ID

VAR-200709-0225


CVE

CVE-2007-4826


TITLE

Quagga of bgpd Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2007-001159

DESCRIPTION

bgpd in Quagga before 0.99.9 allows explicitly configured BGP peers to cause a denial of service (crash) via a malformed (1) OPEN message or (2) a COMMUNITY attribute, which triggers a NULL pointer dereference. NOTE: vector 2 only exists when debugging is enabled. Quagga Routing Suite is prone to a multiple denial-of-service vulnerabilities. An attacker can exploit these issues to crash the affected application, denying service to legitimate users. These issues affect versions prior to Quagga Routing Suite 0.99.9. Updated packages are available that bring Quagga to version 0.99.9 which provides numerous bugfixes over the previous 0.99.3 version, and also correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4826 _______________________________________________________________________ Updated Packages: Corporate 4.0: ab6e0e1d280a6945ce7a5b47d908181c corporate/4.0/i586/libquagga0-0.99.9-0.1.20060mlcs4.i586.rpm f0744b4772d1d15dc5d02d0642e5f0da corporate/4.0/i586/libquagga0-devel-0.99.9-0.1.20060mlcs4.i586.rpm 6d5921788f7a5c169f053013fa4dd0c5 corporate/4.0/i586/quagga-0.99.9-0.1.20060mlcs4.i586.rpm cde3640e96e96e47384181a940a9e8c1 corporate/4.0/i586/quagga-contrib-0.99.9-0.1.20060mlcs4.i586.rpm 5e64b02beff305ba5a37272e13592739 corporate/4.0/SRPMS/quagga-0.99.9-0.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: 24474feed270055ce5e5ed096c227e50 corporate/4.0/x86_64/lib64quagga0-0.99.9-0.1.20060mlcs4.x86_64.rpm cac13525b2e2935e314fe8a8a0dd1626 corporate/4.0/x86_64/lib64quagga0-devel-0.99.9-0.1.20060mlcs4.x86_64.rpm dcb01be5184742e412f99f5fa601f7a7 corporate/4.0/x86_64/quagga-0.99.9-0.1.20060mlcs4.x86_64.rpm c8978f69636129050debd2e721bba887 corporate/4.0/x86_64/quagga-contrib-0.99.9-0.1.20060mlcs4.x86_64.rpm 5e64b02beff305ba5a37272e13592739 corporate/4.0/SRPMS/quagga-0.99.9-0.1.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFG6WgbmqjQ0CJFipgRAoPJAJ9gZxTHQMiR/Z+WjwIErpa/JmMQRwCg4Ckf bzjs45A3TRaGLqsKFHZ9qqQ= =PJRI -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,700 different Windows applications. -- Debian GNU/Linux 3.1 alias sarge -- Source archives: http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3.orig.tar.gz Size/MD5 checksum: 2118348 68be5e911e4d604c0f5959338263356e http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5.diff.gz Size/MD5 checksum: 43910 8bfd06c851172358137d7b67d5f90490 http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5.dsc Size/MD5 checksum: 1017 69dc4e5de4de00ec723ecaad6f285af8 Architecture independent packages: http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.98.3-7.5_all.deb Size/MD5 checksum: 488996 4f150df3d0d7c1b26d648590ac02541a alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_alpha.deb Size/MD5 checksum: 1613894 c0064c06d8eeed92b7607bc9d1c03c0f amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_amd64.deb Size/MD5 checksum: 1413484 399d4fe967343eb586eb4f17348d2f4b arm architecture (ARM) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_arm.deb Size/MD5 checksum: 1291326 cc876fbb2cf8e3602cde4ea1e93e75e0 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_hppa.deb Size/MD5 checksum: 1447854 ae9502f1d97de52c875f0eb82ab8cf3e i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_i386.deb Size/MD5 checksum: 1192432 e3057ed965a580381e7c15dc430df295 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_ia64.deb Size/MD5 checksum: 1829272 e182c3ae76fe84b9b041498aef8807ee m68k architecture (Motorola Mc680x0) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_m68k.deb Size/MD5 checksum: 1159818 487dd9883427b87d886674996e6850a1 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_mips.deb Size/MD5 checksum: 1353182 411564875b0ecb39ffd166865392ed7b mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_mipsel.deb Size/MD5 checksum: 1356062 b828e6228e2b8389d61de6b97c1b6b56 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_powerpc.deb Size/MD5 checksum: 1317460 927a1768a1e2449981c0159d974658e8 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_s390.deb Size/MD5 checksum: 1401842 e30e4afa3570324cb913ae0b746f49a3 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_sparc.deb Size/MD5 checksum: 1287860 17ad533f4dfc7b184812ad7634bf215f -- Debian GNU/Linux 4.0 alias etch -- Source archives: http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5.orig.tar.gz Size/MD5 checksum: 2311140 3f9c71aca6faa22a889e2f84ecfd0076 http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3.dsc Size/MD5 checksum: 1046 3a36e812322157de715626cbe04c519f http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3.diff.gz Size/MD5 checksum: 33551 0de3c5021dbed0e4739f88b6f00a9c59 Architecture independent packages: http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.99.5-5etch3_all.deb Size/MD5 checksum: 720288 2bafee611f8a75fedc07be2224f90922 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_alpha.deb Size/MD5 checksum: 1681786 b98d10ce3b2906b13031f9d09fcdde3c amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_amd64.deb Size/MD5 checksum: 1414716 00846f88e7df3db61001d54fd5647d23 arm architecture (ARM) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_arm.deb Size/MD5 checksum: 1349946 5e8c58f59352222caf345fbf3f1551de hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_hppa.deb Size/MD5 checksum: 1531350 54a89d669ab617597c7abf53eb7c3e6a i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_i386.deb Size/MD5 checksum: 1247076 6334fa5dd1344e6be4bfe77d8f5efba7 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_ia64.deb Size/MD5 checksum: 1955634 6b98821ad60bd0a757b274488f92a50d mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_mips.deb Size/MD5 checksum: 1455714 1b8e171cb0b8dd1d5643f4960fb227de mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_mipsel.deb Size/MD5 checksum: 1460804 4bbd130c9419f69f6c759c80ec672352 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_powerpc.deb Size/MD5 checksum: 1379640 a0c25edb50d2b0c3ddbcacf96a702b29 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_s390.deb Size/MD5 checksum: 1482930 e22c407cb6fdf8071799d3891de4c12c sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_sparc.deb Size/MD5 checksum: 1348064 843f3b9bcfc7f25f1fe096a0c0f46793 -- Debian GNU/Linux unstable alias sid -- Fixed in version 0.99.9-1. =========================================================== Ubuntu Security Notice USN-512-1 September 15, 2007 quagga vulnerability CVE-2007-4826 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: quagga 0.99.2-1ubuntu3.3 Ubuntu 6.10: quagga 0.99.4-4ubuntu1.2 Ubuntu 7.04: quagga 0.99.6-2ubuntu3.2 In general, a standard system upgrade is sufficient to affect the necessary changes. ---------------------------------------------------------------------- Secunia Network Software Inspector 2.0 (NSI) - Public Beta 15 days left of beta period. The 1st generation of the Secunia Network Software Inspector (NSI) has been available for corporate users for almost 1 year and its been a tremendous success. The 2nd generation Secunia NSI is built on the same technology as the award winning Secunia PSI, which has already been downloaded and installed on more than 400,000 computers world wide. For more information: SA24808 SA26744 The vulnerabilities have been reported in GNU Zebra and Quagga BGP Routing Daemon included in Solaris 10 for both the SPARC and x86 platforms. SOLUTION: Apply patches. -- SPARC Platform -- Apply patch 126206-04 or later. -- x86 Platform -- Apply patch 126207-04 or later. ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. Download the free PSI BETA from the Secunia website: https://psi.secunia.com/ ---------------------------------------------------------------------- TITLE: Quagga Multiple Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA26744 VERIFY ADVISORY: http://secunia.com/advisories/26744/ CRITICAL: Less critical IMPACT: DoS WHERE: >From remote SOFTWARE: Quagga 0.x http://secunia.com/product/4731/ DESCRIPTION: Some vulnerabilities have been reported in Quagga, which can be exploited by malicious users to cause a DoS (Denial of Service). The vulnerabilities are caused due to bgpd improperly handling messages and attributes sent by peers. This can be exploited to crash bgpd by sending a specially crafted "OPEN" message or a specially crafted "COMMUNITY" attribute to the affected server. Successful exploitation requires that the attacker is configured as peer of the victim system, and that the debugging of BGP updates is on. The vulnerabilities are reported in versions prior to 0.99.9. SOLUTION: Fixed in unstable version 0.99.9. Connect to trusted peers only. PROVIDED AND/OR DISCOVERED BY: The vendor credits Mu Security. ORIGINAL ADVISORY: http://www.quagga.net/download/quagga-0.99.9.changelog.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.52

sources: NVD: CVE-2007-4826 // JVNDB: JVNDB-2007-001159 // BID: 25634 // PACKETSTORM: 59307 // PACKETSTORM: 59758 // PACKETSTORM: 59371 // PACKETSTORM: 59341 // PACKETSTORM: 65543 // PACKETSTORM: 59220 // PACKETSTORM: 59440

AFFECTED PRODUCTS

vendor:quaggamodel:quaggascope:lteversion:0.99.8

Trust: 1.8

vendor:quaggamodel:quaggascope:eqversion:0.97.5

Trust: 1.6

vendor:quaggamodel:quaggascope:eqversion:0.97.2

Trust: 1.6

vendor:quaggamodel:quaggascope:eqversion:0.98.0

Trust: 1.6

vendor:quaggamodel:quaggascope:eqversion:0.98.3

Trust: 1.6

vendor:quaggamodel:quaggascope:eqversion:0.97.3

Trust: 1.6

vendor:quaggamodel:quaggascope:eqversion:0.98.1

Trust: 1.6

vendor:quaggamodel:quaggascope:eqversion:0.97.4

Trust: 1.6

vendor:quaggamodel:quaggascope:eqversion:0.98.4

Trust: 1.6

vendor:quaggamodel:quaggascope:eqversion:0.98.2

Trust: 1.6

vendor:quaggamodel:quaggascope:eqversion:0.96.3

Trust: 1.0

vendor:quaggamodel:quaggascope:eqversion:0.99.2

Trust: 1.0

vendor:quaggamodel:quaggascope:eqversion:0.99.4

Trust: 1.0

vendor:quaggamodel:quaggascope:eqversion:0.99.1

Trust: 1.0

vendor:quaggamodel:quaggascope:eqversion:0.98.5

Trust: 1.0

vendor:quaggamodel:quaggascope:eqversion:0.96.2

Trust: 1.0

vendor:quaggamodel:quaggascope:eqversion:0.96.1

Trust: 1.0

vendor:quaggamodel:quaggascope:eqversion:0.99.5

Trust: 1.0

vendor:quaggamodel:quaggascope:eqversion:0.97.0

Trust: 1.0

vendor:quaggamodel:quaggascope:eqversion:0.98.6

Trust: 1.0

vendor:quaggamodel:quaggascope:eqversion:0.96.5

Trust: 1.0

vendor:quaggamodel:quaggascope:eqversion:0.99.6

Trust: 1.0

vendor:quaggamodel:quaggascope:eqversion:0.96

Trust: 1.0

vendor:quaggamodel:quaggascope:eqversion:0.96.4

Trust: 1.0

vendor:quaggamodel:quaggascope:eqversion:0.99.7

Trust: 1.0

vendor:quaggamodel:quaggascope:eqversion:0.97.1

Trust: 1.0

vendor:quaggamodel:quaggascope:eqversion:0.95

Trust: 1.0

vendor:quaggamodel:quaggascope:eqversion:0.99.3

Trust: 1.0

vendor:cybertrustmodel:asianux serverscope:eqversion:3 (x86)

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3 (x86-64)

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:4.0

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:4.0 (x86-64)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:10 (sparc)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:10 (x86)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4 (as)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4 (es)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4 (ws)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4.8 (as)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4.8 (es)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:5 (server)

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:4.0

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:5.0 (client)

Trust: 0.8

vendor:red hatmodel:rhel desktop workstationscope:eqversion:5 (client)

Trust: 0.8

vendor:quaggamodel:quaggascope:eqversion:0.99.8

Trust: 0.6

vendor:ubuntumodel:linux sparcscope:eqversion:7.04

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:7.04

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:7.04

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:7.04

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:6.10

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:6.10

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:6.10

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:6.10

Trust: 0.3

vendor:ubuntumodel:linux lts sparcscope:eqversion:6.06

Trust: 0.3

vendor:ubuntumodel:linux lts powerpcscope:eqversion:6.06

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:6.06

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:6.06

Trust: 0.3

vendor:trustixmodel:secure linuxscope:eqversion:3.0.5

Trust: 0.3

vendor:trustixmodel:secure linuxscope:eqversion:3.0

Trust: 0.3

vendor:trustixmodel:secure linuxscope:eqversion:2.2

Trust: 0.3

vendor:sunmodel:solaris 10 x86scope: - version: -

Trust: 0.3

vendor:sunmodel:solaris 10 sparcscope: - version: -

Trust: 0.3

vendor:redhatmodel:enterprise linux wsscope:eqversion:4

Trust: 0.3

vendor:redhatmodel:enterprise linux esscope:eqversion:4

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop workstation clientscope:eqversion:5

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop versionscope:eqversion:4

Trust: 0.3

vendor:redmodel:hat fedora core7scope: - version: -

Trust: 0.3

vendor:redmodel:hat enterprise linux desktop clientscope:eqversion:5

Trust: 0.3

vendor:redmodel:hat enterprise linux asscope:eqversion:4

Trust: 0.3

vendor:redmodel:hat enterprise linux serverscope:eqversion:5

Trust: 0.3

vendor:quaggamodel:routing software suitescope:eqversion:0.99.8

Trust: 0.3

vendor:quaggamodel:routing software suitescope:eqversion:0.99.7

Trust: 0.3

vendor:quaggamodel:routing software suitescope:eqversion:0.99.6

Trust: 0.3

vendor:quaggamodel:routing software suitescope:eqversion:0.99.5

Trust: 0.3

vendor:quaggamodel:routing software suitescope:eqversion:0.99.4

Trust: 0.3

vendor:quaggamodel:routing software suitescope:eqversion:0.99.3

Trust: 0.3

vendor:quaggamodel:routing software suitescope:eqversion:0.99.2

Trust: 0.3

vendor:quaggamodel:routing software suitescope:eqversion:0.99.1

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:5

Trust: 0.3

vendor:mandrakesoftmodel:corporate server x86 64scope:eqversion:4.0

Trust: 0.3

vendor:mandrakesoftmodel:corporate serverscope:eqversion:4.0

Trust: 0.3

vendor:avayamodel:interactive responsescope:eqversion:2.0

Trust: 0.3

vendor:quaggamodel:routing software suitescope:neversion:0.99.9

Trust: 0.3

sources: BID: 25634 // JVNDB: JVNDB-2007-001159 // CNNVD: CNNVD-200709-152 // NVD: CVE-2007-4826

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2007-4826
value: LOW

Trust: 1.8

CNNVD: CNNVD-200709-152
value: LOW

Trust: 0.6

NVD: CVE-2007-4826
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2007-001159 // CNNVD: CNNVD-200709-152 // NVD: CVE-2007-4826

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2007-4826

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 59307 // PACKETSTORM: 59371 // CNNVD: CNNVD-200709-152

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200709-152

CONFIGURATIONS

sources: NVD: CVE-2007-4826

PATCH

title:quagga-0.98.6-5.2.0.1.AXS3url:https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=1286

Trust: 0.8

title:2145url:http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=2145

Trust: 0.8

title:Index of /releases/quaggaurl:http://download.savannah.gnu.org/releases/quagga/

Trust: 0.8

title:RHSA-2010:0785url:https://rhn.redhat.com/errata/rhsa-2010-0785.html

Trust: 0.8

title:Multiple Denial of Service vulnerabilities in Quaggaurl:https://blogs.oracle.com/sunsecurity/entry/multiple_denial_of_service_vulnerabilities4

Trust: 0.8

title:236141url:http://download.oracle.com/sunalerts/1019153.1.html

Trust: 0.8

sources: JVNDB: JVNDB-2007-001159

EXTERNAL IDS

db:NVDid:CVE-2007-4826

Trust: 2.9

db:BIDid:25634

Trust: 2.7

db:SECUNIAid:26744

Trust: 2.5

db:SECUNIAid:27049

Trust: 1.7

db:SECUNIAid:26829

Trust: 1.7

db:SECUNIAid:29743

Trust: 1.7

db:SECUNIAid:26863

Trust: 1.7

db:VUPENid:ADV-2007-3129

Trust: 1.6

db:VUPENid:ADV-2008-1195

Trust: 1.6

db:XFid:36551

Trust: 1.4

db:JVNDBid:JVNDB-2007-001159

Trust: 0.8

db:FEDORAid:FEDORA-2007-2196

Trust: 0.6

db:MANDRIVAid:MDKSA-2007:182

Trust: 0.6

db:UBUNTUid:USN-512-1

Trust: 0.6

db:DEBIANid:DSA-1382

Trust: 0.6

db:SUNALERTid:236141

Trust: 0.6

db:TRUSTIXid:2007-0028

Trust: 0.6

db:MLISTid:[DEBIAN-SECURITY-ANNOUNCE] 20071003 [SECURITY] [DSA 1379-1] NEW QUAGGA PACKAGES FIX DENIAL OF SERVICE

Trust: 0.6

db:CNNVDid:CNNVD-200709-152

Trust: 0.6

db:PACKETSTORMid:59307

Trust: 0.1

db:PACKETSTORMid:59758

Trust: 0.1

db:PACKETSTORMid:59371

Trust: 0.1

db:PACKETSTORMid:59341

Trust: 0.1

db:PACKETSTORMid:65543

Trust: 0.1

db:PACKETSTORMid:59220

Trust: 0.1

db:PACKETSTORMid:59440

Trust: 0.1

sources: BID: 25634 // JVNDB: JVNDB-2007-001159 // PACKETSTORM: 59307 // PACKETSTORM: 59758 // PACKETSTORM: 59371 // PACKETSTORM: 59341 // PACKETSTORM: 65543 // PACKETSTORM: 59220 // PACKETSTORM: 59440 // CNNVD: CNNVD-200709-152 // NVD: CVE-2007-4826

REFERENCES

url:http://secunia.com/advisories/26744

Trust: 2.4

url:http://www.securityfocus.com/bid/25634

Trust: 2.4

url:http://www.quagga.net/download/quagga-0.99.9.changelog.txt

Trust: 2.0

url:http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00153.html

Trust: 1.7

url:http://www.ubuntu.com/usn/usn-512-1

Trust: 1.7

url:http://quagga.net/news2.php?y=2007&m=9&d=7#id1189190760

Trust: 1.6

url:http://www.trustix.org/errata/2007/0028/

Trust: 1.6

url:http://www.mandriva.com/security/advisories?name=mdksa-2007:182

Trust: 1.6

url:http://www.debian.org/security/2007/dsa-1382

Trust: 1.6

url:http://secunia.com/advisories/27049

Trust: 1.6

url:http://secunia.com/advisories/26863

Trust: 1.6

url:http://secunia.com/advisories/26829

Trust: 1.6

url:http://fedoranews.org/updates/fedora-2007-219.shtml

Trust: 1.6

url:http://sunsolve.sun.com/search/document.do?assetkey=1-26-236141-1

Trust: 1.6

url:http://secunia.com/advisories/29743

Trust: 1.6

url:http://www.frsirt.com/english/advisories/2007/3129

Trust: 1.4

url:http://xforce.iss.net/xforce/xfdb/36551

Trust: 1.4

url:http://www.redhat.com/support/errata/rhsa-2010-0785.html

Trust: 1.0

url:http://www.vupen.com/english/advisories/2007/3129

Trust: 1.0

url:http://www.vupen.com/english/advisories/2008/1195/references

Trust: 1.0

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/36551

Trust: 1.0

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4826

Trust: 0.9

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-4826

Trust: 0.8

url:http://www.frsirt.com/english/advisories/2008/1195/references

Trust: 0.6

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.5

url:http://secunia.com/about_secunia_advisories/

Trust: 0.5

url:http://secunia.com/advisories/26744/

Trust: 0.5

url:http://secunia.com/secunia_security_advisories/

Trust: 0.5

url:http://sunsolve.sun.com/search/document.do?assetkey=1-66-236141-1

Trust: 0.4

url:http://www.quagga.net/

Trust: 0.3

url:http://support.avaya.com/elmodocs2/security/asa-2008-176.htm

Trust: 0.3

url:https://psi.secunia.com/

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2007-4826

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6-2ubuntu3.2.diff.gz

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.2-1ubuntu3.3_all.deb

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4-4ubuntu1.2.diff.gz

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.3_i386.deb

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6-2ubuntu3.2_amd64.deb

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6-2ubuntu3.2_powerpc.deb

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4.orig.tar.gz

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.3.dsc

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.3.diff.gz

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4-4ubuntu1.2_powerpc.deb

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6-2ubuntu3.2_i386.deb

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4-4ubuntu1.2_i386.deb

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.3_sparc.deb

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.3_powerpc.deb

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2.orig.tar.gz

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4-4ubuntu1.2_amd64.deb

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.6-2ubuntu3.2_all.deb

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.4-4ubuntu1.2_all.deb

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.3_amd64.deb

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4-4ubuntu1.2.dsc

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6-2ubuntu3.2_sparc.deb

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6-2ubuntu3.2.dsc

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4-4ubuntu1.2_sparc.deb

Trust: 0.2

url:http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6.orig.tar.gz

Trust: 0.2

url:http://www.mandriva.com/security/

Trust: 0.1

url:http://www.mandriva.com/security/advisories

Trust: 0.1

url:http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_amd64.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_i386.deb

Trust: 0.1

url:http://secunia.com/network_software_inspector/

Trust: 0.1

url:http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_s390.deb

Trust: 0.1

url:http://secunia.com/product/13844/

Trust: 0.1

url:http://secunia.com/product/5307/

Trust: 0.1

url:http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_alpha.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.98.3-7.5_all.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_i386.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_powerpc.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_sparc.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_mips.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_m68k.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_hppa.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.99.5-5etch3_all.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_amd64.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5.diff.gz

Trust: 0.1

url:http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_hppa.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3.orig.tar.gz

Trust: 0.1

url:http://secunia.com/advisories/27049/

Trust: 0.1

url:http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_sparc.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_arm.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_mipsel.deb

Trust: 0.1

url:http://secunia.com/product/530/

Trust: 0.1

url:http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3.dsc

Trust: 0.1

url:http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3.diff.gz

Trust: 0.1

url:http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5.orig.tar.gz

Trust: 0.1

url:http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5.dsc

Trust: 0.1

url:http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_ia64.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_arm.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_ia64.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_mips.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_mipsel.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_s390.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_powerpc.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_alpha.deb

Trust: 0.1

url:http://secunia.com/product/12470/

Trust: 0.1

url:http://secunia.com/advisories/26829/

Trust: 0.1

url:http://secunia.com/product/10611/

Trust: 0.1

url:http://secunia.com/product/14068/

Trust: 0.1

url:http://secunia.com/advisories/29743/

Trust: 0.1

url:http://secunia.com/network_software_inspector_2/

Trust: 0.1

url:http://secunia.com/product/4813/

Trust: 0.1

url:http://secunia.com/advisories/24808/

Trust: 0.1

url:http://secunia.com/product/4731/

Trust: 0.1

url:http://secunia.com/product/15552/

Trust: 0.1

url:https://www.redhat.com/archives/fedora-package-announce/2007-september/msg00304.html

Trust: 0.1

url:http://secunia.com/advisories/26863/

Trust: 0.1

sources: BID: 25634 // JVNDB: JVNDB-2007-001159 // PACKETSTORM: 59307 // PACKETSTORM: 59758 // PACKETSTORM: 59371 // PACKETSTORM: 59341 // PACKETSTORM: 65543 // PACKETSTORM: 59220 // PACKETSTORM: 59440 // CNNVD: CNNVD-200709-152 // NVD: CVE-2007-4826

CREDITS

Mu Security

Trust: 0.6

sources: CNNVD: CNNVD-200709-152

SOURCES

db:BIDid:25634
db:JVNDBid:JVNDB-2007-001159
db:PACKETSTORMid:59307
db:PACKETSTORMid:59758
db:PACKETSTORMid:59371
db:PACKETSTORMid:59341
db:PACKETSTORMid:65543
db:PACKETSTORMid:59220
db:PACKETSTORMid:59440
db:CNNVDid:CNNVD-200709-152
db:NVDid:CVE-2007-4826

LAST UPDATE DATE

2022-05-04T07:17:23.402000+00:00


SOURCES UPDATE DATE

db:BIDid:25634date:2012-09-13T17:20:00
db:JVNDBid:JVNDB-2007-001159date:2012-04-17T00:00:00
db:CNNVDid:CNNVD-200709-152date:2007-09-17T00:00:00
db:NVDid:CVE-2007-4826date:2017-07-29T01:33:00

SOURCES RELEASE DATE

db:BIDid:25634date:2007-09-11T00:00:00
db:JVNDBid:JVNDB-2007-001159date:2008-05-07T00:00:00
db:PACKETSTORMid:59307date:2007-09-13T23:56:50
db:PACKETSTORMid:59758date:2007-10-03T20:39:01
db:PACKETSTORMid:59371date:2007-09-18T16:48:01
db:PACKETSTORMid:59341date:2007-09-18T14:57:19
db:PACKETSTORMid:65543date:2008-04-15T23:22:47
db:PACKETSTORMid:59220date:2007-09-11T22:19:30
db:PACKETSTORMid:59440date:2007-09-20T08:11:10
db:CNNVDid:CNNVD-200709-152date:2007-09-12T00:00:00
db:NVDid:CVE-2007-4826date:2007-09-12T10:17:00