VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2010-2949
quagga_routing_software_suite: bgpd in Quagga before 0.99.17 does not properly par...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2949

Original

bgpd in Quagga before 0.99.17 does not properly parse AS paths, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unknown AS type in an AS path attribute in a BGP UPDATE message.

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-09-10
Source Information Category:
Advisory, Alert
Last Updated:
2010-09-13




Affected Product Tags
cpe:/a:quagga:quagga_routing_software_suite:0.95
cpe:/a:quagga:quagga_routing_software_suite:0.96.2
cpe:/a:quagga:quagga_routing_software_suite:0.96.3
cpe:/a:quagga:quagga_routing_software_suite:0.98.5
cpe:/a:quagga:quagga_routing_software_suite:0.98.6
cpe:/a:quagga:quagga_routing_software_suite:0.99.1
cpe:/a:quagga:quagga_routing_software_suite:0.99.10
cpe:/a:quagga:quagga_routing_software_suite:0.99.11
cpe:/a:quagga:quagga_routing_software_suite:0.99.12
cpe:/a:quagga:quagga_routing_software_suite:0.99.13
cpe:/a:quagga:quagga_routing_software_suite:0.99.14
cpe:/a:quagga:quagga_routing_software_suite:0.99.15
cpe:/a:quagga:quagga_routing_software_suite:0.99.16 and previous versions
cpe:/a:quagga:quagga_routing_software_suite:0.99.3
cpe:/a:quagga:quagga_routing_software_suite:0.99.4
cpe:/a:quagga:quagga_routing_software_suite:0.99.5
cpe:/a:quagga:quagga_routing_software_suite:0.99.6
cpe:/a:quagga:quagga_routing_software_suite:0.99.7
cpe:/a:quagga:quagga_routing_software_suite:0.99.8
cpe:/a:quagga:quagga_routing_software_suite:0.99.9
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

Local [?]
Adjacent Network [?]
X Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
Medium [?]
X Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
Single [?]
X None [?]
[Confidentiality Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
[Integrity Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
[Availability Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
Alternatives




References
BID 42642




CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=626795




CONFIRM http://www.quagga.net/news2.php?y=2010&m=8&d=19




CONFIRM http://code.quagga.net/?p=quagga.git;a=commit;h=cddb8112b80fa9867156c637d63e6e79eeac67bb




DEBIAN DSA-2104




MLIST [oss-security] 20100825 Re: CVE Request -- Quagga (bgpd) [two ids] -- 1, Stack buffer overflow by processing crafted Refresh-Route msgs 2, NULL ptr deref by parsing certain AS paths by BGP update request




MLIST [oss-security] 20100824 CVE Request -- Quagga (bgpd) [two ids] -- 1, Stack buffer overflow by processing crafted Refresh-Route msgs 2, NULL ptr deref by parsing certain AS paths by BGP update request




SECUNIA 41238




SECUNIA 41038




VUPEN ADV-2010-2304




Vulnerability Type Other (NVD-CWE-Other)




Copyright © 2010 JPCERT/CC All Rights Reserved.