lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.LNX.4.56.0311131621240.12831@fogarty.jakma.org> Date: Fri, 14 Nov 2003 13:16:37 +0000 (GMT) From: Paul Jakma <paul-p3WKshh8b8w@...lic.gmane.org> To: Quagga Users <quagga-users-UOy77sIEA+cAd7ICUelF/Q@...lic.gmane.org> Cc: Christian Hammers <ch-8fiUuRrzOP0dnm+yROfE0A@...lic.gmane.org>, bugtraq-o7tR/nIX9Vi1EmJ4MpGYnQC/G2K4zDHf@...lic.gmane.org Subject: [quagga-users 906] Quagga remote vulnerability Summary: -------- All versions of Quagga (and also GNU Zebra, from which Quagga was forked) are vulnerable to a remotely triggerable denial of service. Scope of vulnerability: ----------------------- All versions of GNU Zebra and all versions of Quagga /prior/ to 0.96.4, where a daemon's vty, ie the telnet CLI, is accessible to hostile parties. Impact: ------- Affected daemons can be made to crash by sending a malformed telnet command. Description: ------------ The vty layer, when processing the telnet sub-negotiation ends marker, SE, does not check whether there is sub-negotiation in progress, and hence will attempt to dereference a (typically) NULL pointer causing the daemon to crash. Workaround: ----------- Restrict access to daemon's telnet CLI, by either configuring each daemon's vty with an appropriate access-class and access-list, or by some external firewalling application. Alternatively, disable external vty access completely by removing the vty password (and restarting) or passing the '-P 0' parameters to the daemon. Solution: ----------- Quagga version 0.96.4 contains a fix for this bug. Alternatively, one can manually apply the fix to whichever sources one uses currently. (See the RedHat bugzilla entry referenced below for the fix). Credits: -------- Thanks to Jonny Robertson <jonny AT prophecy.net.nz> for finding and reporting this bug and Jay Fenlason <fenlason AT redhat.com> for fixing the bug. References: ---------- RedHat Advisory RHSA-2003:307-09, http://rhn.redhat.com/errata/RHSA-2003-307.html RedHat Bugzilla entry 107140, http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=107140 CAN-2003-0795 Footnote: --------- The RedHat Advisory references a second vulnerability in GNU Zebra and Quagga, regarding the zebra daemon accepting netlink messages from any user. This vulnerability will be dealt with as soon as possible. regards, -- Paul Jakma paul-p3WKshh8b8w@...lic.gmane.org paul@...ma.org Key ID: 64A2FF6A warning: do not ever send email to spam-YO+z8i/CF6JQ+HMy2YlzRA@...lic.gmane.org Fortune: Factorials were someone's attempt to make math LOOK exciting.
Powered by blists - more mailing lists