Vulnerability Details CVE-2009-1572
The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote attackers to cause a denial of service (crash) via an AS path containing ASN elements whose string representation is longer than expected, which triggers an assert error.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.035
EPSS Ranking 87.7%
CVSS Severity
CVSS v2 Score 5.0
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526311
- http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
- http://marc.info/?l=quagga-dev&m=123364779626078&w=2
- http://secunia.com/advisories/34999
- http://secunia.com/advisories/35061
- http://secunia.com/advisories/35203
- http://secunia.com/advisories/35685
- http://thread.gmane.org/gmane.network.quagga.devel/6513
- http://www.debian.org/security/2009/dsa-1788
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:109
- http://www.openwall.com/lists/oss-security/2009/05/01/1
- http://www.openwall.com/lists/oss-security/2009/05/01/2
- http://www.osvdb.org/54200
- http://www.securityfocus.com/bid/34817
- http://www.securitytracker.com/id?1022164
- http://www.ubuntu.com/usn/usn-775-1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50317
- https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01037.html
- https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01107.html
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526311
- http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
- http://marc.info/?l=quagga-dev&m=123364779626078&w=2
- http://secunia.com/advisories/34999
- http://secunia.com/advisories/35061
- http://secunia.com/advisories/35203
- http://secunia.com/advisories/35685
- http://thread.gmane.org/gmane.network.quagga.devel/6513
- http://www.debian.org/security/2009/dsa-1788
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:109
- http://www.openwall.com/lists/oss-security/2009/05/01/1
- http://www.openwall.com/lists/oss-security/2009/05/01/2
- http://www.osvdb.org/54200
- http://www.securityfocus.com/bid/34817
- http://www.securitytracker.com/id?1022164
- http://www.ubuntu.com/usn/usn-775-1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50317
- https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01037.html
- https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01107.html
Products affected by CVE-2009-1572
-
cpe:2.3:a:quagga:quagga:-
-
cpe:2.3:a:quagga:quagga:0.95
-
cpe:2.3:a:quagga:quagga:0.96
-
cpe:2.3:a:quagga:quagga:0.96.1
-
cpe:2.3:a:quagga:quagga:0.96.2
-
cpe:2.3:a:quagga:quagga:0.96.3
-
cpe:2.3:a:quagga:quagga:0.96.4
-
cpe:2.3:a:quagga:quagga:0.96.5
-
cpe:2.3:a:quagga:quagga:0.97.0
-
cpe:2.3:a:quagga:quagga:0.97.1
-
cpe:2.3:a:quagga:quagga:0.97.2
-
cpe:2.3:a:quagga:quagga:0.97.3
-
cpe:2.3:a:quagga:quagga:0.97.4
-
cpe:2.3:a:quagga:quagga:0.97.5
-
cpe:2.3:a:quagga:quagga:0.98.0
-
cpe:2.3:a:quagga:quagga:0.98.1
-
cpe:2.3:a:quagga:quagga:0.98.2
-
cpe:2.3:a:quagga:quagga:0.98.3
-
cpe:2.3:a:quagga:quagga:0.98.4
-
cpe:2.3:a:quagga:quagga:0.98.5
-
cpe:2.3:a:quagga:quagga:0.98.6
-
cpe:2.3:a:quagga:quagga:0.99.1
-
cpe:2.3:a:quagga:quagga:0.99.10
-
cpe:2.3:a:quagga:quagga:0.99.11
-
cpe:2.3:a:quagga:quagga:0.99.2
-
cpe:2.3:a:quagga:quagga:0.99.3
-
cpe:2.3:a:quagga:quagga:0.99.4
-
cpe:2.3:a:quagga:quagga:0.99.5
-
cpe:2.3:a:quagga:quagga:0.99.6
-
cpe:2.3:a:quagga:quagga:0.99.7
-
cpe:2.3:a:quagga:quagga:0.99.8
-
cpe:2.3:a:quagga:quagga:0.99.9