Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 134003 - net/misc quagga multible vulnerability's
Summary: net/misc quagga multible vulnerability's
Status: RESOLVED DUPLICATE of bug 132353
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://www.securityfocus.com/bid/17979
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-05-22 00:20 UTC by Dax
Modified: 2006-05-22 00:42 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Dax 2006-05-22 00:20:20 UTC 
hi all,


Quagga BGPD Local Denial Of Service Vulnerability

Quagga is prone to a local denial-of-service vulnerability.

An attacker can exploit this issue by using commands that cause the consumption of a large amount of CPU resources.

An attacker may cause the application to crash, thus denying service to legitimate users.

Version 0.98.3 is vulnerable; other versions may also be affected.

########

Quagga Information Disclosure and Route Injection Vulnerabilities

Quagga is susceptible to remote information-disclosure and route-injection vulnerabilities. The application fails to properly ensure that required authentication and protocol configuration options are enforced.

These issues allow remote attackers to gain access to potentially sensitive network-routing configuration information and to inject arbitrary routes into the RIP routing table. This may aid malicious users in further attacks against targeted networks.

Quagga versions 0.98.5 and 0.99.3 are vulnerable to these issues; other versions may also be affected.

Rgds
Daxomatic
Comment 1 Dax 2006-05-22 00:42:55 UTC 

*** This bug has been marked as a duplicate of 132353 ***