Vulnerability CVE-2012-0255

Vulnerability Name:

CVE-2012-0255 (CCN-74090)

Assigned:

2011-12-21

Published:

2012-03-28

Updated:

2018-01-18

Summary:

The BGP implementation in bgpd in Quagga before 0.99.20.1 does not properly use message buffers for OPEN messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a message associated with a malformed Four-octet AS Number Capability (aka AS4 capability).

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

2.9 Low (REDHAT CVSS v2 Vector: AV:A/AC:M/Au:N/C:N/I:N/A:P)
2.1 Low (REDHAT Temporal CVSS v2 Vector: AV:A/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Adjacent_Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-119

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2012-0255

Source: FEDORA
Type: UNKNOWN
FEDORA-2012-5352

Source: FEDORA
Type: UNKNOWN
FEDORA-2012-5411

Source: FEDORA
Type: UNKNOWN
FEDORA-2012-5436

Source: CCN
Type: RHSA-2012-1259
Moderate: quagga security update

Source: REDHAT
Type: UNKNOWN
RHSA-2012:1259

Source: CCN
Type: Quagga Web Site
Quagga 0.99.20.1 Released

Source: CCN
Type: SA48388
Quagga Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
48949

Source: CCN
Type: SA50593
McAfee Firewall Enterprise Quagga Vulnerabilities

Source: DEBIAN
Type: UNKNOWN
DSA-2459

Source: DEBIAN
Type: DSA-2459
quagga -- several vulnerabilities

Source: CCN
Type: US-CERT VU#551715
Quagga contains multiple vulnerabilities

Source: CERT-VN
Type: US Government Resource
VU#551715

Source: CCN
Type: OSVDB ID: 80114
Quagga bgpd/bgp_packet.c bgp_open_receive() Function Assertation Triggering Remote DoS

Source: CCN
Type: BID-52531
Quagga Multiple Remote Security Vulnerabilities

Source: XF
Type: UNKNOWN
quagga-bgpopenreceive-dos(74090)

Source: CCN
Type: McAfee KnowledgeBase ID: KB76173
Firewall Enterprise: Response to vulnerability Quagga CVE-2012-0255, CVE-2012-0250, CVE-2012-0249, and CVE-2012-1820

Vulnerable Configuration:

Configuration 1:

cpe:/a:quagga:quagga:0.95:*:*:*:*:*:*:*

OR cpe:/a:quagga:quagga:0.96:*:*:*:*:*:*:*

OR cpe:/a:quagga:quagga:0.96.1:*:*:*:*:*:*:*

OR cpe:/a:quagga:quagga:0.96.2:*:*:*:*:*:*:*

OR cpe:/a:quagga:quagga:0.96.3:*:*:*:*:*:*:*

OR cpe:/a:quagga:quagga:0.96.4:*:*:*:*:*:*:*

OR cpe:/a:quagga:quagga:0.96.5:*:*:*:*:*:*:*

OR cpe:/a:quagga:quagga:0.97.0:*:*:*:*:*:*:*

OR cpe:/a:quagga:quagga:0.97.1:*:*:*:*:*:*:*

OR cpe:/a:quagga:quagga:0.97.2:*:*:*:*:*:*:*

OR cpe:/a:quagga:quagga:0.97.3:*:*:*:*:*:*:*

OR cpe:/a:quagga:quagga:0.97.4:*:*:*:*:*:*:*

OR cpe:/a:quagga:quagga:0.97.5:*:*:*:*:*:*:*

OR cpe:/a:quagga:quagga:0.98.0:*:*:*:*:*:*:*

OR cpe:/a:quagga:quagga:0.98.1:*:*:*:*:*:*:*

OR cpe:/a:quagga:quagga:0.98.2:*:*:*:*:*:*:*

OR cpe:/a:quagga:quagga:0.98.3:*:*:*:*:*:*:*

OR cpe:/a:quagga:quagga:0.98.4:*:*:*:*:*:*:*

OR cpe:/a:quagga:quagga:0.98.5:*:*:*:*:*:*:*

OR cpe:/a:quagga:quagga:0.98.6:*:*:*:*:*:*:*

OR cpe:/a:quagga:quagga:0.99.1:*:*:*:*:*:*:*

OR cpe:/a:quagga:quagga:0.99.2:*:*:*:*:*:*:*

OR cpe:/a:quagga:quagga:0.99.3:*:*:*:*:*:*:*

OR cpe:/a:quagga:quagga:0.99.4:*:*:*:*:*:*:*

OR cpe:/a:quagga:quagga:0.99.5:*:*:*:*:*:*:*

OR cpe:/a:quagga:quagga:0.99.6:*:*:*:*:*:*:*

OR cpe:/a:quagga:quagga:0.99.7:*:*:*:*:*:*:*

OR cpe:/a:quagga:quagga:0.99.8:*:*:*:*:*:*:*

OR cpe:/a:quagga:quagga:0.99.9:*:*:*:*:*:*:*

OR cpe:/a:quagga:quagga:0.99.10:*:*:*:*:*:*:*

OR cpe:/a:quagga:quagga:0.99.11:*:*:*:*:*:*:*

OR cpe:/a:quagga:quagga:0.99.12:*:*:*:*:*:*:*

OR cpe:/a:quagga:quagga:0.99.13:*:*:*:*:*:*:*

OR cpe:/a:quagga:quagga:0.99.14:*:*:*:*:*:*:*

OR cpe:/a:quagga:quagga:0.99.15:*:*:*:*:*:*:*

OR cpe:/a:quagga:quagga:0.99.16:*:*:*:*:*:*:*

OR cpe:/a:quagga:quagga:0.99.17:*:*:*:*:*:*:*

OR cpe:/a:quagga:quagga:0.99.18:*:*:*:*:*:*:*

OR cpe:/a:quagga:quagga:0.99.19:*:*:*:*:*:*:*

OR cpe:/a:quagga:quagga:*:*:*:*:*:*:*:* (Version <= 0.99.20)

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

Configuration CCN 1:

cpe:/a:quagga:quagga:0.98.5:*:*:*:*:*:*:*