Miembros de
Boletines de Vulnerabilidades |
Denegación de servicio en Quaga |
|
Clasificación de la vulnerabilidad |
|
| Propiedad | Valor |
| Nivel de Confianza | Oficial |
| Impacto | Denegación de Servicio |
| Dificultad | Experto |
| Requerimientos del atacante | Acceso remoto sin cuenta a un servicio exotico |
Información sobre el sistema |
|
| Propiedad | Valor |
| Fabricante afectado | Networking |
| Software afectado | Quagga < 0.99.9 |
Descripción |
|
|
Se ha encontrado una vulnerabilidad en Quagga en las versiones anteriores a la 0.99.9. La vulnerabilidad reside en un error en el demonio bgpd. Un BGP peer remoto podría causar una denegación de servicio mediante un mensaje OPEN especialmente diseñado o mediante el atributo COMMUNITY. |
|
Solución |
|
|
Actualización de software Mandriva (MDKSA-2007:182) Corporate Server 4.0 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/i586/libquagga0-0.99.9-0.1.20060mlcs4.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/i586/libquagga0-devel-0.99.9-0.1.20060mlcs4.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/i586/quagga-0.99.9-0.1.20060mlcs4.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/i586/quagga-contrib-0.99.9-0.1.20060mlcs4.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/SRPMS/quagga-0.99.9-0.1.20060mlcs4.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/x86_64/lib64quagga0-0.99.9-0.1.20060mlcs4.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/x86_64/lib64quagga0-devel-0.99.9-0.1.20060mlcs4.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/x86_64/quagga-0.99.9-0.1.20060mlcs4.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/x86_64/quagga-contrib-0.99.9-0.1.20060mlcs4.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/SRPMS/quagga-0.99.9-0.1.20060mlcs4.src.rpm Debian (DSA 1379-1) Debian Linux 3.1 Source http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3.orig.tar.gz http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5.diff.gz http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5.dsc Architecture independent http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.98.3-7.5_all.deb alpha http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_alpha.deb amd64 http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_amd64.deb arm http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_arm.deb hppa http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_hppa.deb i386 http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_i386.deb ia64 http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_ia64.deb m68k http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_m68k.deb mips http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_mips.deb mipsel http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_mipsel.deb powerpc http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_powerpc.deb s390 http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_s390.deb sparc http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_sparc.deb Debian Linux 4.0 Source http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5.orig.tar.gz http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3.dsc http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3.diff.gz Architecture independent http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.99.5-5etch3_all.deb alpha http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_alpha.deb amd64 http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_amd64.deb arm http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_arm.deb hppa http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_hppa.deb i386 http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_i386.deb ia64 http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_ia64.deb mips http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_mips.deb mipsel http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_mipsel.deb powerpc http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_powerpc.deb s390 http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_s390.deb sparc http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_sparc.deb |
|
Identificadores estándar |
|
| Propiedad | Valor |
| CVE | CVE-2007-4826 |
| BID | 25634 |
Recursos adicionales |
|
|
Mandriva Security Advisory (MDKSA-2007:182) http://www.mandriva.com/security/advisories?name=MDKSA-2007:182 Debian Security Advisory (DSA 1379-1) http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00153.html |
|
Histórico de versiones |
||
| Versión | Comentario | Fecha |
| 1.0 | Aviso emitido | 2007-09-14 |
| 1.1 | Aviso emitido por Debian (DSA 1379-1) | 2007-10-04 |