var-200704-0182
Vulnerability from variot
bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read. (DoS) There is a vulnerability that becomes a condition.Crafted by a third party UPDATE Service disruption by sending a message (DoS) It may be in a state. Quagga is prone to a remote denial-of-service vulnerability because it fails to handle a malformed multi-protocol message. A remote attacker can exploit this issue by submitting a maliciously crafted message to the application. Successful exploits will cause the Quagga 'bgpd' daemon to abort, denying further service to legitimate users. Quagga 0.99.6 and prior versions (0.99 branch) as well as 0.98.6 and prior versions (0.98 branch) are vulnerable. =========================================================== Ubuntu Security Notice USN-461-1 May 17, 2007 quagga vulnerability CVE-2007-1995 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 6.06 LTS: quagga 0.99.2-1ubuntu3.1
Ubuntu 6.10: quagga 0.99.4-4ubuntu1.1
Ubuntu 7.04: quagga 0.99.6-2ubuntu3.1
In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
It was discovered that Quagga did not correctly verify length information sent from configured peers. Remote malicious peers could send a specially crafted UPDATE message which would cause bgpd to abort, leading to a denial of service.
Updated packages have been patched to correct this issue.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1995
Updated Packages:
Corporate 4.0: becaf6ded7283c9c6021b225cdf4610a corporate/4.0/i586/libquagga0-0.99.3-1.1.20060mlcs4.i586.rpm 71834dab731b65e7a35a9fdd9732a889 corporate/4.0/i586/libquagga0-devel-0.99.3-1.1.20060mlcs4.i586.rpm cfbeb9e74071ffac712e5162f2613ac9 corporate/4.0/i586/quagga-0.99.3-1.1.20060mlcs4.i586.rpm 7cde7b9c156b90b8dcc960bfc1e32cbe corporate/4.0/i586/quagga-contrib-0.99.3-1.1.20060mlcs4.i586.rpm 725cf792adafc90d58a34178e4066771 corporate/4.0/SRPMS/quagga-0.99.3-1.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64: 92d1d28d06eb4eaff483882a41a5d31b corporate/4.0/x86_64/lib64quagga0-0.99.3-1.1.20060mlcs4.x86_64.rpm ccfa5e5665423f19b0c36ff13db53164 corporate/4.0/x86_64/lib64quagga0-devel-0.99.3-1.1.20060mlcs4.x86_64.rpm a9af90e11e1b9f0485718d4762b1f8fd corporate/4.0/x86_64/quagga-0.99.3-1.1.20060mlcs4.x86_64.rpm 596581e4051d2e02ae2b476e3aa83f74 corporate/4.0/x86_64/quagga-contrib-0.99.3-1.1.20060mlcs4.x86_64.rpm 725cf792adafc90d58a34178e4066771 corporate/4.0/SRPMS/quagga-0.99.3-1.1.20060mlcs4.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFGONI7mqjQ0CJFipgRAhmXAKCr1iOp0SaSv1WdD2EsWJjqR3ZF4ACfZ2FP 56VBScMSKds3eiA29koFg5w= =IS+w -----END PGP SIGNATURE-----
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200705-05
http://security.gentoo.org/
Severity: Normal Title: Quagga: Denial of Service Date: May 02, 2007 Bugs: #174206 ID: 200705-05
Synopsis
A vulnerability has been discovered in Quagga allowing for a Denial of Service.
Background
Quagga is a free routing daemon, supporting RIP, OSPF and BGP protocols.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/quagga < 0.98.6-r2 >= 0.98.6-r2
Description
The Quagga development team reported a vulnerability in the BGP routing deamon when processing NLRI attributes inside UPDATE messages.
Impact
A malicious peer inside a BGP area could send a specially crafted packet to a Quagga instance, possibly resulting in a crash of the Quagga daemon.
Workaround
There is no known workaround at this time.
Resolution
All Quagga users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/quagga-0.98.6-r2"
References
[ 1 ] CVE-2007-1995 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1995
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200705-05.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Debian Security Advisory DSA 1293-1 security@debian.org http://www.debian.org/security/ Martin Schulze May 17th, 2007 http://www.debian.org/security/faq
Package : quagga Vulnerability : out of boundary read Problem type : remote Debian-specific: no CVE ID : CVE-2007-1995 BugTraq ID : 23417 Debian Bug : 418323
Paul Jakma discovered that specially crafted UPDATE messages can trigger an out of boundary read that can result in a system crash of quagga, the BGP/OSPF/RIP routing daemon.
For the old stable distribution (sarge) this problem has been fixed in version 0.98.3-7.4.
For the stable distribution (etch) this problem has been fixed in version 0.99.5-5etch2.
For the unstable distribution (sid) this problem has been fixed in version 0.99.6-5.
We recommend that you upgrade your quagga package.
Upgrade Instructions
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4.dsc
Size/MD5 checksum: 1017 668014e3d7bde772eac63fc2809538c8
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4.diff.gz
Size/MD5 checksum: 45503 ce79e6a7a23c57551af673936957b520
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3.orig.tar.gz
Size/MD5 checksum: 2118348 68be5e911e4d604c0f5959338263356e
Architecture independent components:
http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.98.3-7.4_all.deb
Size/MD5 checksum: 488726 9176bb6c2d44c83c6b0235fe2d787c24
Alpha architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_alpha.deb
Size/MD5 checksum: 1613754 754e865cef5379625e6ac77fc03a1175
AMD64 architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_amd64.deb
Size/MD5 checksum: 1413316 5aa1b7a4d2a9a262d89e6ff050b61140
ARM architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_arm.deb
Size/MD5 checksum: 1290700 071171571b6afb1937cfe6d535a571dc
HP Precision architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_hppa.deb
Size/MD5 checksum: 1447856 c4137c1ad75efb58c080a96aa9c0699e
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_i386.deb
Size/MD5 checksum: 1193528 52640ebe894244e34b98b43150028c01
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_ia64.deb
Size/MD5 checksum: 1829130 27191432085ad6ebff2160874aa06826
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_m68k.deb
Size/MD5 checksum: 1160000 c2f78f24982732c9804de4297c4c2672
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_mips.deb
Size/MD5 checksum: 1353040 6ceb137f2908165b4d1420f56b8be65b
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_mipsel.deb
Size/MD5 checksum: 1355964 a1685523eede48afe70b1861a6b38038
PowerPC architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_powerpc.deb
Size/MD5 checksum: 1317034 2d80694cf741a3ed85617dbf4e7b4776
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_s390.deb
Size/MD5 checksum: 1401630 458f1f892e6ed57677971334589ecc45
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_sparc.deb
Size/MD5 checksum: 1287812 e92233bfc759de15910da4241e27ebd1
Debian GNU/Linux 4.0 alias etch
Source archives:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2.dsc
Size/MD5 checksum: 762 667f0d6ae4984aa499d912b12d9146b9
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2.diff.gz
Size/MD5 checksum: 33122 ac7da5cf6b143338aef2b8c6da3b2b3a
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5.orig.tar.gz
Size/MD5 checksum: 2311140 3f9c71aca6faa22a889e2f84ecfd0076
Architecture independent components:
http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.99.5-5etch2_all.deb
Size/MD5 checksum: 719938 01bcc6c571f620c957e1ea2b5cacf9f6
Alpha architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_alpha.deb
Size/MD5 checksum: 1681634 1f05ece668256dce58fe303801eb80b9
AMD64 architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_amd64.deb
Size/MD5 checksum: 1415656 6e88dd4c6f56eba87c752369590cf486
ARM architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_arm.deb
Size/MD5 checksum: 1347388 c33f7ed4aed2e8f846975ace01cee97c
HP Precision architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_hppa.deb
Size/MD5 checksum: 1531224 22ce4a12ec77dae40ab0d064a7caeb9b
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_i386.deb
Size/MD5 checksum: 1246878 d358565ab725d69a366115ff6ef277c3
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_ia64.deb
Size/MD5 checksum: 1955390 9327ea2cf8778b8cca45d1ccea8092f7
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_mips.deb
Size/MD5 checksum: 1455582 a415e82fd838b9ce0f5badcdf4278770
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_mipsel.deb
Size/MD5 checksum: 1460546 af16aa91c13c54fa84769e3e30d521f0
PowerPC architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_powerpc.deb
Size/MD5 checksum: 1379422 e7f92220a37daac49ddb3b0da124b9f7
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_s390.deb
Size/MD5 checksum: 1482556 87509f6d9afef8940e0b35055f590ed8
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_sparc.deb
Size/MD5 checksum: 1347908 db02aaf16c68dfac81a509b8145ca001
These files will probably be moved into the stable distribution on its next update.
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGTA8+W5ql+IAeqTIRApJFAJ0Zzdee8GfPVGWPY4woGKs4K1av8ACdH6xD EQiEXt1eQaZqI//EEe6eEcI= =NJHp -----END PGP SIGNATURE-----
.
References: [0] http://www.quagga.net/ [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1995
Primary Package Name: quagga Primary Package Home: http://openpkg.org/go/package/quagga
Corrected Distribution: Corrected Branch: Corrected Package: OpenPKG Enterprise E1.0-SOLID quagga-0.99.5-E1.0.1 OpenPKG Community CURRENT quagga-0.99.7-20070430
For security reasons, this document was digitally signed with the OpenPGP public key of the OpenPKG GmbH (public key id 61B7AE34) which you can download from http://openpkg.com/openpkg.com.pgp or retrieve from the OpenPGP keyserver at hkp://pgp.openpkg.org/. Follow the instructions at http://openpkg.com/security/signatures/ for more details on how to verify the integrity of this document
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200704-0182",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quagga",
"scope": "lte",
"trust": 1.8,
"vendor": "quagga",
"version": "0.98.6"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.96.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.96.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.95"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.96"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.96.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.96.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.97.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.97.0"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.97.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.96.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.0"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.5"
},
{
"model": "quagga",
"scope": "lte",
"trust": 0.8,
"vendor": "quagga",
"version": "0.99.6"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3 (x86)"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3 (x86-64)"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "4.0"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "4.0 (x86-64)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "10 (sparc)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "10 (x86)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (ws)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (server)"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5.0 (client)"
},
{
"model": "rhel desktop workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (client)"
},
{
"model": "linux ppc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "1.0"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.1x86-64"
},
{
"model": "linux professional x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10.2"
},
{
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.3"
},
{
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "suse linux open-xchange",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "4.1"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.5"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.10"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.2"
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.3"
},
{
"model": "open-enterprise-server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"model": "novell linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9"
},
{
"model": "unitedlinux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "1.0"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.04"
},
{
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.04"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "hat enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.4"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux ppc",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.1"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.10"
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.1x86"
},
{
"model": "linux personal x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.3"
},
{
"model": "linux enterprise server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "9"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.10"
},
{
"model": "office server",
"scope": null,
"trust": 0.3,
"vendor": "s u s e",
"version": null
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.1"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.2"
},
{
"model": "open-enterprise-server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "1"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.10"
},
{
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "e1.0-solid",
"scope": null,
"trust": 0.3,
"vendor": "openpkg",
"version": null
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux professional",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0"
},
{
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "linux professional oss",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9"
},
{
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0x86"
},
{
"model": "linux professional x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.3"
},
{
"model": "secure linux",
"scope": "eq",
"trust": 0.3,
"vendor": "trustix",
"version": "3.0"
},
{
"model": "suse linux retail solution",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "8.0"
},
{
"model": "linux personal oss",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0"
},
{
"model": "linux enterprise desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "enterprise linux desktop version",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux database server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "0"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "suse linux standard server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "8.0"
},
{
"model": "linux openexchange server",
"scope": null,
"trust": 0.3,
"vendor": "s u s e",
"version": null
},
{
"model": "linux professional",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.1"
},
{
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "linux professional",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.2"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.1"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.6"
},
{
"model": "linux professional",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "10"
},
{
"model": "linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10"
},
{
"model": "novell linux pos",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9"
},
{
"model": "open-enterprise-server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "0"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.3"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux office server",
"scope": null,
"trust": 0.3,
"vendor": "s u s e",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0x86-64"
},
{
"model": "propack sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "3.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "novell linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"model": "linux personal x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10.2"
},
{
"model": "suse linux school server for i386",
"scope": null,
"trust": 0.3,
"vendor": "s u s e",
"version": null
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.2"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "novell linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "1.0"
},
{
"model": "solaris 10 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "current",
"scope": null,
"trust": 0.3,
"vendor": "openpkg",
"version": null
},
{
"model": "linux enterprise sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "9"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.6"
},
{
"model": "secure linux",
"scope": "eq",
"trust": 0.3,
"vendor": "trustix",
"version": "3.0.5"
},
{
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux enterprise sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise server 9-sp3",
"scope": null,
"trust": 0.3,
"vendor": "s u s e",
"version": null
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "linux ppc",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.04"
},
{
"model": "suse linux openexchange server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "4.0"
},
{
"model": "interactive response",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "linux connectivity server",
"scope": null,
"trust": 0.3,
"vendor": "s u s e",
"version": null
},
{
"model": "hat enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "4"
},
{
"model": "hat enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "3"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "suse core for",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9x86"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.04"
}
],
"sources": [
{
"db": "BID",
"id": "23417"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000419"
},
{
"db": "CNNVD",
"id": "CNNVD-200704-215"
},
{
"db": "NVD",
"id": "CVE-2007-1995"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.95:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "0.98.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-1995"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Paul Jakma",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200704-215"
}
],
"trust": 0.6
},
"cve": "CVE-2007-1995",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/severity#"
},
"@id": "https://www.variotdbs.pl/ref/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2007-1995",
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.8,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-1995",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200704-215",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-000419"
},
{
"db": "CNNVD",
"id": "CNNVD-200704-215"
},
{
"db": "NVD",
"id": "CVE-2007-1995"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read. (DoS) There is a vulnerability that becomes a condition.Crafted by a third party UPDATE Service disruption by sending a message (DoS) It may be in a state. Quagga is prone to a remote denial-of-service vulnerability because it fails to handle a malformed multi-protocol message. \nA remote attacker can exploit this issue by submitting a maliciously crafted message to the application. \nSuccessful exploits will cause the Quagga \u0027bgpd\u0027 daemon to abort, denying further service to legitimate users. \nQuagga 0.99.6 and prior versions (0.99 branch) as well as 0.98.6 and prior versions (0.98 branch) are vulnerable. =========================================================== \nUbuntu Security Notice USN-461-1 May 17, 2007\nquagga vulnerability\nCVE-2007-1995\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 6.06 LTS\nUbuntu 6.10\nUbuntu 7.04\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 6.06 LTS:\n quagga 0.99.2-1ubuntu3.1\n\nUbuntu 6.10:\n quagga 0.99.4-4ubuntu1.1\n\nUbuntu 7.04:\n quagga 0.99.6-2ubuntu3.1\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes. \n\nDetails follow:\n\nIt was discovered that Quagga did not correctly verify length \ninformation sent from configured peers. Remote malicious peers could \nsend a specially crafted UPDATE message which would cause bgpd to abort, \nleading to a denial of service. \n \n Updated packages have been patched to correct this issue. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1995\n _______________________________________________________________________\n \n Updated Packages:\n \n Corporate 4.0:\n becaf6ded7283c9c6021b225cdf4610a corporate/4.0/i586/libquagga0-0.99.3-1.1.20060mlcs4.i586.rpm\n 71834dab731b65e7a35a9fdd9732a889 corporate/4.0/i586/libquagga0-devel-0.99.3-1.1.20060mlcs4.i586.rpm\n cfbeb9e74071ffac712e5162f2613ac9 corporate/4.0/i586/quagga-0.99.3-1.1.20060mlcs4.i586.rpm\n 7cde7b9c156b90b8dcc960bfc1e32cbe corporate/4.0/i586/quagga-contrib-0.99.3-1.1.20060mlcs4.i586.rpm \n 725cf792adafc90d58a34178e4066771 corporate/4.0/SRPMS/quagga-0.99.3-1.1.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n 92d1d28d06eb4eaff483882a41a5d31b corporate/4.0/x86_64/lib64quagga0-0.99.3-1.1.20060mlcs4.x86_64.rpm\n ccfa5e5665423f19b0c36ff13db53164 corporate/4.0/x86_64/lib64quagga0-devel-0.99.3-1.1.20060mlcs4.x86_64.rpm\n a9af90e11e1b9f0485718d4762b1f8fd corporate/4.0/x86_64/quagga-0.99.3-1.1.20060mlcs4.x86_64.rpm\n 596581e4051d2e02ae2b476e3aa83f74 corporate/4.0/x86_64/quagga-contrib-0.99.3-1.1.20060mlcs4.x86_64.rpm \n 725cf792adafc90d58a34178e4066771 corporate/4.0/SRPMS/quagga-0.99.3-1.1.20060mlcs4.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFGONI7mqjQ0CJFipgRAhmXAKCr1iOp0SaSv1WdD2EsWJjqR3ZF4ACfZ2FP\n56VBScMSKds3eiA29koFg5w=\n=IS+w\n-----END PGP SIGNATURE-----\n\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 200705-05\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Quagga: Denial of Service\n Date: May 02, 2007\n Bugs: #174206\n ID: 200705-05\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nA vulnerability has been discovered in Quagga allowing for a Denial of\nService. \n\nBackground\n==========\n\nQuagga is a free routing daemon, supporting RIP, OSPF and BGP\nprotocols. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/quagga \u003c 0.98.6-r2 \u003e= 0.98.6-r2\n\nDescription\n===========\n\nThe Quagga development team reported a vulnerability in the BGP routing\ndeamon when processing NLRI attributes inside UPDATE messages. \n\nImpact\n======\n\nA malicious peer inside a BGP area could send a specially crafted\npacket to a Quagga instance, possibly resulting in a crash of the\nQuagga daemon. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Quagga users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/quagga-0.98.6-r2\"\n\nReferences\n==========\n\n [ 1 ] CVE-2007-1995\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1995\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-200705-05.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2007 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1293-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nMay 17th, 2007 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : quagga\nVulnerability : out of boundary read\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2007-1995\nBugTraq ID : 23417\nDebian Bug : 418323\n\nPaul Jakma discovered that specially crafted UPDATE messages can\ntrigger an out of boundary read that can result in a system crash of\nquagga, the BGP/OSPF/RIP routing daemon. \n\nFor the old stable distribution (sarge) this problem has been fixed in\nversion 0.98.3-7.4. \n\nFor the stable distribution (etch) this problem has been fixed in\nversion 0.99.5-5etch2. \n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 0.99.6-5. \n\nWe recommend that you upgrade your quagga package. \n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file. \n\nIf you are using the apt-get package manager, use the line for\nsources.list as given at the end of this advisory:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration. \n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4.dsc\n Size/MD5 checksum: 1017 668014e3d7bde772eac63fc2809538c8\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4.diff.gz\n Size/MD5 checksum: 45503 ce79e6a7a23c57551af673936957b520\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3.orig.tar.gz\n Size/MD5 checksum: 2118348 68be5e911e4d604c0f5959338263356e\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.98.3-7.4_all.deb\n Size/MD5 checksum: 488726 9176bb6c2d44c83c6b0235fe2d787c24\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_alpha.deb\n Size/MD5 checksum: 1613754 754e865cef5379625e6ac77fc03a1175\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_amd64.deb\n Size/MD5 checksum: 1413316 5aa1b7a4d2a9a262d89e6ff050b61140\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_arm.deb\n Size/MD5 checksum: 1290700 071171571b6afb1937cfe6d535a571dc\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_hppa.deb\n Size/MD5 checksum: 1447856 c4137c1ad75efb58c080a96aa9c0699e\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_i386.deb\n Size/MD5 checksum: 1193528 52640ebe894244e34b98b43150028c01\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_ia64.deb\n Size/MD5 checksum: 1829130 27191432085ad6ebff2160874aa06826\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_m68k.deb\n Size/MD5 checksum: 1160000 c2f78f24982732c9804de4297c4c2672\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_mips.deb\n Size/MD5 checksum: 1353040 6ceb137f2908165b4d1420f56b8be65b\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_mipsel.deb\n Size/MD5 checksum: 1355964 a1685523eede48afe70b1861a6b38038\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_powerpc.deb\n Size/MD5 checksum: 1317034 2d80694cf741a3ed85617dbf4e7b4776\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_s390.deb\n Size/MD5 checksum: 1401630 458f1f892e6ed57677971334589ecc45\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_sparc.deb\n Size/MD5 checksum: 1287812 e92233bfc759de15910da4241e27ebd1\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2.dsc\n Size/MD5 checksum: 762 667f0d6ae4984aa499d912b12d9146b9\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2.diff.gz\n Size/MD5 checksum: 33122 ac7da5cf6b143338aef2b8c6da3b2b3a\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5.orig.tar.gz\n Size/MD5 checksum: 2311140 3f9c71aca6faa22a889e2f84ecfd0076\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.99.5-5etch2_all.deb\n Size/MD5 checksum: 719938 01bcc6c571f620c957e1ea2b5cacf9f6\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_alpha.deb\n Size/MD5 checksum: 1681634 1f05ece668256dce58fe303801eb80b9\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_amd64.deb\n Size/MD5 checksum: 1415656 6e88dd4c6f56eba87c752369590cf486\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_arm.deb\n Size/MD5 checksum: 1347388 c33f7ed4aed2e8f846975ace01cee97c\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_hppa.deb\n Size/MD5 checksum: 1531224 22ce4a12ec77dae40ab0d064a7caeb9b\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_i386.deb\n Size/MD5 checksum: 1246878 d358565ab725d69a366115ff6ef277c3\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_ia64.deb\n Size/MD5 checksum: 1955390 9327ea2cf8778b8cca45d1ccea8092f7\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_mips.deb\n Size/MD5 checksum: 1455582 a415e82fd838b9ce0f5badcdf4278770\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_mipsel.deb\n Size/MD5 checksum: 1460546 af16aa91c13c54fa84769e3e30d521f0\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_powerpc.deb\n Size/MD5 checksum: 1379422 e7f92220a37daac49ddb3b0da124b9f7\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_s390.deb\n Size/MD5 checksum: 1482556 87509f6d9afef8940e0b35055f590ed8\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_sparc.deb\n Size/MD5 checksum: 1347908 db02aaf16c68dfac81a509b8145ca001\n\n\n These files will probably be moved into the stable distribution on\n its next update. \n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show \u003cpkg\u003e\u0027 and http://packages.debian.org/\u003cpkg\u003e\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.6 (GNU/Linux)\n\niD8DBQFGTA8+W5ql+IAeqTIRApJFAJ0Zzdee8GfPVGWPY4woGKs4K1av8ACdH6xD\nEQiEXt1eQaZqI//EEe6eEcI=\n=NJHp\n-----END PGP SIGNATURE-----\n\n. \n\nReferences:\n [0] http://www.quagga.net/\n [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1995\n____________________________________________________________________________\n\nPrimary Package Name: quagga\nPrimary Package Home: http://openpkg.org/go/package/quagga\n\nCorrected Distribution: Corrected Branch: Corrected Package:\nOpenPKG Enterprise E1.0-SOLID quagga-0.99.5-E1.0.1\nOpenPKG Community CURRENT quagga-0.99.7-20070430\n____________________________________________________________________________\n\nFor security reasons, this document was digitally signed with the\nOpenPGP public key of the OpenPKG GmbH (public key id 61B7AE34)\nwhich you can download from http://openpkg.com/openpkg.com.pgp\nor retrieve from the OpenPGP keyserver at hkp://pgp.openpkg.org/. \nFollow the instructions at http://openpkg.com/security/signatures/\nfor more details on how to verify the integrity of this document",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-1995"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000419"
},
{
"db": "BID",
"id": "23417"
},
{
"db": "PACKETSTORM",
"id": "56853"
},
{
"db": "PACKETSTORM",
"id": "56424"
},
{
"db": "PACKETSTORM",
"id": "56418"
},
{
"db": "PACKETSTORM",
"id": "56818"
},
{
"db": "PACKETSTORM",
"id": "56854"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-1995",
"trust": 3.2
},
{
"db": "BID",
"id": "23417",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "24808",
"trust": 2.4
},
{
"db": "SECUNIA",
"id": "29743",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "25084",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "25428",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "25255",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "25312",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "25119",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "25293",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2008-1195",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2007-1336",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1018142",
"trust": 1.6
},
{
"db": "XF",
"id": "33547",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000419",
"trust": 0.8
},
{
"db": "DEBIAN",
"id": "DSA-1293",
"trust": 0.6
},
{
"db": "TRUSTIX",
"id": "2007-0017",
"trust": 0.6
},
{
"db": "UBUNTU",
"id": "USN-461-1",
"trust": 0.6
},
{
"db": "SUSE",
"id": "SUSE-SR:2007:009",
"trust": 0.6
},
{
"db": "GENTOO",
"id": "GLSA-200705-05",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2007:0389",
"trust": 0.6
},
{
"db": "OPENPKG",
"id": "OPENPKG-SA-2007.015",
"trust": 0.6
},
{
"db": "MANDRIVA",
"id": "MDKSA-2007:096",
"trust": 0.6
},
{
"db": "SUNALERT",
"id": "236141",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200704-215",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "56853",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "56424",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "56418",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "56818",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "56854",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "23417"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000419"
},
{
"db": "PACKETSTORM",
"id": "56853"
},
{
"db": "PACKETSTORM",
"id": "56424"
},
{
"db": "PACKETSTORM",
"id": "56418"
},
{
"db": "PACKETSTORM",
"id": "56818"
},
{
"db": "PACKETSTORM",
"id": "56854"
},
{
"db": "CNNVD",
"id": "CNNVD-200704-215"
},
{
"db": "NVD",
"id": "CVE-2007-1995"
}
]
},
"id": "VAR-200704-0182",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.1590909
},
"last_update_date": "2022-05-29T21:15:25.945000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "quagga-0.98.6-5.1AXS3",
"trust": 0.8,
"url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=277"
},
{
"title": "1030",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/update/list.php?errata_id=1030"
},
{
"title": "2007-04-08",
"trust": 0.8,
"url": "http://www.quagga.net/news2.php?y=2007\u0026m=4\u0026d=8#id1176073740"
},
{
"title": "id354",
"trust": 0.8,
"url": "http://bugzilla.quagga.net/show_bug.cgi?id=354"
},
{
"title": "id355",
"trust": 0.8,
"url": "http://bugzilla.quagga.net/show_bug.cgi?id=355"
},
{
"title": "RHSA-2007:0389",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2007-0389.html"
},
{
"title": "236141",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-236141-1"
},
{
"title": "RHSA-2007:0389",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2007-0389j.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-000419"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-000419"
},
{
"db": "NVD",
"id": "CVE-2007-1995"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://secunia.com/advisories/24808"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/23417"
},
{
"trust": 1.9,
"url": "http://www.quagga.net/news2.php?y=2007\u0026m=4\u0026d=8#id1176073740"
},
{
"trust": 1.7,
"url": "http://security.gentoo.org/glsa/glsa-200705-05.xml"
},
{
"trust": 1.6,
"url": "http://www.ubuntu.com/usn/usn-461-1"
},
{
"trust": 1.6,
"url": "http://www.trustix.org/errata/2007/0017/"
},
{
"trust": 1.6,
"url": "http://www.novell.com/linux/security/advisories/2007_9_sr.html"
},
{
"trust": 1.6,
"url": "http://www.debian.org/security/2007/dsa-1293"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/25312"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/25293"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/25255"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/25119"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/25084"
},
{
"trust": 1.6,
"url": "http://bugzilla.quagga.net/show_bug.cgi?id=355"
},
{
"trust": 1.6,
"url": "http://bugzilla.quagga.net/show_bug.cgi?id=354"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id?1018142"
},
{
"trust": 1.6,
"url": "http://www.redhat.com/support/errata/rhsa-2007-0389.html"
},
{
"trust": 1.6,
"url": "http://www.openpkg.com/security/advisories/openpkg-sa-2007.015.html"
},
{
"trust": 1.6,
"url": "http://www.mandriva.com/security/advisories?name=mdksa-2007:096"
},
{
"trust": 1.6,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-236141-1"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/29743"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/25428"
},
{
"trust": 1.4,
"url": "http://www.frsirt.com/english/advisories/2007/1336"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/33547"
},
{
"trust": 1.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1995"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2008/1195/references"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2007/1336"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33547"
},
{
"trust": 1.0,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11048"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-1995"
},
{
"trust": 0.6,
"url": "http://frontal2.mandriva.com/security/advisories?name=mdksa-2007:096"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2008/1195/references"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-1995"
},
{
"trust": 0.4,
"url": "http://www.quagga.net/"
},
{
"trust": 0.3,
"url": "https://rhn.redhat.com/errata/rhsa-2007-0389.html"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-236141-1"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/elmodocs2/security/asa-2008-176.htm"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6-2ubuntu3.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4-4ubuntu1.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.1.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4-4ubuntu1.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4-4ubuntu1.1.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6-2ubuntu3.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4-4ubuntu1.1.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6-2ubuntu3.1.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6-2ubuntu3.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.2-1ubuntu3.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6-2ubuntu3.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.4-4ubuntu1.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.1.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6-2ubuntu3.1.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4-4ubuntu1.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4-4ubuntu1.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.6-2ubuntu3.1_all.deb"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.1,
"url": "http://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.98.3-7.4_all.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_m68k.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_ia64.deb"
},
{
"trust": 0.1,
"url": "http://packages.debian.org/\u003cpkg\u003e"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.99.5-5etch2_all.deb"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2.diff.gz"
},
{
"trust": 0.1,
"url": "http://openpkg.com/security/signatures/"
},
{
"trust": 0.1,
"url": "http://openpkg.com/\u003e"
},
{
"trust": 0.1,
"url": "http://openpkg.com/go/openpkg-sa-2007.015"
},
{
"trust": 0.1,
"url": "http://openpkg.com/"
},
{
"trust": 0.1,
"url": "http://openpkg.com/go/openpkg-sa"
},
{
"trust": 0.1,
"url": "http://openpkg.org/go/package/quagga"
},
{
"trust": 0.1,
"url": "http://openpkg.com/openpkg.com.pgp"
}
],
"sources": [
{
"db": "BID",
"id": "23417"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000419"
},
{
"db": "PACKETSTORM",
"id": "56853"
},
{
"db": "PACKETSTORM",
"id": "56424"
},
{
"db": "PACKETSTORM",
"id": "56418"
},
{
"db": "PACKETSTORM",
"id": "56818"
},
{
"db": "PACKETSTORM",
"id": "56854"
},
{
"db": "CNNVD",
"id": "CNNVD-200704-215"
},
{
"db": "NVD",
"id": "CVE-2007-1995"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "23417"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000419"
},
{
"db": "PACKETSTORM",
"id": "56853"
},
{
"db": "PACKETSTORM",
"id": "56424"
},
{
"db": "PACKETSTORM",
"id": "56418"
},
{
"db": "PACKETSTORM",
"id": "56818"
},
{
"db": "PACKETSTORM",
"id": "56854"
},
{
"db": "CNNVD",
"id": "CNNVD-200704-215"
},
{
"db": "NVD",
"id": "CVE-2007-1995"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-04-11T00:00:00",
"db": "BID",
"id": "23417"
},
{
"date": "2007-06-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-000419"
},
{
"date": "2007-05-21T03:55:14",
"db": "PACKETSTORM",
"id": "56853"
},
{
"date": "2007-05-03T07:51:36",
"db": "PACKETSTORM",
"id": "56424"
},
{
"date": "2007-05-03T07:27:55",
"db": "PACKETSTORM",
"id": "56418"
},
{
"date": "2007-05-21T02:44:19",
"db": "PACKETSTORM",
"id": "56818"
},
{
"date": "2007-05-21T03:57:45",
"db": "PACKETSTORM",
"id": "56854"
},
{
"date": "2007-04-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200704-215"
},
{
"date": "2007-04-12T10:19:00",
"db": "NVD",
"id": "CVE-2007-1995"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-04-23T16:27:00",
"db": "BID",
"id": "23417"
},
{
"date": "2008-10-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-000419"
},
{
"date": "2007-10-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200704-215"
},
{
"date": "2017-10-11T01:32:00",
"db": "NVD",
"id": "CVE-2007-1995"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "56853"
},
{
"db": "PACKETSTORM",
"id": "56424"
},
{
"db": "CNNVD",
"id": "CNNVD-200704-215"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Quagga BGPD UPDATE Message Remote Denial Of Service Vulnerability",
"sources": [
{
"db": "BID",
"id": "23417"
},
{
"db": "CNNVD",
"id": "CNNVD-200704-215"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200704-215"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.