{ "id": "CVE-2007-4826", "sourceIdentifier": "secalert@redhat.com", "published": "2007-09-12T10:17:00.000", "lastModified": "2024-11-21T00:36:32.487", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", "value": "bgpd in Quagga before 0.99.9 allows explicitly configured BGP peers to cause a denial of service (crash) via a malformed (1) OPEN message or (2) a COMMUNITY attribute, which triggers a NULL pointer dereference. NOTE: vector 2 only exists when debugging is enabled." }, { "lang": "es", "value": "bgpd en Quagga versiones anteriores a 0.99.9, permite que los peers BGP configurados expl\u00edcitamente causen una denegaci\u00f3n de servicio (bloqueo) por medio de (1) mensaje OPEN malformado o (2) un atributo COMMUNITY malformado, que desencadena una desreferencia del puntero NULL. NOTA: el vector 2 solo existe cuando la depuraci\u00f3n est\u00e1 habilitada." } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "baseScore": 3.5, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "SINGLE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL" }, "baseSeverity": "LOW", "exploitabilityScore": 6.8, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*", "versionEndIncluding": "0.99.8", "matchCriteriaId": "C3D7AC38-EF8D-474D-9EA1-30B9E58BD744" }, { "vulnerable": true, "criteria": "cpe:2.3:a:quagga:quagga:0.95:*:*:*:*:*:*:*", "matchCriteriaId": "CD7A8AD5-A315-4242-960C-05E792B30547" }, { "vulnerable": true, "criteria": "cpe:2.3:a:quagga:quagga:0.96:*:*:*:*:*:*:*", "matchCriteriaId": "6B83BCE2-24D0-4B5B-A034-62BFF1894AE2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:quagga:quagga:0.96.1:*:*:*:*:*:*:*", "matchCriteriaId": "FDD63DD9-1809-4CEC-AB69-955A7B127CA8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:quagga:quagga:0.96.2:*:*:*:*:*:*:*", "matchCriteriaId": "0A2AD1AD-DDE2-477B-8EFD-767B6FD8EDBB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:quagga:quagga:0.96.3:*:*:*:*:*:*:*", "matchCriteriaId": "99BD881B-9B53-4E12-B083-87C9C87CDF62" }, { "vulnerable": true, "criteria": "cpe:2.3:a:quagga:quagga:0.96.4:*:*:*:*:*:*:*", "matchCriteriaId": "F910313F-FFE1-470A-A9B6-8A854C73DC97" }, { "vulnerable": true, "criteria": "cpe:2.3:a:quagga:quagga:0.96.5:*:*:*:*:*:*:*", "matchCriteriaId": "9B0A9232-968D-4D3E-82A0-F5CC858EAF48" }, { "vulnerable": true, "criteria": "cpe:2.3:a:quagga:quagga:0.97.0:*:*:*:*:*:*:*", "matchCriteriaId": "CD5F4CFB-BE1F-4424-8D2F-B921704E3AA0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:quagga:quagga:0.97.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A55FF13-8E56-4A27-B7FD-A855735E1045" }, { "vulnerable": true, "criteria": "cpe:2.3:a:quagga:quagga:0.97.2:*:*:*:*:*:*:*", "matchCriteriaId": "F7DDBC3B-99BB-4404-9A73-90ED6581D69A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:quagga:quagga:0.97.3:*:*:*:*:*:*:*", "matchCriteriaId": "AB09A713-E91E-44E7-8B82-F70F655A97B1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:quagga:quagga:0.97.4:*:*:*:*:*:*:*", "matchCriteriaId": "10173750-690B-4576-AB3F-11A0861AA78B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:quagga:quagga:0.97.5:*:*:*:*:*:*:*", "matchCriteriaId": "0EF8693A-D561-4D2E-BD60-5630601C6A94" }, { "vulnerable": true, "criteria": "cpe:2.3:a:quagga:quagga:0.98.0:*:*:*:*:*:*:*", "matchCriteriaId": "BE43983A-73CB-41A5-889B-1AEA9A27F440" }, { "vulnerable": true, "criteria": "cpe:2.3:a:quagga:quagga:0.98.1:*:*:*:*:*:*:*", "matchCriteriaId": "6EB589E9-85C0-4E87-856B-A2832383B129" }, { "vulnerable": true, "criteria": "cpe:2.3:a:quagga:quagga:0.98.2:*:*:*:*:*:*:*", "matchCriteriaId": "7CF5EB8A-8E46-4490-BA88-03D4BED3EB84" }, { "vulnerable": true, "criteria": "cpe:2.3:a:quagga:quagga:0.98.3:*:*:*:*:*:*:*", "matchCriteriaId": "C6445BEF-245C-47CE-9779-96C97CFD4DA7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:quagga:quagga:0.98.4:*:*:*:*:*:*:*", "matchCriteriaId": "48D007FD-C1AD-477E-9AA5-DDB4522D3248" }, { "vulnerable": true, "criteria": "cpe:2.3:a:quagga:quagga:0.98.5:*:*:*:*:*:*:*", "matchCriteriaId": "D6ADB9F6-B519-45D0-966F-F095372FBB49" }, { "vulnerable": true, "criteria": "cpe:2.3:a:quagga:quagga:0.98.6:*:*:*:*:*:*:*", "matchCriteriaId": "6E914BAF-2E3A-415E-BAA7-FA02B4A22E25" }, { "vulnerable": true, "criteria": "cpe:2.3:a:quagga:quagga:0.99.1:*:*:*:*:*:*:*", "matchCriteriaId": "55FCB7EC-8060-434B-B485-0DC7DBFE117D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:quagga:quagga:0.99.2:*:*:*:*:*:*:*", "matchCriteriaId": "9524E069-2A80-4068-9945-2752EF2126EB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:quagga:quagga:0.99.3:*:*:*:*:*:*:*", "matchCriteriaId": "9E1B30CC-478C-4BD1-AF4C-D126B8CCE8D6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:quagga:quagga:0.99.4:*:*:*:*:*:*:*", "matchCriteriaId": "1D713119-F9C6-4656-92C9-A5B863A4B72F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:quagga:quagga:0.99.5:*:*:*:*:*:*:*", "matchCriteriaId": "1A5E99C8-3778-416B-915F-7335C72435B2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:quagga:quagga:0.99.6:*:*:*:*:*:*:*", "matchCriteriaId": "578DCE6D-3360-43DA-B22E-E0005A6AF388" }, { "vulnerable": true, "criteria": "cpe:2.3:a:quagga:quagga:0.99.7:*:*:*:*:*:*:*", "matchCriteriaId": "E4D7B93B-0CF5-4CAF-B1F4-8A816A427BC7" } ] } ] } ], "references": [ { "url": "http://fedoranews.org/updates/FEDORA-2007-219.shtml", "source": "secalert@redhat.com" }, { "url": "http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00153.html", "source": "secalert@redhat.com" }, { "url": "http://quagga.net/news2.php?y=2007&m=9&d=7#id1189190760", "source": "secalert@redhat.com", "tags": [ "Patch" ] }, { "url": "http://secunia.com/advisories/26744", "source": "secalert@redhat.com", "tags": [ "Patch", "Vendor Advisory" ] }, { "url": "http://secunia.com/advisories/26829", "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ] }, { "url": "http://secunia.com/advisories/26863", "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ] }, { "url": "http://secunia.com/advisories/27049", "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ] }, { "url": "http://secunia.com/advisories/29743", "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ] }, { "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-236141-1", "source": "secalert@redhat.com" }, { "url": "http://www.debian.org/security/2007/dsa-1382", "source": "secalert@redhat.com" }, { "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:182", "source": "secalert@redhat.com" }, { "url": "http://www.quagga.net/download/quagga-0.99.9.changelog.txt", "source": "secalert@redhat.com" }, { "url": "http://www.redhat.com/support/errata/RHSA-2010-0785.html", "source": "secalert@redhat.com" }, { "url": "http://www.securityfocus.com/bid/25634", "source": "secalert@redhat.com", "tags": [ "Patch" ] }, { "url": "http://www.trustix.org/errata/2007/0028/", "source": "secalert@redhat.com" }, { "url": "http://www.ubuntu.com/usn/usn-512-1", "source": "secalert@redhat.com" }, { "url": "http://www.vupen.com/english/advisories/2007/3129", "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ] }, { "url": "http://www.vupen.com/english/advisories/2008/1195/references", "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ] }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36551", "source": "secalert@redhat.com" }, { "url": "http://fedoranews.org/updates/FEDORA-2007-219.shtml", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00153.html", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://quagga.net/news2.php?y=2007&m=9&d=7#id1189190760", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ] }, { "url": "http://secunia.com/advisories/26744", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ] }, { "url": "http://secunia.com/advisories/26829", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] }, { "url": "http://secunia.com/advisories/26863", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] }, { "url": "http://secunia.com/advisories/27049", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] }, { "url": "http://secunia.com/advisories/29743", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] }, { "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-236141-1", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.debian.org/security/2007/dsa-1382", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:182", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.quagga.net/download/quagga-0.99.9.changelog.txt", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.redhat.com/support/errata/RHSA-2010-0785.html", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.securityfocus.com/bid/25634", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ] }, { "url": "http://www.trustix.org/errata/2007/0028/", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.ubuntu.com/usn/usn-512-1", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.vupen.com/english/advisories/2007/3129", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] }, { "url": "http://www.vupen.com/english/advisories/2008/1195/references", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36551", "source": "af854a3a-2127-422b-91ae-364da2661108" } ], "vendorComments": [ { "organization": "Red Hat", "comment": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=285691\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.", "lastModified": "2007-09-18T00:00:00" } ] }