CVSS: 3.5EPSS: 0%CPEs: 28EXPL: 0CVE-2007-4826 – quagga bgpd DoS
https://notcve.org/view.php?id=CVE-2007-4826
bgpd in Quagga before 0.99.9 allows explicitly configured BGP peers to cause a denial of service (crash) via a malformed (1) OPEN message or (2) a COMMUNITY attribute, which triggers a NULL pointer dereference. NOTE: vector 2 only exists when debugging is enabled. bgpd en Quagga versiones anteriores a 0.99.9, permite que los peers BGP configurados explícitamente causen una denegación de servicio (bloqueo) por medio de (1) mensaje OPEN malformado o (2) un atributo COMMUNITY malformado, que desencadena una desreferencia del puntero NULL. NOTA: el vector 2 solo existe cuando la depuración está habilitada. • http://fedoranews.org/updates/FEDORA-2007-219.shtml http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00153.html http://quagga.net/news2.php?y=2007&m=9&d=7#id1189190760 http://secunia.com/advisories/26744 http://secunia.com/advisories/26829 http://secunia.com/advisories/26863 http://secunia.com/advisories/27049 http://secunia.com/advisories/29743 http://sunsolve.sun.com/search/document.do?assetkey=1-26-236141-1 http://www.debian.org/security/20 •
CVSS: 6.3EPSS: 2%CPEs: 20EXPL: 0CVE-2007-1995 – Quagga bgpd DoS
https://notcve.org/view.php?id=CVE-2007-1995
bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read. bgpd/bgp_attr.c en Quagga 0.98.6 y versiones anteriores, y 0.99.6 y versiones 0.99 anteriores, no validan la longitud de los valores en los atributos MP_REACH_NLRI y MP_UNREACH_NLRI, lo cual permite a atacantes remotos provocar una denegación de servicio (caída o finalización de demonio) mediante mensajes UPDATE manipulados que disparan un error de aserción o lectura fuera de límites. • http://bugzilla.quagga.net/show_bug.cgi?id=354 http://bugzilla.quagga.net/show_bug.cgi?id=355 http://secunia.com/advisories/24808 http://secunia.com/advisories/25084 http://secunia.com/advisories/25119 http://secunia.com/advisories/25255 http://secunia.com/advisories/25293 http://secunia.com/advisories/25312 http://secunia.com/advisories/25428 http://secunia.com/advisories/29743 http://security.gentoo.org/glsa/glsa-200705-05.xml http://sunsolve.sun.com/search/docume • CWE-20: Improper Input Validation •
CVSS: 4.9EPSS: 6%CPEs: 2EXPL: 2CVE-2006-2276
https://notcve.org/view.php?id=CVE-2006-2276
bgpd in Quagga 0.98 and 0.99 before 20060504 allows local users to cause a denial of service (CPU consumption) via a certain sh ip bgp command entered in the telnet interface. • ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc http://lists.quagga.net/pipermail/quagga-dev/2006-March/004052.html http://secunia.com/advisories/20116 http://secunia.com/advisories/20137 http://secunia.com/advisories/20138 http://secunia.com/advisories/20221 http://secunia.com/advisories/20420 http://secunia.com/advisories/20421 http://secunia.com/advisories/20782 http://securitytracker.com/id?1016204 http://www.debian.org/security/2006/dsa-1059 htt • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 2CVE-2006-2223 – Quagga Routing Software Suite 0.9x - RIPd RIPv1 Request Routing Table Disclosure
https://notcve.org/view.php?id=CVE-2006-2223
RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly implement configurations that (1) disable RIPv1 or (2) require plaintext or MD5 authentication, which allows remote attackers to obtain sensitive information (routing state) via REQUEST packets such as SEND UPDATE. RIPd en Quagga 0.98 y 0.99 anteriores a 20060503 no implementa adecuadamente configuraciones que (1) deshabiliten RIPv1 o (2) necesiten autenticación MD5 o en texto plano, lo que permite a atacantes remotos obtener información sensible (estado de encaminamiento) mediante paquetes "REQUEST" como "SEND UPDATE".º • https://www.exploit-db.com/exploits/27801 ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc http://bugzilla.quagga.net/show_bug.cgi?id=261 http://secunia.com/advisories/19910 http://secunia.com/advisories/20137 http://secunia.com/advisories/20138 http://secunia.com/advisories/20221 http://secunia.com/advisories/20420 http://secunia.com/advisories/20421 http://secunia.com/advisories/20782 http://secunia.com/advisories/21159 http://securitytracker.com • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 1%CPEs: 11EXPL: 1CVE-2003-0795 – GNU Zebra 0.9x / Quagga 0.96 - Remote Denial of Service
https://notcve.org/view.php?id=CVE-2003-0795
The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference. La capa vty en Quagga anteriores a 0.96.4, y Zebra anteriores a 0.91, no verifica si se está llevando a cabo una sub-negociación cuando procesa el marcador SE, lo que permite a atacantes remotos causar una denegación de servicio (caída) mediante un comando telnet malformado al puerto telnet CLI, lo que puede disparar una desreferencia de memoria nula. • https://www.exploit-db.com/exploits/23375 http://marc.info/?l=bugtraq&m=106883387304266&w=2 http://secunia.com/advisories/10563 http://www.debian.org/security/2004/dsa-415 http://www.redhat.com/support/errata/RHSA-2003-305.html http://www.redhat.com/support/errata/RHSA-2003-307.html https://access.redhat.com/security/cve/CVE-2003-0795 https://bugzilla.redhat.com/show_bug.cgi?id=1617088 • CWE-20: Improper Input Validation •