CVE-2007-4826

Description

bgpd in Quagga before 0.99.9 allows explicitly configured BGP peers to cause a denial of service (crash) via a malformed (1) OPEN message or (2) a COMMUNITY attribute, which triggers a NULL pointer dereference. NOTE: vector 2 only exists when debugging is enabled.

Affected products

• Quagga / quagga0.99.8
• Quagga / quagga0.95 – 0.95
• Quagga / quagga0.96 – 0.96
• Quagga / quagga0.96.1 – 0.96.1
• Quagga / quagga0.96.2 – 0.96.2
• Quagga / quagga0.96.3 – 0.96.3
• Quagga / quagga0.96.4 – 0.96.4
• Quagga / quagga0.96.5 – 0.96.5
• Quagga / quagga0.97.0 – 0.97.0
• Quagga / quagga0.97.1 – 0.97.1
• Quagga / quagga0.97.2 – 0.97.2
• Quagga / quagga0.97.3 – 0.97.3
• Quagga / quagga0.97.4 – 0.97.4
• Quagga / quagga0.97.5 – 0.97.5
• Quagga / quagga0.98.0 – 0.98.0
• Quagga / quagga0.98.1 – 0.98.1
• Quagga / quagga0.98.2 – 0.98.2
• Quagga / quagga0.98.3 – 0.98.3
• Quagga / quagga0.98.4 – 0.98.4
• Quagga / quagga0.98.5 – 0.98.5
• Quagga / quagga0.98.6 – 0.98.6
• Quagga / quagga0.99.1 – 0.99.1
• Quagga / quagga0.99.2 – 0.99.2
• Quagga / quagga0.99.3 – 0.99.3
• Quagga / quagga0.99.4 – 0.99.4
• Quagga / quagga0.99.5 – 0.99.5
• Quagga / quagga0.99.6 – 0.99.6
• Quagga / quagga0.99.7 – 0.99.7

References

• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/36551
• MISChttp://quagga.net/news2.php?y=2007&m=9&d=7#id1189190760
• MISChttp://www.quagga.net/download/quagga-0.99.9.changelog.txt
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2008/1195/references
• VENDOR_ADVISORYhttp://secunia.com/advisories/26744
• MISChttp://sunsolve.sun.com/search/document.do?assetkey=1-26-236141-1
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2007/3129
• VENDOR_ADVISORYhttp://secunia.com/advisories/26863
• MISChttp://www.trustix.org/errata/2007/0028/
• MISChttp://fedoranews.org/updates/FEDORA-2007-219.shtml
• VENDOR_ADVISORYhttp://secunia.com/advisories/29743
• VENDOR_ADVISORYhttp://secunia.com/advisories/26829
• MISChttp://www.redhat.com/support/errata/RHSA-2010-0785.html
• VENDOR_ADVISORYhttp://www.ubuntu.com/usn/usn-512-1
• VENDOR_ADVISORYhttp://www.mandriva.com/security/advisories?name=MDKSA-2007:182
• VENDOR_ADVISORYhttp://www.debian.org/security/2007/dsa-1382
• MISChttp://www.securityfocus.com/bid/25634
• MAILING_LISThttp://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00153.html
• VENDOR_ADVISORYhttp://secunia.com/advisories/27049