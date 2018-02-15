Original Release date: 15 Feb 2018 | Last revised: 15 Feb 2018

The Quagga BGP daemon bpgd prior to version 1.2.3 may be vulnerable to multiple issues that may result in denial of service, information disclosure, or remote code execution.

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer - CVE-2018-5378 (Quagga-2018-0543) The Quagga BGP daemon, bgpd, does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or it may crash.



CWE-415: Double Free - CVE-2018-5379 (Quagga-2018-1114)



The Quagga BGP daemon, bgpd, can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes.



CWE-125: Out-of-bounds Read - CVE-2018-5380 (Quagga-2018-1550)



The Quagga BGP daemon, bgpd, can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input.



CWE-228: Improper Handling of Syntactically Invalid Structure - CVE-2018-5381 (Quagga-2018-1975)



The Quagga BGP daemon, bgpd, had a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI.



For more information, please see Quagga's version 1.2.3 release announcement.



The CVSS score below is based on CVE-2018-5379.

An unauthenticated, remote attacker may be able to use crafted input to result in a crash of bgpd or even allow a remote attacker to gain control of an affected bgpd process.

Apply an update



Quagga has released version 1.2.3 to address these issues. Affected users should apply an update as soon as possible.

Vendor Status Date Notified Date Updated Debian GNU/Linux Affected 06 Feb 2018 CoreOS Not Affected 06 Feb 2018 Alpine Linux Unknown 15 Feb 2018 Arch Linux Unknown 06 Feb 2018 Arista Networks, Inc. Unknown 06 Feb 2018 ASP Linux Unknown 06 Feb 2018 CentOS Unknown 15 Feb 2018 ENEA Unknown 15 Feb 2018 Fedora Project Unknown 06 Feb 2018 Geexbox Unknown 06 Feb 2018 Gentoo Linux Unknown 06 Feb 2018 HomeSeer Unknown 15 Feb 2018 Micro Focus Unknown 08 Feb 2018 MontaVista Software, Inc. Unknown 15 Feb 2018 Novell, Inc. Unknown 06 Feb 2018

Group Score Vector Base 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C Temporal 7.3 E:POC/RL:OF/RC:C Environmental 7.3 CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND

The Quagga developers thank Alban Browaeys, Balaji Gurudoss, Borg, Scott Leggett and Debian QA Group, Eugene Bogomazov, Evgeny Uskov, Gerrie Roos, Mathieu Jadin, Pier Carlo Chiodi, and Rolf Eike Beer.

This document was written by Garret Wassermann.

CVE IDs: CVE-2018-5378 CVE-2018-5379 CVE-2018-5380 CVE-2018-5381

Date Public: 15 Feb 2018

Date First Published: 15 Feb 2018

Date Last Updated: 15 Feb 2018

Document Revision: 37