/01/1 Reference: MLIST:[oss-security] 20090501 Re: CVE request (sort of): Quagga BGP crasher Reference: URL:http://www.openwall.com/lists/oss-security/2009/05/01/2 Reference: MLIST:[quagga-dev] 20090203 [quagga-dev 6391] [PATCH] BGP 4-byte ASN bug fixes Reference: URL:http://marc.info/?l=quagga-dev&m=123364779626078&w=2 Reference: MISC:http://thread.gmane.org/gmane.network.quagga.devel/6513 Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526311 Reference: DEBIAN:DSA-1788 Reference: URL:http://www.debian.org/security/2009/dsa-1788 Reference: BID:34817 Reference: URL:http://www.securityfocus.com/bid/34817 Reference: OSVDB:54200 Reference: URL:http://www.osvdb.org/54200 Reference: SECUNIA:34999 Reference: URL:http://secunia.com/advisories/34999 Reference: XF:quagga-systemnumber-dos(50317) Reference: URL:http://xforce.iss.net/xforce/xfdb/50317 The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote attackers to cause a denial of service (crash) via an AS path containing ASN elements whose string representation is longer than expected, which triggers an assert error.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.