LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: December 22nd, 2014
Linux Advisory Watch: December 19th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: Quagga vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu It was discovered that Quagga did not correctly verify OPEN messages or COMMUNITY attributes sent from configured peers. Malicious authenticated remote peers could send a specially crafted message which would cause bgpd to abort, leading to a denial of service.
=========================================================== 
Ubuntu Security Notice USN-512-1         September 15, 2007
quagga vulnerability
CVE-2007-4826
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  quagga                          0.99.2-1ubuntu3.3

Ubuntu 6.10:
  quagga                          0.99.4-4ubuntu1.2

Ubuntu 7.04:
  quagga                          0.99.6-2ubuntu3.2

In general, a standard system upgrade is sufficient to affect the
necessary changes.

Details follow:

It was discovered that Quagga did not correctly verify OPEN messages or
COMMUNITY attributes sent from configured peers. Malicious authenticated
remote peers could send a specially crafted message which would cause
bgpd to abort, leading to a denial of service.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.3.diff.gz
      Size/MD5:    32441 ef8dcb8af8a4e80bcfae7884c91246b2
    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.3.dsc
      Size/MD5:      762 d875c1da312abaea58e947b01070fea2
    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2.orig.tar.gz
      Size/MD5:  2185137 88087d90697fcf5fe192352634f340b3

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.2-1ubuntu3.3_all.deb
      Size/MD5:   663874 2a18dc0f553a8a31aa2ad1360c0da70a

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.3_amd64.deb
      Size/MD5:  1403902 610bf123e260707c984d573f42e3573e

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.3_i386.deb
      Size/MD5:  1198834 2bb7a83b7dee840274eb7769da1f8756

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.3_powerpc.deb
      Size/MD5:  1351532 44e25c1bdcef2a6500e85b64eb4bc36d

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.3_sparc.deb
      Size/MD5:  1322538 28b109e575361eff2e7bb0a2b71867db

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4-4ubuntu1.2.diff.gz
      Size/MD5:    30580 c402481e9a5dd976cf7720ed216a8dc7
    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4-4ubuntu1.2.dsc
      Size/MD5:      762 652e0e34a27a903f7cba1cb42efe0185
    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4.orig.tar.gz
      Size/MD5:  2207774 a75d3f5ed0b3354274c28d195e3f6479

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.4-4ubuntu1.2_all.deb
      Size/MD5:   706508 d0e90a9178942c8a39466c0a9e7a4707

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4-4ubuntu1.2_amd64.deb
      Size/MD5:  1409522 257b1917e4ce3b91c085ec3275a05cf5

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4-4ubuntu1.2_i386.deb
      Size/MD5:  1244688 29adb0d2304ce55a4fc30fed6b66b613

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4-4ubuntu1.2_powerpc.deb
      Size/MD5:  1375626 9be3046d709b339581375a30227178a9

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4-4ubuntu1.2_sparc.deb
      Size/MD5:  1342646 a621e675ba2c8aa01d989a8b0643075c

Updated packages for Ubuntu 7.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6-2ubuntu3.2.diff.gz
      Size/MD5:    48850 928858025b77e889a6f50ec690e086cb
    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6-2ubuntu3.2.dsc
      Size/MD5:      861 0034ab0361b133fb43c2541be3255628
    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6.orig.tar.gz
      Size/MD5:  2324051 78137ecaa66ff4c3780bd05f60e51cf5

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.6-2ubuntu3.2_all.deb
      Size/MD5:   720818 750d2e8759af8e86bf0df4ef165fd438

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6-2ubuntu3.2_amd64.deb
      Size/MD5:  1477058 ea80dadac30ad0f541f723e9eec97c1d

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6-2ubuntu3.2_i386.deb
      Size/MD5:  1309870 52f63d60039441322967da87fe519b2e

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6-2ubuntu3.2_powerpc.deb
      Size/MD5:  1485474 0ab78f1ff062e7d059492251e6f56715

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6-2ubuntu3.2_sparc.deb
      Size/MD5:  1417054 54948b2e997ecffd4647bb244fa5fa84


 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
White hats do an NSA, figure out LIVE PHONE TRACKING via protocol vuln
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.