Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
aports
aports
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 673
    • Issues 673
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 173
    • Merge Requests 173
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Incidents
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Members
    • Members
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • alpine
  • aportsaports
  • Issues
  • #35

Closed
Open
Opened May 21, 2009 by iilluzion _@iilluzion

Quagga Autonomous System Number Remote Denial Of Service Vulnerability

Alpine Linux related: All quagga-0.99.xx packages in Alpine Linux releases up to alpine-1.9.0_alpha9

Severity: Medium
Potential loss type: Availability
Patch available: Yes

Vulnerability description:

The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote attackers to cause a denial of service (crash) via an AS path containing ASN elements whose string representation is longer than expected, which triggers an assert error.

References:

  • DEBIAN: http://www.debian.org/security/2009/dsa-1788
  • MLIST: http://marc.info/?l=quagga-dev&m=123364779626078&w=2
  • CONFIRM: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526311
  • XF: http://xforce.iss.net/xforce/xfdb/50317
  • UBUNTU: http://www.ubuntu.com/usn/usn-775-1
  • SECTRACK: http://www.securitytracker.com/id?1022164
  • BID: http://www.securityfocus.com/bid/34817
  • OSVDB: http://www.osvdb.org/54200
  • MLIST: http://www.openwall.com/lists/oss-security/2009/05/01/2
  • MLIST: http://www.openwall.com/lists/oss-security/2009/05/01/1
  • MANDRIVA: http://www.mandriva.com/security/advisories?name=MDVSA-2009:109
  • MISC: http://thread.gmane.org/gmane.network.quagga.devel/6513
  • SECUNIA: http://secunia.com/advisories/35061
  • SECUNIA: http://secunia.com/advisories/34999

(from redmine: issue id 35, created on 2009-05-21, closed on 2009-06-23)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
May 28, 2009
Due date
May 28, 2009
Reference: alpine/aports#35