Executive Summary
Summary | |
---|---|
Title | Quagga vulnerability |
Informations | |||
---|---|---|---|
Name | USN-512-1 | First vendor Publication | 2007-09-15 |
Vendor | Ubuntu | Last vendor Modification | 2007-09-15 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:S/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 3.5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 6.8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: Ubuntu 6.10: Ubuntu 7.04: In general, a standard system upgrade is sufficient to affect the necessary changes. Details follow: It was discovered that Quagga did not correctly verify OPEN messages or COMMUNITY attributes sent from configured peers. Malicious authenticated remote peers could send a specially crafted message which would cause bgpd to abort, leading to a denial of service. |
Original Source
Url : http://www.ubuntu.com/usn/USN-512-1 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:17555 | |||
Oval ID: | oval:org.mitre.oval:def:17555 | ||
Title: | USN-512-1 -- quagga vulnerability | ||
Description: | It was discovered that Quagga did not correctly verify OPEN messages or COMMUNITY attributes sent from configured peers. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-512-1 CVE-2007-4826 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 | Product(s): | quagga |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20392 | |||
Oval ID: | oval:org.mitre.oval:def:20392 | ||
Title: | DSA-1382-1 quagga | ||
Description: | It was discovered that BGP peers can trigger a NULL pointer dereference in the BGP daemon if debug logging is enabled, causing the BGP daemon to crash. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1382-1 CVE-2007-4826 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | quagga |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for quagga CESA-2010:0785 centos5 i386 File : nvt/gb_CESA-2010_0785_quagga_centos5_i386.nasl |
2010-11-04 | Name : CentOS Update for quagga CESA-2010:0785 centos4 i386 File : nvt/gb_CESA-2010_0785_quagga_centos4_i386.nasl |
2010-10-22 | Name : RedHat Update for quagga RHSA-2010:0785-01 File : nvt/gb_RHSA-2010_0785-01_quagga.nasl |
2009-03-23 | Name : Ubuntu Update for quagga vulnerability USN-512-1 File : nvt/gb_ubuntu_USN_512_1.nasl |
2009-02-27 | Name : Fedora Update for quagga FEDORA-2007-2196 File : nvt/gb_fedora_2007_2196_quagga_fc7.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
40494 | Quagga bgpd Malformed COMMUNITY Attribute Handling DoS |
40493 | Quagga bgpd Malformed OPEN Message Handling DoS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_quagga_20120404.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0785.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101020_quagga_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-06-29 | Name : The remote service may be affected by multiple denial of service vulnerabilit... File : quagga_0_99_9.nasl - Type : ACT_GATHER_INFO |
2010-11-24 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0785.nasl - Type : ACT_GATHER_INFO |
2010-10-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0785.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-512-1.nasl - Type : ACT_GATHER_INFO |
2007-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2007-2196.nasl - Type : ACT_GATHER_INFO |
2007-10-12 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1382.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:04:37 |
|