Vulnerability Name:

CVE-2009-1572 (CCN-50317)

Assigned:2009-02-03
Published:2009-02-03
Updated:2017-08-17
Summary:The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote attackers to cause a denial of service (crash) via an AS path containing ASN elements whose string representation is longer than expected, which triggers an assert error.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: CONFIRM
Type: Exploit, Patch
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526311

Source: MITRE
Type: CNA
CVE-2009-1572

Source: SUSE
Type: UNKNOWN
SUSE-SR:2009:012

Source: CCN
Type: quagga-dev Mailing List, 2009-02-03 7:34:37
[PATCH] BGP 4-byte ASN bug fixes

Source: MLIST
Type: Exploit, Patch
[quagga-dev] 20090203 [quagga-dev 6391] [PATCH] BGP 4-byte ASN bug fixes

Source: SECUNIA
Type: Vendor Advisory
34999

Source: SECUNIA
Type: Vendor Advisory
35061

Source: SECUNIA
Type: Vendor Advisory
35203

Source: SECUNIA
Type: Vendor Advisory
35685

Source: CCN
Type: SECTRACK ID: 1022164
Quagga Bug in Processing Certain 4-Byte ASN Data Lets Remote Users Deny Service

Source: MISC
Type: Exploit
http://thread.gmane.org/gmane.network.quagga.devel/6513

Source: DEBIAN
Type: Patch
DSA-1788

Source: DEBIAN
Type: DSA-1788
quagga -- improper assertion

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2009:109

Source: MLIST
Type: UNKNOWN
[oss-security] 20090501 CVE request (sort of): Quagga BGP crasher

Source: MLIST
Type: UNKNOWN
[oss-security] 20090501 Re: CVE request (sort of): Quagga BGP crasher

Source: OSVDB
Type: UNKNOWN
54200

Source: CCN
Type: OSVDB ID: 54200
Quagga bgpd/bgp_aspath.c bgpd Service 4-byte ASN Data Handling Remote DoS

Source: CCN
Type: Quagga Web site
Quagga Software Routing Suite

Source: BID
Type: UNKNOWN
34817

Source: CCN
Type: BID-34817
Quagga Autonomous System Number Remote Denial Of Service Vulnerability

Source: SECTRACK
Type: UNKNOWN
1022164

Source: CCN
Type: USN-775-1
Quagga vulnerability

Source: UBUNTU
Type: UNKNOWN
USN-775-1

Source: XF
Type: UNKNOWN
quagga-systemnumber-dos(50317)

Source: XF
Type: UNKNOWN
quagga-systemnumber-dos(50317)

Source: FEDORA
Type: UNKNOWN
FEDORA-2009-5284

Source: FEDORA
Type: UNKNOWN
FEDORA-2009-5324

Source: SUSE
Type: SUSE-SR:2009:012
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:quagga:quagga:0.95:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.96:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.96.1:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.96.2:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.96.3:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.96.4:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.96.5:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.97.0:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.97.1:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.97.2:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.97.3:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.97.4:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.97.5:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.98.0:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.98.1:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.98.2:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.98.3:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.98.4:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.98.5:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.98.6:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.99.1:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.99.2:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.99.3:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.99.4:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.99.5:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.99.6:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.99.7:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.99.8:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.99.9:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.99.10:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:*:*:*:*:*:*:*:* (Version <= 0.99.11)

    • Configuration CCN 1:
  • cpe:/a:quagga:quagga:0.99.11:*:*:*:*:*:*:*
  • AND
  • cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:8.04::lts:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20091572
    V
    		CVE-2009-1572
    2022-05-20
    oval:org.opensuse.security:def:32237
    P
    		Security update for glib-networking (Important)
    2021-12-13
    oval:org.opensuse.security:def:29429
    P
    		Security update for libqt5-qtbase (Important)
    2021-09-30
    oval:org.opensuse.security:def:32103
    P
    		Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)
    2021-06-04
    oval:org.opensuse.security:def:29465
    P
    		Security update for python (Important)
    2021-02-11
    oval:org.opensuse.security:def:32018
    P
    		Security update for MozillaFirefox (Critical)
    2020-12-21
    oval:org.opensuse.security:def:32686
    P
    		java-1_6_0-ibm on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28354
    P
    		Security update for pidgin (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32029
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:32774
    P
    		puppet on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28590
    P
    		Security update for libfreebl3
    2020-12-01
    oval:org.opensuse.security:def:28008
    P
    		Security update for apache2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32840
    P
    		coolkey on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28692
    P
    		Security update for FUSE
    2020-12-01
    oval:org.opensuse.security:def:32387
    P
    		Security update for tomcat6 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28083
    P
    		Security update for gd (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33517
    P
    		Security update for quagga
    2020-12-01
    oval:org.opensuse.security:def:28747
    P
    		Security update for libksba
    2020-12-01
    oval:org.opensuse.security:def:32630
    P
    		acpid on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28297
    P
    		Security update for ncurses (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32735
    P
    		libtiff3 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28438
    P
    		Security update for xen (Important)
    2020-12-01
    oval:org.opensuse.security:def:28007
    P
    		Security update for apache2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32796
    P
    		tar on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28643
    P
    		Security update for cabextract
    2020-12-01
    oval:org.opensuse.security:def:32330
    P
    		Security update for samba (Important)
    2020-12-01
    oval:org.opensuse.security:def:28019
    P
    		Security update for bash (Low)
    2020-12-01
    oval:org.opensuse.security:def:33478
    P
    		Security update for libtool
    2020-12-01
    oval:org.opensuse.security:def:28731
    P
    		Security update for krb5 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32474
    P
    		Security update for xorg-x11-server (Important)
    2020-12-01
    oval:org.opensuse.security:def:28213
    P
    		Security update for libpng12-0 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32017
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:28791
    P
    		Security update for mysql (Moderate)
    2020-12-01
    oval:org.mitre.oval:def:12884
    P
    		USN-775-1 -- quagga vulnerability
    2014-06-30
    BACK
    quagga quagga 0.95
    quagga quagga 0.96
    quagga quagga 0.96.1
    quagga quagga 0.96.2
    quagga quagga 0.96.3
    quagga quagga 0.96.4
    quagga quagga 0.96.5
    quagga quagga 0.97.0
    quagga quagga 0.97.1
    quagga quagga 0.97.2
    quagga quagga 0.97.3
    quagga quagga 0.97.4
    quagga quagga 0.97.5
    quagga quagga 0.98.0
    quagga quagga 0.98.1
    quagga quagga 0.98.2
    quagga quagga 0.98.3
    quagga quagga 0.98.4
    quagga quagga 0.98.5
    quagga quagga 0.98.6
    quagga quagga 0.99.1
    quagga quagga 0.99.2
    quagga quagga 0.99.3
    quagga quagga 0.99.4
    quagga quagga 0.99.5
    quagga quagga 0.99.6
    quagga quagga 0.99.7
    quagga quagga 0.99.8
    quagga quagga 0.99.9
    quagga quagga 0.99.10
    quagga quagga *
    quagga quagga 0.99.11
    canonical ubuntu 6.06
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    canonical ubuntu 8.04