Quagga Autonomous System Number Remote Denial Of Service Vulnerability
Alpine Linux related: All quagga-0.99.xx packages in Alpine Linux releases up to alpine-1.9.0_alpha9
Severity: Medium
Potential loss type: Availability
Patch available: Yes
Vulnerability description:
The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote attackers to cause a denial of service (crash) via an AS path containing ASN elements whose string representation is longer than expected, which triggers an assert error.
References:
- DEBIAN: http://www.debian.org/security/2009/dsa-1788
- MLIST: http://marc.info/?l=quagga-dev&m=123364779626078&w=2
- CONFIRM: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526311
- XF: http://xforce.iss.net/xforce/xfdb/50317
- UBUNTU: http://www.ubuntu.com/usn/usn-775-1
- SECTRACK: http://www.securitytracker.com/id?1022164
- BID: http://www.securityfocus.com/bid/34817
- OSVDB: http://www.osvdb.org/54200
- MLIST: http://www.openwall.com/lists/oss-security/2009/05/01/2
- MLIST: http://www.openwall.com/lists/oss-security/2009/05/01/1
- MANDRIVA: http://www.mandriva.com/security/advisories?name=MDVSA-2009:109
- MISC: http://thread.gmane.org/gmane.network.quagga.devel/6513
- SECUNIA: http://secunia.com/advisories/35061
- SECUNIA: http://secunia.com/advisories/34999
(from redmine: issue id 35, created on 2009-05-21, closed on 2009-06-23)