Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4826

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2007-4826
Last Modified 31 Mar 2011 12:00:00
Published 12 Sep 2007 06:17:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2007-4826

Summary

bgpd in Quagga before 0.99.9 allows explicitly configured BGP peers to cause a denial of service (crash) via a malformed (1) OPEN message or (2) a COMMUNITY attribute, which triggers a NULL pointer dereference. NOTE: vector 2 only exists when debugging is enabled.

Vulnerable Systems

Application

  • Quagga 0.95

  • Quagga 0.96

  • Quagga 0.96.1

  • Quagga 0.96.2

  • Quagga 0.96.3

  • Quagga 0.96.4

  • Quagga 0.96.5

  • Quagga 0.97.0

  • Quagga 0.97.1

  • Quagga 0.97.2

  • Quagga 0.97.3

  • Quagga 0.97.4

  • Quagga 0.97.5

  • Quagga 0.98.0

  • Quagga 0.98.1

  • Quagga 0.98.2

  • Quagga 0.98.3

  • Quagga 0.98.4

  • Quagga 0.98.5

  • Quagga 0.98.6

  • Quagga 0.99.1

  • Quagga 0.99.2

  • Quagga 0.99.3

  • Quagga 0.99.4

  • Quagga 0.99.5

  • Quagga 0.99.6

  • Quagga 0.99.7

  • Quagga 0.99.8


References

BID - 25634

SECUNIA - 26744

CONFIRM - http://quagga.net/news2.php?y=2007&m=9&d=7#id1189190760

XF - quagga-bgpd-dos(36551)

VUPEN - ADV-2008-1195

VUPEN - ADV-2007-3129

UBUNTU - USN-512-1

TRUSTIX - 2007-0028

REDHAT - RHSA-2010:0785

CONFIRM - http://www.quagga.net/download/quagga-0.99.9.changelog.txt

MANDRIVA - MDKSA-2007:182

DEBIAN - DSA-1382

SUNALERT - 236141

SECUNIA - 29743

SECUNIA - 27049

SECUNIA - 26863

SECUNIA - 26829

MLIST - [debian-security-announce] 20071003 [SECURITY] [DSA 1379-1] New quagga packages fix denial of service

FEDORA - FEDORA-2007-2196


Last Updated: 27 May 2016 10:45:58