CVE-2013-6051 - The bgp_attr_unknown function in bgp_attr.c in Quagga 0.99.21 does not properly initialize the total

CVE-2013-6051

Summary

The bgp_attr_unknown function in bgp_attr.c in Quagga 0.99.21 does not properly initialize the total variable, which allows remote attackers to cause a denial of service (bgpd crash) via a crafted BGP update.

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730513
http://git.savannah.gnu.org/gitweb/?p=quagga.git;a=commitdiff;h=8794e8d229dc9fe29ea31424883433d4880ef408
http://www.debian.org/security/2013/dsa-2803

Vulnerable Configurations

cpe:2.3:a:quagga:quagga:0.99.21:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.21:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 16-12-2013 - 20:41)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:P

refmap via4

confirm	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730513
debian	DSA-2803
misc	http://git.savannah.gnu.org/gitweb/?p=quagga.git;a=commitdiff;h=8794e8d229dc9fe29ea31424883433d4880ef408

Last major update

16-12-2013 - 20:41

Published

14-12-2013 - 17:21

Last modified

16-12-2013 - 20:41