CVE-2007-1995

Quagga bgpd DoS

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read.

bgpd/bgp_attr.c en Quagga 0.98.6 y versiones anteriores, y 0.99.6 y versiones 0.99 anteriores, no validan la longitud de los valores en los atributos MP_REACH_NLRI y MP_UNREACH_NLRI, lo cual permite a atacantes remotos provocar una denegación de servicio (caída o finalización de demonio) mediante mensajes UPDATE manipulados que disparan un error de aserción o lectura fuera de límites.

A Denial of Service (DoS) vulnerability exists in the routing daemon Quagga, versions up to and including 0.99.6. The Quagga bgpd(8) daemon is vulnerable as configured peers may cause it to abort because of an assertion which can be triggered by peers by sending an "UPDATE" message with a specially crafted, malformed Multi-Protocol reachable/unreachable "NLRI" attribute.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-04-11 CVE Reserved
2007-04-12 CVE Published
2024-08-07 CVE Updated
2026-05-06 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation

CAPEC

References (28)

URL	Tag	Source
http://bugzilla.quagga.net/show_bug.cgi?id=354	X_refsource_confirm
http://bugzilla.quagga.net/show_bug.cgi?id=355	X_refsource_confirm
http://www.quagga.net/news2.php?y=2007&m=4&d=8#id1176073740	X_refsource_confirm
http://www.securityfocus.com/bid/23417	Vdb Entry
http://www.securitytracker.com/id?1018142	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/33547	Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11048	Signature

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://secunia.com/advisories/24808	2017-10-11
http://secunia.com/advisories/25084	2017-10-11
http://secunia.com/advisories/25119	2017-10-11
http://secunia.com/advisories/25255	2017-10-11
http://secunia.com/advisories/25293	2017-10-11
http://secunia.com/advisories/25312	2017-10-11
http://secunia.com/advisories/25428	2017-10-11
http://secunia.com/advisories/29743	2017-10-11
http://security.gentoo.org/glsa/glsa-200705-05.xml	2017-10-11
http://sunsolve.sun.com/search/document.do?assetkey=1-26-236141-1	2017-10-11
http://www.debian.org/security/2007/dsa-1293	2017-10-11
http://www.mandriva.com/security/advisories?name=MDKSA-2007:096	2017-10-11
http://www.novell.com/linux/security/advisories/2007_9_sr.html	2017-10-11
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.015.html	2017-10-11
http://www.redhat.com/support/errata/RHSA-2007-0389.html	2017-10-11
http://www.trustix.org/errata/2007/0017	2017-10-11
http://www.ubuntu.com/usn/usn-461-1	2017-10-11
http://www.vupen.com/english/advisories/2007/1336	2017-10-11
http://www.vupen.com/english/advisories/2008/1195/references	2017-10-11
https://access.redhat.com/security/cve/CVE-2007-1995	2007-05-30
https://bugzilla.redhat.com/show_bug.cgi?id=240478	2007-05-30

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Quagga Search vendor "Quagga"		Quagga Search vendor "Quagga" for product "Quagga"				<= 0.98.6 Search vendor "Quagga" for product "Quagga" and version " <= 0.98.6"		-		Affected
Quagga Search vendor "Quagga"		Quagga Search vendor "Quagga" for product "Quagga"				0.95 Search vendor "Quagga" for product "Quagga" and version "0.95"		-		Affected
Quagga Search vendor "Quagga"		Quagga Search vendor "Quagga" for product "Quagga"				0.96 Search vendor "Quagga" for product "Quagga" and version "0.96"		-		Affected
Quagga Search vendor "Quagga"		Quagga Search vendor "Quagga" for product "Quagga"				0.96.1 Search vendor "Quagga" for product "Quagga" and version "0.96.1"		-		Affected
Quagga Search vendor "Quagga"		Quagga Search vendor "Quagga" for product "Quagga"				0.96.2 Search vendor "Quagga" for product "Quagga" and version "0.96.2"		-		Affected
Quagga Search vendor "Quagga"		Quagga Search vendor "Quagga" for product "Quagga"				0.96.3 Search vendor "Quagga" for product "Quagga" and version "0.96.3"		-		Affected
Quagga Search vendor "Quagga"		Quagga Search vendor "Quagga" for product "Quagga"				0.96.4 Search vendor "Quagga" for product "Quagga" and version "0.96.4"		-		Affected
Quagga Search vendor "Quagga"		Quagga Search vendor "Quagga" for product "Quagga"				0.96.5 Search vendor "Quagga" for product "Quagga" and version "0.96.5"		-		Affected
Quagga Search vendor "Quagga"		Quagga Search vendor "Quagga" for product "Quagga"				0.97.0 Search vendor "Quagga" for product "Quagga" and version "0.97.0"		-		Affected
Quagga Search vendor "Quagga"		Quagga Search vendor "Quagga" for product "Quagga"				0.97.1 Search vendor "Quagga" for product "Quagga" and version "0.97.1"		-		Affected
Quagga Search vendor "Quagga"		Quagga Search vendor "Quagga" for product "Quagga"				0.97.2 Search vendor "Quagga" for product "Quagga" and version "0.97.2"		-		Affected
Quagga Search vendor "Quagga"		Quagga Search vendor "Quagga" for product "Quagga"				0.97.3 Search vendor "Quagga" for product "Quagga" and version "0.97.3"		-		Affected
Quagga Search vendor "Quagga"		Quagga Search vendor "Quagga" for product "Quagga"				0.97.4 Search vendor "Quagga" for product "Quagga" and version "0.97.4"		-		Affected
Quagga Search vendor "Quagga"		Quagga Search vendor "Quagga" for product "Quagga"				0.97.5 Search vendor "Quagga" for product "Quagga" and version "0.97.5"		-		Affected
Quagga Search vendor "Quagga"		Quagga Search vendor "Quagga" for product "Quagga"				0.98.0 Search vendor "Quagga" for product "Quagga" and version "0.98.0"		-		Affected
Quagga Search vendor "Quagga"		Quagga Search vendor "Quagga" for product "Quagga"				0.98.1 Search vendor "Quagga" for product "Quagga" and version "0.98.1"		-		Affected
Quagga Search vendor "Quagga"		Quagga Search vendor "Quagga" for product "Quagga"				0.98.2 Search vendor "Quagga" for product "Quagga" and version "0.98.2"		-		Affected
Quagga Search vendor "Quagga"		Quagga Search vendor "Quagga" for product "Quagga"				0.98.3 Search vendor "Quagga" for product "Quagga" and version "0.98.3"		-		Affected
Quagga Search vendor "Quagga"		Quagga Search vendor "Quagga" for product "Quagga"				0.98.4 Search vendor "Quagga" for product "Quagga" and version "0.98.4"		-		Affected
Quagga Search vendor "Quagga"		Quagga Search vendor "Quagga" for product "Quagga"				0.98.5 Search vendor "Quagga" for product "Quagga" and version "0.98.5"		-		Affected