Quagga vulnerabilities

2011-03-2900:00:00

ubuntu.com

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.3 Medium

AI Score

Confidence

Low

0.169 Low

EPSS

Percentile

96.1%

JSON

Releases

Ubuntu 10.10
Ubuntu 10.04
Ubuntu 9.10
Ubuntu 8.04
Ubuntu 6.06

Packages

quagga - BGP/OSPF/RIP routing daemon

Details

It was discovered that Quagga incorrectly parsed certain malformed extended
communities. A remote attacker could use this flaw to cause Quagga to
crash, resulting in a denial of service. (CVE-2010-1674)

It was discovered that Quagga resets BGP sessions when encountering
malformed AS_PATHLIMIT attributes. A remote attacker could use this flaw to
disrupt BGP sessions, resulting in a denial of service. This update removes
AS_PATHLIMIT support from Quagga. This issue only affected Ubuntu 8.04 LTS,
9.10, 10.04 LTS and 10.10. (CVE-2010-1675)

OSVersionArchitecturePackageVersionFilename
Ubuntu9.10noarchquagga< 0.99.13-1ubuntu0.2UNKNOWN
Ubuntu8.04noarchquagga< 0.99.9-2ubuntu1.5UNKNOWN
Ubuntu6.06noarchquagga< 0.99.2-1ubuntu3.8UNKNOWN
Ubuntu10.10noarchquagga< 0.99.17-1ubuntu0.1UNKNOWN
Ubuntu10.04noarchquagga< 0.99.15-1ubuntu0.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	9.10	noarch	quagga	< 0.99.13-1ubuntu0.2	UNKNOWN
Ubuntu	8.04	noarch	quagga	< 0.99.9-2ubuntu1.5	UNKNOWN
Ubuntu	6.06	noarch	quagga	< 0.99.2-1ubuntu3.8	UNKNOWN
Ubuntu	10.10	noarch	quagga	< 0.99.17-1ubuntu0.1	UNKNOWN
Ubuntu	10.04	noarch	quagga	< 0.99.15-1ubuntu0.2	UNKNOWN