Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 6 May 2009 12:10:51 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request (sort of): Quagga BGP crasher


======================================================
Name: CVE-2009-1572
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1572
Reference: MLIST:[oss-security] 20090501 CVE request (sort of): Quagga BGP crasher
Reference: URL:http://www.openwall.com/lists/oss-security/2009/05/01/1
Reference: MLIST:[oss-security] 20090501 Re: CVE request (sort of): Quagga BGP crasher
Reference: URL:http://www.openwall.com/lists/oss-security/2009/05/01/2
Reference: MLIST:[quagga-dev] 20090203 [quagga-dev 6391]  [PATCH] BGP 4-byte ASN bug fixes
Reference: URL:http://marc.info/?l=quagga-dev&m=123364779626078&w=2
Reference: MISC:http://thread.gmane.org/gmane.network.quagga.devel/6513
Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526311
Reference: DEBIAN:DSA-1788
Reference: URL:http://www.debian.org/security/2009/dsa-1788
Reference: BID:34817
Reference: URL:http://www.securityfocus.com/bid/34817
Reference: OSVDB:54200
Reference: URL:http://www.osvdb.org/54200
Reference: SECUNIA:34999
Reference: URL:http://secunia.com/advisories/34999
Reference: XF:quagga-systemnumber-dos(50317)
Reference: URL:http://xforce.iss.net/xforce/xfdb/50317

The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote
attackers to cause a denial of service (crash) via an AS path
containing ASN elements whose string representation is longer than
expected, which triggers an assert error.


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.