Details of VAR-200905-0194

ID

VAR-200905-0194

CVE

CVE-2009-1572

TITLE

Quagga of BGP Service disruption in daemon ( crash ) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2009-002713

DESCRIPTION

The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote attackers to cause a denial of service (crash) via an AS path containing ASN elements whose string representation is longer than expected, which triggers an assert error. Quagga is prone to a remote denial-of-service vulnerability. Exploiting this issue allows remote attackers to cause the vulnerable process to crash, denying further service to legitimate users. Quagga 0.99.11 is vulnerable; other versions may also be affected. ---------------------------------------------------------------------- Are you missing: SECUNIA ADVISORY ID: Critical: Impact: Where: within the advisory below? This is now part of the Secunia commercial solutions. -- Debian GNU/Linux 5.0 alias lenny -- Source archives: http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10.orig.tar.gz Size/MD5 checksum: 2424191 c7a2d92e1c42214afef9b2e1cd4b5d06 http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2.diff.gz Size/MD5 checksum: 40070 b72e19ed913b32923cf4ef293c67f71c http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2.dsc Size/MD5 checksum: 1651 a8ef80d57fd5a5a5b08c7ccc70e6a179 Architecture independent packages: http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.99.10-1lenny2_all.deb Size/MD5 checksum: 661226 720947423143cb35eb5c26a0d420066b alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_alpha.deb Size/MD5 checksum: 1902736 570becd04ecb3dd8a0581010884928df amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_amd64.deb Size/MD5 checksum: 1748838 f3fcd731d119c422463c36bb4f08be1a arm architecture (ARM) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_arm.deb Size/MD5 checksum: 1449222 6b654e2d4e1a4f00169309ebbbd3dbf9 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_hppa.deb Size/MD5 checksum: 1681872 8894106d57df0a3d92bb84f148150c2d i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_i386.deb Size/MD5 checksum: 1606310 80046937a2da8a949a8167f753a583ce mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_mipsel.deb Size/MD5 checksum: 1600660 716f61415932929c2f668f99faea448e powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_powerpc.deb Size/MD5 checksum: 1715848 995194031d563994b7d77018d8a4ca3e s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_s390.deb Size/MD5 checksum: 1794568 b1b47e8dae153461f73c98a61c653e1e sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_sparc.deb Size/MD5 checksum: 1670342 18f98f0978f510ac18636ca1ccc9dfe7 -- Debian GNU/Linux unstable alias sid -- Fixed in version 0.99.11-2. Updated packages are available that bring Quagga to version 0.99.12 which provides numerous bugfixes over the previous 0.99.9 version, and also corrects this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1572 _______________________________________________________________________ Updated Packages: Corporate 4.0: 48c1d2504e08d2a26ac6ace2bc01124d corporate/4.0/i586/libquagga0-0.99.12-0.1.20060mlcs4.i586.rpm df93a452f47b8926f65a51231dd11f36 corporate/4.0/i586/libquagga0-devel-0.99.12-0.1.20060mlcs4.i586.rpm d2386e488423fbb81e44cb6dda4de9df corporate/4.0/i586/quagga-0.99.12-0.1.20060mlcs4.i586.rpm d4b9c5e2cec03ce49a76adcfe0e4a42e corporate/4.0/i586/quagga-contrib-0.99.12-0.1.20060mlcs4.i586.rpm 15e76c29c25f7730eae72c18da15b772 corporate/4.0/SRPMS/quagga-0.99.12-0.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: afc986d05e0bde73541f0cfe5b147d2c corporate/4.0/x86_64/lib64quagga0-0.99.12-0.1.20060mlcs4.x86_64.rpm 4cc0bec07f2b919abeac75dc06d7f3c0 corporate/4.0/x86_64/lib64quagga0-devel-0.99.12-0.1.20060mlcs4.x86_64.rpm 3d606fef235993483e9a448665e4e377 corporate/4.0/x86_64/quagga-0.99.12-0.1.20060mlcs4.x86_64.rpm f549ced36115d6609ac835c5aca0863d corporate/4.0/x86_64/quagga-contrib-0.99.12-0.1.20060mlcs4.x86_64.rpm 15e76c29c25f7730eae72c18da15b772 corporate/4.0/SRPMS/quagga-0.99.12-0.1.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKBsjAmqjQ0CJFipgRAkoyAJ4o+uz6I6p3tycZQfB5GbqTsTL5TwCgjJHK lIRHZW4+jB0P4UXMSyVUpxo= =2fxe -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . =========================================================== Ubuntu Security Notice USN-775-1 May 12, 2009 quagga vulnerability CVE-2009-1572 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: quagga 0.99.2-1ubuntu3.5 Ubuntu 8.04 LTS: quagga 0.99.9-2ubuntu1.2 Ubuntu 8.10: quagga 0.99.9-6ubuntu0.1 Ubuntu 9.04: quagga 0.99.11-1ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that the BGP service in Quagga did not correctly handle certain AS paths containing 4-byte ASNs. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: SUSE Update for Multiple Packages SECUNIA ADVISORY ID: SA35685 VERIFY ADVISORY: http://secunia.com/advisories/35685/ DESCRIPTION: SUSE has issued an update for multiple packages. This fixes some vulnerabilities, which can be exploited by malicious users to disclose sensitive information, manipulate certain data, and by malicious people to disclose sensitive information, cause a DoS (Denial of Service), and potentially compromise a vulnerable system. For more information: SA33338 SA33853 SA33884 SA34035 SA34481 SA34746 SA34797 SA35021 SA35128 SA35216 SA35296 SA35344 SA35422 1) A boundary error exists within the "pg_db_putline()" function in perl-DBD-Pg's dbdimp.c. This can be exploited to cause a heap-based buffer overflow if malicious rows are retrieved from the database using the "pg_getline()" or "getline()" function. 2) A memory leak exists within the function "dequote_bytea()" in perl-DBD-Pg's quote.c, which can be exploited to cause a memory exhaustion. 3) Various integer overflow errors exist within the "pdftops" application. This can be exploited to e.g. cause a crash or potentially execute arbitrary code by printing a specially crafted PDF file. 4) A vulnerability is caused due to an assertion error in bgpd when handling an AS path containing multiple 4 byte AS numbers, which can be exploited to crash to the daemon by advertising specially crafted AS paths. SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server. ORIGINAL ADVISORY: SUSE-SR:2009:012: http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html OTHER REFERENCES: SA33338: http://secunia.com/advisories/33338/ SA33853: http://secunia.com/advisories/33853/ SA33884: http://secunia.com/advisories/33884/ SA34035: http://secunia.com/advisories/34035/ SA34481: http://secunia.com/advisories/34481/ SA34746: http://secunia.com/advisories/34746/ SA34797: http://secunia.com/advisories/34797/ SA35021: http://secunia.com/advisories/35021/ SA35128: http://secunia.com/advisories/35128/ SA35216: http://secunia.com/advisories/35216/ SA35296: http://secunia.com/advisories/35296/ SA35344: http://secunia.com/advisories/35344/ SA35422: http://secunia.com/advisories/35422/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.43

sources: NVD: CVE-2009-1572 // JVNDB: JVNDB-2009-002713 // BID: 34817 // PACKETSTORM: 77439 // PACKETSTORM: 77275 // PACKETSTORM: 77391 // PACKETSTORM: 77460 // PACKETSTORM: 77750 // PACKETSTORM: 78953

AFFECTED PRODUCTS

vendor:	quagga	model:	quagga	scope:	lte	version:	0.99.11	Trust: 1.8
vendor:	quagga	model:	quagga	scope:	eq	version:	0.98.3	Trust: 1.6
vendor:	quagga	model:	quagga	scope:	eq	version:	0.99.9	Trust: 1.6
vendor:	quagga	model:	quagga	scope:	eq	version:	0.96.4	Trust: 1.6
vendor:	quagga	model:	quagga	scope:	eq	version:	0.98.1	Trust: 1.6
vendor:	quagga	model:	quagga	scope:	eq	version:	0.99.1	Trust: 1.6
vendor:	quagga	model:	quagga	scope:	eq	version:	0.99.5	Trust: 1.6
vendor:	quagga	model:	quagga	scope:	eq	version:	0.99.7	Trust: 1.6
vendor:	quagga	model:	quagga	scope:	eq	version:	0.98.4	Trust: 1.6
vendor:	quagga	model:	quagga	scope:	eq	version:	0.98.2	Trust: 1.6
vendor:	quagga	model:	quagga	scope:	eq	version:	0.97.3	Trust: 1.0
vendor:	quagga	model:	quagga	scope:	eq	version:	0.96.3	Trust: 1.0
vendor:	quagga	model:	quagga	scope:	eq	version:	0.99.10	Trust: 1.0
vendor:	quagga	model:	quagga	scope:	eq	version:	0.97.5	Trust: 1.0
vendor:	quagga	model:	quagga	scope:	eq	version:	0.99.8	Trust: 1.0
vendor:	quagga	model:	quagga	scope:	eq	version:	0.99.2	Trust: 1.0
vendor:	quagga	model:	quagga	scope:	eq	version:	0.99.4	Trust: 1.0
vendor:	quagga	model:	quagga	scope:	eq	version:	0.98.5	Trust: 1.0
vendor:	quagga	model:	quagga	scope:	eq	version:	0.96.2	Trust: 1.0
vendor:	quagga	model:	quagga	scope:	eq	version:	0.96.1	Trust: 1.0
vendor:	quagga	model:	quagga	scope:	eq	version:	0.97.0	Trust: 1.0
vendor:	quagga	model:	quagga	scope:	eq	version:	0.98.0	Trust: 1.0
vendor:	quagga	model:	quagga	scope:	eq	version:	0.98.6	Trust: 1.0
vendor:	quagga	model:	quagga	scope:	eq	version:	0.96.5	Trust: 1.0
vendor:	quagga	model:	quagga	scope:	eq	version:	0.99.6	Trust: 1.0
vendor:	quagga	model:	quagga	scope:	eq	version:	0.96	Trust: 1.0
vendor:	quagga	model:	quagga	scope:	eq	version:	0.97.1	Trust: 1.0
vendor:	quagga	model:	quagga	scope:	eq	version:	0.97.2	Trust: 1.0
vendor:	quagga	model:	quagga	scope:	eq	version:	0.97.4	Trust: 1.0
vendor:	quagga	model:	quagga	scope:	eq	version:	0.95	Trust: 1.0
vendor:	quagga	model:	quagga	scope:	eq	version:	0.99.3	Trust: 1.0
vendor:	quagga	model:	quagga	scope:	eq	version:	0.99.11	Trust: 0.6
vendor:	ubuntu	model:	linux sparc	scope:	eq	version:	9.04	Trust: 0.3
vendor:	ubuntu	model:	linux powerpc	scope:	eq	version:	9.04	Trust: 0.3
vendor:	ubuntu	model:	linux lpia	scope:	eq	version:	9.04	Trust: 0.3
vendor:	ubuntu	model:	linux i386	scope:	eq	version:	9.04	Trust: 0.3
vendor:	ubuntu	model:	linux amd64	scope:	eq	version:	9.04	Trust: 0.3
vendor:	ubuntu	model:	linux sparc	scope:	eq	version:	8.10	Trust: 0.3
vendor:	ubuntu	model:	linux powerpc	scope:	eq	version:	8.10	Trust: 0.3
vendor:	ubuntu	model:	linux lpia	scope:	eq	version:	8.10	Trust: 0.3
vendor:	ubuntu	model:	linux i386	scope:	eq	version:	8.10	Trust: 0.3
vendor:	ubuntu	model:	linux amd64	scope:	eq	version:	8.10	Trust: 0.3
vendor:	ubuntu	model:	linux lts sparc	scope:	eq	version:	8.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts powerpc	scope:	eq	version:	8.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts lpia	scope:	eq	version:	8.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts i386	scope:	eq	version:	8.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts amd64	scope:	eq	version:	8.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts sparc	scope:	eq	version:	6.06	Trust: 0.3
vendor:	ubuntu	model:	linux lts powerpc	scope:	eq	version:	6.06	Trust: 0.3
vendor:	ubuntu	model:	linux lts i386	scope:	eq	version:	6.06	Trust: 0.3
vendor:	ubuntu	model:	linux lts amd64	scope:	eq	version:	6.06	Trust: 0.3
vendor:	suse	model:	linux enterprise server sp3	scope:	eq	version:	9	Trust: 0.3
vendor:	suse	model:	linux enterprise server	scope:	eq	version:	9	Trust: 0.3
vendor:	suse	model:	linux enterprise server	scope:	eq	version:	11	Trust: 0.3
vendor:	suse	model:	linux enterprise server sp2	scope:	eq	version:	10	Trust: 0.3
vendor:	suse	model:	linux enterprise server sp1	scope:	eq	version:	10	Trust: 0.3
vendor:	suse	model:	linux enterprise server	scope:	eq	version:	10	Trust: 0.3
vendor:	suse	model:	linux enterprise desktop sp2	scope:	eq	version:	10	Trust: 0.3
vendor:	suse	model:	linux enterprise desktop sp1	scope:	eq	version:	10	Trust: 0.3
vendor:	suse	model:	linux enterprise desktop	scope:	eq	version:	10	Trust: 0.3
vendor:	suse	model:	linux enterprise sp2 debuginfo	scope:	eq	version:	10	Trust: 0.3
vendor:	suse	model:	linux enterprise sp1 debuginfo	scope:	eq	version:	10	Trust: 0.3
vendor:	s u s e	model:	suse linux enterprise server rt solution	scope:	eq	version:	100	Trust: 0.3
vendor:	s u s e	model:	opensuse	scope:	eq	version:	11.1	Trust: 0.3
vendor:	s u s e	model:	opensuse	scope:	eq	version:	11.0	Trust: 0.3
vendor:	s u s e	model:	opensuse	scope:	eq	version:	10.3	Trust: 0.3
vendor:	quagga	model:	routing software suite	scope:	eq	version:	0.99.11	Trust: 0.3
vendor:	quagga	model:	routing software suite	scope:	eq	version:	0.99.9	Trust: 0.3
vendor:	quagga	model:	routing software suite	scope:	eq	version:	0.99.8	Trust: 0.3
vendor:	quagga	model:	routing software suite	scope:	eq	version:	0.99.7	Trust: 0.3
vendor:	quagga	model:	routing software suite	scope:	eq	version:	0.99.6	Trust: 0.3
vendor:	quagga	model:	routing software suite	scope:	eq	version:	0.99.5	Trust: 0.3
vendor:	quagga	model:	routing software suite	scope:	eq	version:	0.99.4	Trust: 0.3
vendor:	quagga	model:	routing software suite	scope:	eq	version:	0.99.3	Trust: 0.3
vendor:	quagga	model:	routing software suite	scope:	eq	version:	0.99.2	Trust: 0.3
vendor:	quagga	model:	routing software suite	scope:	eq	version:	0.99.1	Trust: 0.3
vendor:	quagga	model:	routing software suite	scope:	eq	version:	0.98.6	Trust: 0.3
vendor:	quagga	model:	routing software suite	scope:	eq	version:	0.98.5	Trust: 0.3
vendor:	quagga	model:	routing software suite	scope:	eq	version:	0.98.3	Trust: 0.3
vendor:	quagga	model:	routing software suite	scope:	eq	version:	0.97.3	Trust: 0.3
vendor:	quagga	model:	routing software suite	scope:	eq	version:	0.96.4	Trust: 0.3
vendor:	quagga	model:	routing software suite	scope:	eq	version:	0.96.3	Trust: 0.3
vendor:	quagga	model:	routing software suite	scope:	eq	version:	0.96.2	Trust: 0.3
vendor:	mandrakesoft	model:	corporate server x86 64	scope:	eq	version:	4.0	Trust: 0.3
vendor:	mandrakesoft	model:	corporate server	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux sparc	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux s/390	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux powerpc	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux mipsel	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux mips	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux m68k	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux ia-64	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux ia-32	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux hppa	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux armel	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux arm	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux amd64	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux alpha	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux	scope:	eq	version:	5.0	Trust: 0.3

sources: BID: 34817 // JVNDB: JVNDB-2009-002713 // CNNVD: CNNVD-200905-076 // NVD: CVE-2009-1572

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2009-1572
value:	MEDIUM
Trust: 1.8
CNNVD:	CNNVD-200905-076
value:	MEDIUM
Trust: 0.6

NVD:	CVE-2009-1572
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

sources: JVNDB: JVNDB-2009-002713 // CNNVD: CNNVD-200905-076 // NVD: CVE-2009-1572

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2009-002713 // NVD: CVE-2009-1572

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 77391 // PACKETSTORM: 77460 // CNNVD: CNNVD-200905-076

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200905-076

CONFIGURATIONS

sources: NVD: CVE-2009-1572

PATCH

title:	Index of /releases/quagga	url:	http://download.savannah.gnu.org/releases/quagga/	Trust: 0.8
title:	Multiple Denial of Service vulnerabilities in Quagga	url:	https://blogs.oracle.com/sunsecurity/entry/multiple_denial_of_service_vulnerabilities4	Trust: 0.8

sources: JVNDB: JVNDB-2009-002713

EXTERNAL IDS

db:	NVD	id:	CVE-2009-1572	Trust: 2.9
db:	BID	id:	34817	Trust: 1.9
db:	SECUNIA	id:	35061	Trust: 1.7
db:	SECUNIA	id:	34999	Trust: 1.7
db:	SECUNIA	id:	35203	Trust: 1.7
db:	SECUNIA	id:	35685	Trust: 1.7
db:	OPENWALL	id:	OSS-SECURITY/2009/05/01/2	Trust: 1.6
db:	OPENWALL	id:	OSS-SECURITY/2009/05/01/1	Trust: 1.6
db:	OSVDB	id:	54200	Trust: 1.6
db:	SECTRACK	id:	1022164	Trust: 1.6
db:	JVNDB	id:	JVNDB-2009-002713	Trust: 0.8
db:	UBUNTU	id:	USN-775-1	Trust: 0.6
db:	MLIST	id:	[OSS-SECURITY] 20090501 RE: CVE REQUEST (SORT OF): QUAGGA BGP CRASHER	Trust: 0.6
db:	MLIST	id:	[OSS-SECURITY] 20090501 CVE REQUEST (SORT OF): QUAGGA BGP CRASHER	Trust: 0.6
db:	MLIST	id:	[QUAGGA-DEV] 20090203 [QUAGGA-DEV 6391] [PATCH] BGP 4-BYTE ASN BUG FIXES	Trust: 0.6
db:	DEBIAN	id:	DSA-1788	Trust: 0.6
db:	MANDRIVA	id:	MDVSA-2009:109	Trust: 0.6
db:	FEDORA	id:	FEDORA-2009-5324	Trust: 0.6
db:	FEDORA	id:	FEDORA-2009-5284	Trust: 0.6
db:	XF	id:	50317	Trust: 0.6
db:	SUSE	id:	SUSE-SR:2009:012	Trust: 0.6
db:	CNNVD	id:	CNNVD-200905-076	Trust: 0.6
db:	PACKETSTORM	id:	77439	Trust: 0.1
db:	PACKETSTORM	id:	77275	Trust: 0.1
db:	PACKETSTORM	id:	77391	Trust: 0.1
db:	PACKETSTORM	id:	77460	Trust: 0.1
db:	PACKETSTORM	id:	77750	Trust: 0.1
db:	PACKETSTORM	id:	78953	Trust: 0.1

sources: BID: 34817 // JVNDB: JVNDB-2009-002713 // PACKETSTORM: 77439 // PACKETSTORM: 77275 // PACKETSTORM: 77391 // PACKETSTORM: 77460 // PACKETSTORM: 77750 // PACKETSTORM: 78953 // CNNVD: CNNVD-200905-076 // NVD: CVE-2009-1572

REFERENCES

url:	http://marc.info/?l=quagga-dev&m=123364779626078&w=2	Trust: 1.9
url:	https://www.redhat.com/archives/fedora-package-announce/2009-may/msg01037.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html	Trust: 1.7
url:	http://www.debian.org/security/2009/dsa-1788	Trust: 1.6
url:	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526311	Trust: 1.6
url:	https://www.redhat.com/archives/fedora-package-announce/2009-may/msg01107.html	Trust: 1.6
url:	http://www.ubuntu.com/usn/usn-775-1	Trust: 1.6
url:	http://www.securitytracker.com/id?1022164	Trust: 1.6
url:	http://www.securityfocus.com/bid/34817	Trust: 1.6
url:	http://www.osvdb.org/54200	Trust: 1.6
url:	http://www.openwall.com/lists/oss-security/2009/05/01/2	Trust: 1.6
url:	http://www.openwall.com/lists/oss-security/2009/05/01/1	Trust: 1.6
url:	http://www.mandriva.com/security/advisories?name=mdvsa-2009:109	Trust: 1.6
url:	http://thread.gmane.org/gmane.network.quagga.devel/6513	Trust: 1.6
url:	http://secunia.com/advisories/35685	Trust: 1.6
url:	http://secunia.com/advisories/35203	Trust: 1.6
url:	http://secunia.com/advisories/35061	Trust: 1.6
url:	http://secunia.com/advisories/34999	Trust: 1.6
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/50317	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1572	Trust: 0.9
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-1572	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/50317	Trust: 0.6
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.4
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.4
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.4
url:	http://secunia.com/advisories/business_solutions/	Trust: 0.4
url:	http://groups.google.com/group/linux.debian.bugs.dist/browse_thread/thread/c2b15dbcccedc2ea	Trust: 0.3
url:	http://www.quagga.net/	Trust: 0.3
url:	http://secunia.com/advisories/try_vi/	Trust: 0.3
url:	http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.5_i386.deb	Trust: 0.2
url:	http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-6ubuntu0.1_sparc.deb	Trust: 0.2
url:	http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.11-1ubuntu0.1_sparc.deb	Trust: 0.2
url:	http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.9-2ubuntu1.2_all.deb	Trust: 0.2
url:	http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.5.dsc	Trust: 0.2
url:	http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.2.dsc	Trust: 0.2
url:	http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-6ubuntu0.1_i386.deb	Trust: 0.2
url:	http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.11-1ubuntu0.1_all.deb	Trust: 0.2
url:	http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.5_powerpc.deb	Trust: 0.2
url:	http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.2_sparc.deb	Trust: 0.2
url:	http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.11-1ubuntu0.1_i386.deb	Trust: 0.2
url:	http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.2_lpia.deb	Trust: 0.2
url:	http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.2_powerpc.deb	Trust: 0.2
url:	http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-6ubuntu0.1_lpia.deb	Trust: 0.2
url:	http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.5_amd64.deb	Trust: 0.2
url:	http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-6ubuntu0.1.dsc	Trust: 0.2
url:	http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.2_amd64.deb	Trust: 0.2
url:	http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.11-1ubuntu0.1_lpia.deb	Trust: 0.2
url:	http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-6ubuntu0.1.diff.gz	Trust: 0.2
url:	http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2.orig.tar.gz	Trust: 0.2
url:	http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9.orig.tar.gz	Trust: 0.2
url:	http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.11-1ubuntu0.1_powerpc.deb	Trust: 0.2
url:	http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.2-1ubuntu3.5_all.deb	Trust: 0.2
url:	http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.9-6ubuntu0.1_all.deb	Trust: 0.2
url:	http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.11-1ubuntu0.1.dsc	Trust: 0.2
url:	http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.5.diff.gz	Trust: 0.2
url:	http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.5_sparc.deb	Trust: 0.2
url:	http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.2_i386.deb	Trust: 0.2
url:	http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-6ubuntu0.1_powerpc.deb	Trust: 0.2
url:	http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.2.diff.gz	Trust: 0.2
url:	http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-6ubuntu0.1_amd64.deb	Trust: 0.2
url:	http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.11.orig.tar.gz	Trust: 0.2
url:	http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.11-1ubuntu0.1_amd64.deb	Trust: 0.2
url:	http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.11-1ubuntu0.1.diff.gz	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2009-1572	Trust: 0.2
url:	https://lists.ubuntu.com/archives/ubuntu-security-announce/2009-may/000902.html	Trust: 0.1
url:	http://secunia.com/advisories/35061/	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_alpha.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_amd64.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_hppa.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10.orig.tar.gz	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2.dsc	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_powerpc.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.99.10-1lenny2_all.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_sparc.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_i386.deb	Trust: 0.1
url:	http://secunia.com/advisories/34999/	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2.diff.gz	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_s390.deb	Trust: 0.1
url:	http://lists.debian.org/debian-security-announce/2009/msg00099.html	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_mipsel.deb	Trust: 0.1
url:	http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_arm.deb	Trust: 0.1
url:	http://www.mandriva.com/security/	Trust: 0.1
url:	http://secunia.com/	Trust: 0.1
url:	http://www.mandriva.com/security/advisories	Trust: 0.1
url:	http://lists.grok.org.uk/full-disclosure-charter.html	Trust: 0.1
url:	http://secunia.com/advisories/35203/	Trust: 0.1
url:	http://secunia.com/advisories/34797/	Trust: 0.1
url:	http://secunia.com/advisories/35296/	Trust: 0.1
url:	http://secunia.com/advisories/34481/	Trust: 0.1
url:	http://secunia.com/advisories/35422/	Trust: 0.1
url:	http://secunia.com/advisories/33853/	Trust: 0.1
url:	http://secunia.com/advisories/35216/	Trust: 0.1
url:	http://secunia.com/advisories/35685/	Trust: 0.1
url:	http://secunia.com/advisories/35021/	Trust: 0.1
url:	http://secunia.com/advisories/34035/	Trust: 0.1
url:	http://secunia.com/advisories/33884/	Trust: 0.1
url:	http://secunia.com/advisories/35344/	Trust: 0.1
url:	http://secunia.com/advisories/34746/	Trust: 0.1
url:	http://secunia.com/advisories/33338/	Trust: 0.1
url:	http://secunia.com/advisories/35128/	Trust: 0.1

CREDITS

Chris Caputo

Trust: 0.9

sources: BID: 34817 // CNNVD: CNNVD-200905-076

SOURCES

db:	BID	id:	34817
db:	JVNDB	id:	JVNDB-2009-002713
db:	PACKETSTORM	id:	77439
db:	PACKETSTORM	id:	77275
db:	PACKETSTORM	id:	77391
db:	PACKETSTORM	id:	77460
db:	PACKETSTORM	id:	77750
db:	PACKETSTORM	id:	78953
db:	CNNVD	id:	CNNVD-200905-076
db:	NVD	id:	CVE-2009-1572

LAST UPDATE DATE

2022-05-04T07:50:34.944000+00:00

SOURCES UPDATE DATE

db:	BID	id:	34817	date:	2015-04-13T21:21:00
db:	JVNDB	id:	JVNDB-2009-002713	date:	2012-04-20T00:00:00
db:	CNNVD	id:	CNNVD-200905-076	date:	2009-06-09T00:00:00
db:	NVD	id:	CVE-2009-1572	date:	2017-08-17T01:30:00

SOURCES RELEASE DATE

db:	BID	id:	34817	date:	2009-04-30T00:00:00
db:	JVNDB	id:	JVNDB-2009-002713	date:	2012-04-20T00:00:00
db:	PACKETSTORM	id:	77439	date:	2009-05-13T07:18:17
db:	PACKETSTORM	id:	77275	date:	2009-05-05T14:42:57
db:	PACKETSTORM	id:	77391	date:	2009-05-11T03:05:32
db:	PACKETSTORM	id:	77460	date:	2009-05-13T16:52:18
db:	PACKETSTORM	id:	77750	date:	2009-05-24T05:47:14
db:	PACKETSTORM	id:	78953	date:	2009-07-06T14:42:32
db:	CNNVD	id:	CNNVD-200905-076	date:	2009-04-30T00:00:00
db:	NVD	id:	CVE-2009-1572	date:	2009-05-06T17:30:00