cnvd - cnvd-2017-35374

CNVD-2017-35374

Vulnerability from cnvd - Published: 2017-11-29

Title

Quagga拒绝服务漏洞（CNVD-2017-35374）

Description

Quagga是美国软件开发者Kunihiro Ishiguro所研发的一款路由软件套件。该套件可在多种平台上实现OSPFv2、OSPFv3、RIP v1/v2等协议，并提供路由重分布、路由映射等功能。 Quagga中存在拒绝服务漏洞。远程攻击者可通过发送特制的OSPF消息利用该漏洞删除和更改路由器的路由选择表，导致拒绝服务。

Severity

中

Patch Name

Quagga拒绝服务漏洞（CNVD-2017-35374）的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://en.wikipedia.org/wiki/Open_Shortest_Path_First

Reference

http://www.kb.cert.org/vuls/id/793496

Impacted products

Name
Quagga Quagga

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-3224"
    }
  },
  "description": "Quagga\u662f\u7f8e\u56fd\u8f6f\u4ef6\u5f00\u53d1\u8005Kunihiro Ishiguro\u6240\u7814\u53d1\u7684\u4e00\u6b3e\u8def\u7531\u8f6f\u4ef6\u5957\u4ef6\u3002\u8be5\u5957\u4ef6\u53ef\u5728\u591a\u79cd\u5e73\u53f0\u4e0a\u5b9e\u73b0OSPFv2\u3001OSPFv3\u3001RIP v1/v2\u7b49\u534f\u8bae\uff0c\u5e76\u63d0\u4f9b\u8def\u7531\u91cd\u5206\u5e03\u3001\u8def\u7531\u6620\u5c04\u7b49\u529f\u80fd\u3002\r\n\r\nQuagga\u4e2d\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u7279\u5236\u7684OSPF\u6d88\u606f\u5229\u7528\u8be5\u6f0f\u6d1e\u5220\u9664\u548c\u66f4\u6539\u8def\u7531\u5668\u7684\u8def\u7531\u9009\u62e9\u8868\uff0c\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "Adi Sosnovich, Orna Grumberg, and Gabi Nakibly",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://en.wikipedia.org/wiki/Open_Shortest_Path_First",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-35374",
  "openTime": "2017-11-29",
  "patchDescription": "Quagga\u662f\u7f8e\u56fd\u8f6f\u4ef6\u5f00\u53d1\u8005Kunihiro Ishiguro\u6240\u7814\u53d1\u7684\u4e00\u6b3e\u8def\u7531\u8f6f\u4ef6\u5957\u4ef6\u3002\u8be5\u5957\u4ef6\u53ef\u5728\u591a\u79cd\u5e73\u53f0\u4e0a\u5b9e\u73b0OSPFv2\u3001OSPFv3\u3001RIP v1/v2\u7b49\u534f\u8bae\uff0c\u5e76\u63d0\u4f9b\u8def\u7531\u91cd\u5206\u5e03\u3001\u8def\u7531\u6620\u5c04\u7b49\u529f\u80fd\u3002\r\n\r\nQuagga\u4e2d\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u7279\u5236\u7684OSPF\u6d88\u606f\u5229\u7528\u8be5\u6f0f\u6d1e\u5220\u9664\u548c\u66f4\u6539\u8def\u7531\u5668\u7684\u8def\u7531\u9009\u62e9\u8868\uff0c\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Quagga\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2017-35374\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Quagga Quagga"
  },
  "referenceLink": "http://www.kb.cert.org/vuls/id/793496",
  "serverity": "\u4e2d",
  "submitTime": "2017-09-22",
  "title": "Quagga\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2017-35374\uff09"
}

CVE-2017-3224 (GCVE-0-2017-3224)

Vulnerability from cvelistv5 – Published: 2018-07-24 15:00 – Updated: 2024-08-05 14:16

Summary

Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State Advertisement (LSA) recency for LSAs with MaxSequenceNumber. According to RFC 2328 section 13.1, for two instances of the same LSA, recency is determined by first comparing sequence numbers, then checksums, and finally MaxAge. In a case where the sequence numbers are the same, the LSA with the larger checksum is considered more recent, and will not be flushed from the Link State Database (LSDB). Since the RFC does not explicitly state that the values of links carried by a LSA must be the same when prematurely aging a self-originating LSA with MaxSequenceNumber, it is possible in vulnerable OSPF implementations for an attacker to craft a LSA with MaxSequenceNumber and invalid links that will result in a larger checksum and thus a 'newer' LSA that will not be flushed from the LSDB. Propagation of the crafted LSA can result in the erasure or alteration of the routing tables of routers within the routing domain, creating a denial of service condition or the re-routing of traffic on the network. CVE-2017-3224 has been reserved for Quagga and downstream implementations (SUSE, openSUSE, and Red Hat packages).

Severity ?

No CVSS data available.

CWE

CWE-354

Assigner

certcc

References

URL

Tags

https://www.kb.cert.org/vuls/id/793496

third-party-advisoryx_refsource_CERT-VN

Impacted products

	Vendor	Product	Version
	Open Shortest Path First (OSPF)	Protocol	Unknown: N/A

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:16:28.299Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VU#793496",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/793496"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Protocol",
          "vendor": "Open Shortest Path First (OSPF)",
          "versions": [
            {
              "status": "unknown",
              "version": "N/A"
            }
          ]
        }
      ],
      "datePublic": "2017-07-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State Advertisement (LSA) recency for LSAs with MaxSequenceNumber. According to RFC 2328 section 13.1, for two instances of the same LSA, recency is determined by first comparing sequence numbers, then checksums, and finally MaxAge. In a case where the sequence numbers are the same, the LSA with the larger checksum is considered more recent, and will not be flushed from the Link State Database (LSDB). Since the RFC does not explicitly state that the values of links carried by a LSA must be the same when prematurely aging a self-originating LSA with MaxSequenceNumber, it is possible in vulnerable OSPF implementations for an attacker to craft a LSA with MaxSequenceNumber and invalid links that will result in a larger checksum and thus a \u0027newer\u0027 LSA that will not be flushed from the LSDB. Propagation of the crafted LSA can result in the erasure or alteration of the routing tables of routers within the routing domain, creating a denial of service condition or the re-routing of traffic on the network. CVE-2017-3224 has been reserved for Quagga and downstream implementations (SUSE, openSUSE, and Red Hat packages)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-354",
              "description": "CWE-354",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-24T14:57:01",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "name": "VU#793496",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/793496"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Open Shortest Path First (OSPF) protocol implementations may improperly determine LSA recency in affected Quagga and downstream implementations (SUSE, openSUSE, and Red Hat packages)",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2017-3224",
          "STATE": "PUBLIC",
          "TITLE": "Open Shortest Path First (OSPF) protocol implementations may improperly determine LSA recency in affected Quagga and downstream implementations (SUSE, openSUSE, and Red Hat packages)"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Protocol",
                      "version": {
                        "version_data": [
                          {
                            "affected": "?",
                            "version_affected": "?",
                            "version_value": "N/A"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Open Shortest Path First (OSPF)"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State Advertisement (LSA) recency for LSAs with MaxSequenceNumber. According to RFC 2328 section 13.1, for two instances of the same LSA, recency is determined by first comparing sequence numbers, then checksums, and finally MaxAge. In a case where the sequence numbers are the same, the LSA with the larger checksum is considered more recent, and will not be flushed from the Link State Database (LSDB). Since the RFC does not explicitly state that the values of links carried by a LSA must be the same when prematurely aging a self-originating LSA with MaxSequenceNumber, it is possible in vulnerable OSPF implementations for an attacker to craft a LSA with MaxSequenceNumber and invalid links that will result in a larger checksum and thus a \u0027newer\u0027 LSA that will not be flushed from the LSDB. Propagation of the crafted LSA can result in the erasure or alteration of the routing tables of routers within the routing domain, creating a denial of service condition or the re-routing of traffic on the network. CVE-2017-3224 has been reserved for Quagga and downstream implementations (SUSE, openSUSE, and Red Hat packages)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-354"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#793496",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/793496"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2017-3224",
    "datePublished": "2018-07-24T15:00:00",
    "dateReserved": "2016-12-05T00:00:00",
    "dateUpdated": "2024-08-05T14:16:28.299Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2017-35374

CVE-2017-3224 (GCVE-0-2017-3224)

Tags

Sightings

Nomenclature