Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 334303 (CVE-2010-2948) - <net-misc/quagga-0.99.17: Multiple Vulnerabilities (CVE-2010-{2948,2949})
Summary: <net-misc/quagga-0.99.17: Multiple Vulnerabilities (CVE-2010-{2948,2949})
Status: RESOLVED FIXED
Alias: CVE-2010-2948
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B1 [glsa]
Keywords:
Depends on: 311865
Blocks:
  Show dependency tree
 
Reported: 2010-08-24 15:50 UTC by Tim Sammut (RETIRED)
Modified: 2012-02-21 18:44 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Tim Sammut (RETIRED) gentoo-dev 2010-08-24 15:50:20 UTC
A, Stack buffer overflow by processing certain Route-Refresh messages

  A stack buffer overflow flaw was found in the way Quagga's bgpd daemon
  processed Route-Refresh messages. A configured Border Gateway Protocol
  (BGP) peer could send a Route-Refresh message with specially-crafted
  Outbound Route Filtering (ORF) record, which would cause the master BGP
  daemon (bgpd) to crash or, possibly, execute arbitrary code with the
  privileges of the user running bgpd.

  Upstream changeset:
  [1] http://code.quagga.net/?p=quagga.git;a=commit;h=d64379e8f3c0636df53ed08d5b2f1946cfedd0e3

  References:
  [2] https://bugzilla.redhat.com/show_bug.cgi?id=626783
  [3] http://www.quagga.net/news2.php?y=2010&m=8&d=19#id1282241100

B, DoS (crash) while processing certain BGP update AS path messages

  A NULL pointer dereference flaw was found in the way Quagga's bgpd daemon
  parsed paths of autonomous systems (AS). A configured BGP peer could send
  a BGP update AS path request with unknown AS type, which could lead to
  denial of service (bgpd daemon crash).

  Upstream changeset:
  [4] http://code.quagga.net/?p=quagga.git;a=commit;h=cddb8112b80fa9867156c637d63e6e79eeac67bb

  References:
  [5] https://bugzilla.redhat.com/show_bug.cgi?id=626795
  [6] http://www.quagga.net/news2.php?y=2010&m=8&d=19#id1282241100
Comment 1 Tim Sammut (RETIRED) gentoo-dev 2010-08-25 15:32:37 UTC
CVEs assigned.

A, Stack buffer overflow by processing certain Route-Refresh messages

CVE-2010-2948

B, DoS (crash) while processing certain BGP update AS path messages

CVE-2010-2949
Comment 2 Diego Elio Pettenò (RETIRED) gentoo-dev 2010-09-05 16:08:39 UTC
I'll be taking care of the bump; please give me a bit more time though because I actually want to give it a bit of lifting.
Comment 3 Stefan Behte (RETIRED) gentoo-dev Security 2010-09-24 20:28:25 UTC
CVE-2010-2948 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2948):
  Stack-based buffer overflow in the bgp_route_refresh_receive function
  in bgp_packet.c in bgpd in Quagga before 0.99.17 allows remote
  authenticated users to cause a denial of service (daemon crash) or
  possibly execute arbitrary code via a malformed Outbound Route
  Filtering (ORF) record in a BGP ROUTE-REFRESH (RR) message.

CVE-2010-2949 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2949):
  bgpd in Quagga before 0.99.17 does not properly parse AS paths, which
  allows remote attackers to cause a denial of service (NULL pointer
  dereference and daemon crash) via an unknown AS type in an AS path
  attribute in a BGP UPDATE message.

Comment 4 Tim Sammut (RETIRED) gentoo-dev 2010-10-08 22:00:55 UTC
(In reply to comment #2)
> I'll be taking care of the bump; please give me a bit more time though because
> I actually want to give it a bit of lifting.
> 

Hi, Diego.

How is you testing going? Should we move forward with stabilization?

thanks!
t
Comment 5 Diego Elio Pettenò (RETIRED) gentoo-dev 2010-10-08 22:10:37 UTC
Sorry, I forgot to advise here; I've been running 0.99.17 on my home router for a while and all the bugs reported have been fixed, so it's fine for me to mark 0.99.17-r2 stable.
Comment 6 Tim Sammut (RETIRED) gentoo-dev 2010-10-08 22:14:36 UTC
Thanks!

Arches, please test and mark stable:
=net-misc/quagga-0.99.17-r2
Target keywords : "alpha amd64 arm hppa ppc s390 sparc x86"

Comment 7 Tobias Klausmann gentoo-dev 2010-10-09 12:33:13 UTC
Stable on alpha.
Comment 8 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2010-10-09 15:04:18 UTC
x86 stable
Comment 9 Markos Chandras (RETIRED) gentoo-dev 2010-10-09 19:06:15 UTC
amd64 done
Comment 10 Raúl Porcel (RETIRED) gentoo-dev 2010-10-10 17:06:46 UTC
arm/s390/sparc stable
Comment 11 Jeroen Roovers (RETIRED) gentoo-dev 2010-10-11 20:17:30 UTC
Stable for HPPA PPC.
Comment 12 Tim Sammut (RETIRED) gentoo-dev 2010-10-11 20:30:23 UTC
Thanks, folks. GLSA request filed.
Comment 13 GLSAMaker/CVETool Bot gentoo-dev 2012-02-21 18:44:18 UTC
This issue was resolved and addressed in
 GLSA 201202-02 at http://security.gentoo.org/glsa/glsa-201202-02.xml
by GLSA coordinator Tim Sammut (underling).