174206 – (CVE-2007-1995) net-misc/quagga DoS (CVE-2007-1995)

Bug 174206 (CVE-2007-1995) - net-misc/quagga DoS (CVE-2007-1995)

Summary: net-misc/quagga DoS (CVE-2007-1995)

Status:	RESOLVED FIXED

Alias:	CVE-2007-1995

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://www.quagga.net/news2.php?y=200...
Whiteboard:	B3 [glsa] jaervosz
Keywords:

Depends on:
Blocks:

Reported:	2007-04-11 20:10 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified:	2008-04-23 15:49 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2007-04-11 20:10:46 UTC

2007-04-08: Security: DoS in bgpd if configured peer sends crafted packet 
The bgpd daemon is vulnerable to a Denial-of-Service. Configured peers may cause a Quagga bgpd to, typically, assert() and abort. The DoS may be triggered by peers by sending an UPDATE message with a crafted, malformed Multi-Protocol reachable/unreachable NLRI attribute. Further details, and a proposed fix for Quagga 0.99 are available in Bug #354.

Comment 1 Alin Năstac (RETIRED) gentoo-dev

2007-04-12 07:41:11 UTC

Fixed in quagga-0.98.6-r2 and quagga-0.99.6-r1.

Only quagga-0.98.6-r2 needs to be stabilized, the other being the development version (has only ~arch keywords).

Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2007-04-12 09:21:56 UTC

Arches please test and mark stable. Target keywords are:

quagga-0.98.6-r2.ebuild:KEYWORDS="alpha ~amd64 ~arm hppa ppc ~s390 sparc x86"

Comment 3 Christian Faulhammer (RETIRED) gentoo-dev

2007-04-12 10:35:29 UTC

x86 stable

Comment 4 Jeroen Roovers (RETIRED) gentoo-dev

2007-04-12 21:13:18 UTC

Stable for HPPA.

Comment 5 Gustavo Zacarias (RETIRED) gentoo-dev

2007-04-13 14:42:16 UTC

sparc stable.

Comment 6 Tobias Scherbaum (RETIRED) gentoo-dev

2007-04-13 16:32:44 UTC

ppc stable

Comment 7 Jose Luis Rivero (yoswink) (RETIRED) gentoo-dev

2007-04-14 14:28:35 UTC

alpha stable. security, ready for you guys.

Comment 8 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2007-04-14 14:51:08 UTC

This one is ready for GLSA decision. I tend to vote NO.

Comment 9 Daniel Black (RETIRED) gentoo-dev

2007-04-20 09:28:17 UTC

no here too.

Comment 10 Matthias Geerdsen (RETIRED) gentoo-dev

2007-04-23 15:23:07 UTC

kinda tend to vote yes

Comment 11 Raphael Marichez (Falco) (RETIRED) gentoo-dev

2007-04-23 20:01:05 UTC

i vote yes since the issue seems not so difficult to trigger. Let's have one then.

Comment 12 Raphael Marichez (Falco) (RETIRED) gentoo-dev

2007-04-27 21:45:58 UTC

(In reply to comment #7)
> alpha stable. security, ready for you guys.
> 

errr.. don't forget to commit it :)

Comment 13 Jose Luis Rivero (yoswink) (RETIRED) gentoo-dev

2007-04-30 09:02:58 UTC

(In reply to comment #12)
> (In reply to comment #7)
> > alpha stable. security, ready for you guys.
> > 
> 
> errr.. don't forget to commit it :)
> 

Grrr .... Sorry guys, I was on holidays. Now it's done.

Comment 14 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2007-05-02 11:34:16 UTC

GLSA 200705-05