CVE-2007-4826
EPSS 1.5%quagga
Published: 9/12/2007Modified: 6/4/2024
Description
bgpd in Quagga before 0.99.9 allows explicitly configured BGP peers to cause a denial of service (crash) via a malformed (1) OPEN message or (2) a COMMUNITY attribute, which triggers a NULL pointer dereference. NOTE: vector 2 only exists when debugging is enabled.
Affected packages (2)
- Debian/quaggafrom 0, < 0.99.9-1
- Debian/quaggafrom 0, < 0.99.5-5etch3
References (19)
- ADVISORYhttp://secunia.com/advisories/26829
- ADVISORYhttp://secunia.com/advisories/26863
- ADVISORYhttp://secunia.com/advisories/27049
- ADVISORYhttp://secunia.com/advisories/29743
- ADVISORYhttp://www.debian.org/security/2007/dsa-1382
- ADVISORYhttp://www.mandriva.com/security/advisories?name=MDKSA-2007:182
- ADVISORYhttp://www.ubuntu.com/usn/usn-512-1
- ADVISORYhttp://www.vupen.com/english/advisories/2007/3129
- ADVISORYhttp://www.vupen.com/english/advisories/2008/1195/references
- PATCHhttp://quagga.net/news2.php?y=2007&m=9&d=7#id1189190760
- PATCHhttp://secunia.com/advisories/26744
- PATCHhttp://www.securityfocus.com/bid/25634
- WEBhttp://fedoranews.org/updates/FEDORA-2007-219.shtml
- WEBhttp://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00153.html
- WEBhttps://exchange.xforce.ibmcloud.com/vulnerabilities/36551
- WEBhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-236141-1
- WEBhttp://www.quagga.net/download/quagga-0.99.9.changelog.txt
- WEBhttp://www.redhat.com/support/errata/RHSA-2010-0785.html
- WEBhttp://www.trustix.org/errata/2007/0028/