for those who missed it... kind regards,
niko -------- Original Message -------- Subject: Re: [oss-security] CVE Request -- Quagga (bgpd) [two ids] -- 1, Stack buffer overflow by processing crafted Refresh-Route msgs 2, NULL ptr deref by parsing certain AS paths by BGP update request Date: Wed, 25 Aug 2010 10:21:59 -0400 From: Josh Bressers <bress...@redhat.com> Reply-To: oss-secur...@lists.openwall.com To: oss-secur...@lists.openwall.com CC: CERT-FI Vulnerability Co-ordination <vulnco...@ficora.fi>, Chris Hall <chris.h...@highwayman.com>, Denis Ovsienko <infrastat...@yandex.ru>, "Steven M. Christey" <co...@linus.mitre.org> ----- "Jan Lieskovsky" <jlies...@redhat.com> wrote: > Hi Steve, vendors, > > Quagga upstream has released latest vQuagga 0.99.17 version, > addressing two security flaws: > > A, Stack buffer overflow by processing certain Route-Refresh messages > > A stack buffer overflow flaw was found in the way Quagga's bgpd daemon > processed Route-Refresh messages. A configured Border Gateway Protocol > (BGP) peer could send a Route-Refresh message with specially-crafted > Outbound Route Filtering (ORF) record, which would cause the master > BGP daemon (bgpd) to crash or, possibly, execute arbitrary code with > the privileges of the user running bgpd. > > Upstream changeset: > [1] > http://code.quagga.net/?p=quagga.git;a=commit;h=d64379e8f3c0636df53ed08d5b2f1946cfedd0e3 > > References: > [2] https://bugzilla.redhat.com/show_bug.cgi?id=626783 > [3] http://www.quagga.net/news2.php?y=2010&m=8&d=19#id1282241100 Use CVE-2010-2948 for this one. > > B, DoS (crash) while processing certain BGP update AS path messages > > A NULL pointer dereference flaw was found in the way Quagga's bgpd > daemon parsed paths of autonomous systems (AS). A configured BGP peer > could send a BGP update AS path request with unknown AS type, which > could lead to denial of service (bgpd daemon crash). > > Upstream changeset: > [4] > http://code.quagga.net/?p=quagga.git;a=commit;h=cddb8112b80fa9867156c637d63e6e79eeac67bb > > References: > [5] https://bugzilla.redhat.com/show_bug.cgi?id=626795 > [6] http://www.quagga.net/news2.php?y=2010&m=8&d=19#id1282241100 > Use CVE-2010-2949 for this one. Thanks. -- JB