FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2009-1572

This CVE name corresponds to:

Entered Topic
2009-05-06 quagga -- Denial of Service

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2009-1572
Phase Assigned(20090506)

Description

The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote attackers to cause a denial of service (crash) via an AS path containing ASN elements whose string representation is longer than expected, which triggers an assert error.

References

Source Reference
MLIST [oss-security] 20090501 CVE request (sort of): Quagga BGP crasher
MLIST [oss-security] 20090501 Re: CVE request (sort of): Quagga BGP crasher
MLIST [quagga-dev] 20090203 [quagga-dev 6391] [PATCH] BGP 4-byte ASN bug fixes
MISC http://thread.gmane.org/gmane.network.quagga.devel/6513
CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526311
DEBIAN DSA-1788
FEDORA FEDORA-2009-5284
FEDORA FEDORA-2009-5324
MANDRIVA MDVSA-2009:109
SUSE SUSE-SR:2009:012
UBUNTU USN-775-1
BID 34817
OSVDB 54200
SECTRACK 1022164
SECUNIA 34999
SECUNIA 35061
SECUNIA 35203
SECUNIA 35685
XF quagga-systemnumber-dos(50317)