[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-1572Date: (C)2009-05-06   (M)2023-12-22


The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote attackers to cause a denial of service (crash) via an AS path containing ASN elements whose string representation is longer than expected, which triggers an assert error.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
SECTRACK-1022164
BID-34817
SECUNIA-34999
SECUNIA-35061
SECUNIA-35203
SECUNIA-35685
OSVDB-54200
DSA-1788
FEDORA-2009-5284
FEDORA-2009-5324
MDVSA-2009:109
SUSE-SR:2009:012
USN-775-1
http://www.openwall.com/lists/oss-security/2009/05/01/1
http://www.openwall.com/lists/oss-security/2009/05/01/2
http://marc.info/?l=quagga-dev&m=123364779626078&w=2
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526311
http://thread.gmane.org/gmane.network.quagga.devel/6513
quagga-systemnumber-dos(50317)

CPE    31
cpe:/a:quagga:quagga:0.99.10
cpe:/a:quagga:quagga:0.96
cpe:/a:quagga:quagga:0.95
cpe:/a:quagga:quagga:0.99.9
...
OVAL    7
oval:org.secpod.oval:def:700331
oval:org.secpod.oval:def:600394
oval:org.secpod.oval:def:102495
oval:org.secpod.oval:def:101432
...

© SecPod Technologies