Vulnerability Note VU#668534

Multiple Quagga remote component vulnerabilities

Original Release date: 26 Sep 2011 | Last revised: 06 Oct 2011

Overview

Quagga contains five remote component vulnerabilities due to issues when handling BGP, OSPF, and OSPFv3 packets.

Description

CERT-FI reports:

Quagga is an open source routing software that can handle various routing protocols such as RIP, BGP and OSPF. Five vulnerabilities have been found in the BGP, OSPF and OSPFv3 components of Quagga. The vulnerabilities allow an attacker to cause a denial of service or potentially to execute his own code by sending a specially modified packets to an affected server. Routing messages are typically accepted from the routing peers. Exploiting these vulnerabilities may require an established routing session (BGP peering or OSPF/OSPFv3 adjacency) to the router.

The vulnerability CVE-2011-3327 is related to the extended communities handling in BGP messages. Receiving a malformed BGP update can result in a buffer overflow and disruption of IPv4 routing.

The vulnerability CVE-2011-3326 results from the handling of LSA (Link State Advertisement) states in the OSPF service. Receiving a modified Link State Update message with malicious state information can result in denial of service in IPv4 routing.

The vulnerability CVE-2011-3325 is a denial of service vulnerability related to Hello message handling by the OSPF service. As Hello messages are used to initiate adjacencies, exploiting the vulnerability may be feasible from the same broadcast domain without an established adjacency. A malformed packet may result in denial of service in IPv4 routing.

The vulnerabilities CVE-2011-3324 and CVE-2011-3323 are related to the IPv6 routing protocol (OSPFv3) implemented in ospf6d daemon. Receiving modified Database Description and Link State Update messages, respectively, can result in denial of service in IPv6 routing.

Impact

An attacker could exploit these vulnerabilities to cause a denial-of-service crash or may execute arbitrary code on the affected server with the permissions of the Quagga software.

Solution

CERT-FI recommends:

Install either the latest version of Quagga (http://www.quagga.net/) or a fixed version of the software provided by your operating system or application vendor.

The vulnerabilities can be remediated by restricting network access to the routing daemon. Exploiting four of the vulnerabilities require established routing sessions or adjacencies.

Vendor Information (Learn More)

Quagga before version 0.99.19

VendorStatusDate NotifiedDate Updated
Debian GNU/LinuxAffected14 Sep 201106 Oct 2011
Red Hat, Inc.Affected14 Sep 201126 Sep 2011
Openwall GNU/*/LinuxNot Affected14 Sep 201116 Sep 2011
Wind River Systems, Inc.Not Affected14 Sep 201122 Sep 2011
Apple Inc.Unknown14 Sep 201114 Sep 2011
Conectiva Inc.Unknown14 Sep 201114 Sep 2011
Cray Inc.Unknown14 Sep 201114 Sep 2011
DragonFly BSD ProjectUnknown14 Sep 201114 Sep 2011
EMC CorporationUnknown14 Sep 201114 Sep 2011
Engarde Secure LinuxUnknown14 Sep 201114 Sep 2011
F5 Networks, Inc.Unknown14 Sep 201114 Sep 2011
Fedora ProjectUnknown14 Sep 201114 Sep 2011
FreeBSD ProjectUnknown14 Sep 201114 Sep 2011
FujitsuUnknown14 Sep 201114 Sep 2011
Gentoo LinuxUnknown14 Sep 201114 Sep 2011
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

Thanks to Riku Hietamäki, Tuomo Untinen and Jukka Taimisto of the Codenomicon CROSS project for reporting this vulnerability to CERT-FI.

This document was written by Michael Orlando.

Other Information

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.