Vulnerability Details CVE-2009-1572
The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote attackers to cause a denial of service (crash) via an AS path containing ASN elements whose string representation is longer than expected, which triggers an assert error.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.112
EPSS Ranking 93.1%
CVSS Severity
CVSS v2 Score 5.0
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526311
- http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
- http://marc.info/?l=quagga-dev&m=123364779626078&w=2
- http://secunia.com/advisories/34999
- http://secunia.com/advisories/35061
- http://secunia.com/advisories/35203
- http://secunia.com/advisories/35685
- http://thread.gmane.org/gmane.network.quagga.devel/6513
- http://www.debian.org/security/2009/dsa-1788
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:109
- http://www.openwall.com/lists/oss-security/2009/05/01/1
- http://www.openwall.com/lists/oss-security/2009/05/01/2
- http://www.osvdb.org/54200
- http://www.securityfocus.com/bid/34817
- http://www.securitytracker.com/id?1022164
- http://www.ubuntu.com/usn/usn-775-1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50317
- https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01037.html
- https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01107.html
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526311
- http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
- http://marc.info/?l=quagga-dev&m=123364779626078&w=2
- http://secunia.com/advisories/34999
- http://secunia.com/advisories/35061
- http://secunia.com/advisories/35203
- http://secunia.com/advisories/35685
- http://thread.gmane.org/gmane.network.quagga.devel/6513
- http://www.debian.org/security/2009/dsa-1788
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:109
- http://www.openwall.com/lists/oss-security/2009/05/01/1
- http://www.openwall.com/lists/oss-security/2009/05/01/2
- http://www.osvdb.org/54200
- http://www.securityfocus.com/bid/34817
- http://www.securitytracker.com/id?1022164
- http://www.ubuntu.com/usn/usn-775-1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50317
- https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01037.html
- https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01107.html
Products affected by CVE-2009-1572
-
cpe:2.3:a:quagga:quagga:-
-
cpe:2.3:a:quagga:quagga:0.95
-
cpe:2.3:a:quagga:quagga:0.96
-
cpe:2.3:a:quagga:quagga:0.96.1
-
cpe:2.3:a:quagga:quagga:0.96.2
-
cpe:2.3:a:quagga:quagga:0.96.3
-
cpe:2.3:a:quagga:quagga:0.96.4
-
cpe:2.3:a:quagga:quagga:0.96.5
-
cpe:2.3:a:quagga:quagga:0.97.0
-
cpe:2.3:a:quagga:quagga:0.97.1
-
cpe:2.3:a:quagga:quagga:0.97.2
-
cpe:2.3:a:quagga:quagga:0.97.3
-
cpe:2.3:a:quagga:quagga:0.97.4
-
cpe:2.3:a:quagga:quagga:0.97.5
-
cpe:2.3:a:quagga:quagga:0.98.0
-
cpe:2.3:a:quagga:quagga:0.98.1
-
cpe:2.3:a:quagga:quagga:0.98.2
-
cpe:2.3:a:quagga:quagga:0.98.3
-
cpe:2.3:a:quagga:quagga:0.98.4
-
cpe:2.3:a:quagga:quagga:0.98.5
-
cpe:2.3:a:quagga:quagga:0.98.6
-
cpe:2.3:a:quagga:quagga:0.99.1
-
cpe:2.3:a:quagga:quagga:0.99.10
-
cpe:2.3:a:quagga:quagga:0.99.11
-
cpe:2.3:a:quagga:quagga:0.99.2
-
cpe:2.3:a:quagga:quagga:0.99.3
-
cpe:2.3:a:quagga:quagga:0.99.4
-
cpe:2.3:a:quagga:quagga:0.99.5
-
cpe:2.3:a:quagga:quagga:0.99.6
-
cpe:2.3:a:quagga:quagga:0.99.7
-
cpe:2.3:a:quagga:quagga:0.99.8
-
cpe:2.3:a:quagga:quagga:0.99.9