var-200905-0194
Vulnerability from variot
The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote attackers to cause a denial of service (crash) via an AS path containing ASN elements whose string representation is longer than expected, which triggers an assert error. Quagga is prone to a remote denial-of-service vulnerability. Exploiting this issue allows remote attackers to cause the vulnerable process to crash, denying further service to legitimate users. Quagga 0.99.11 is vulnerable; other versions may also be affected. ----------------------------------------------------------------------
Are you missing:
SECUNIA ADVISORY ID:
Critical:
Impact:
Where:
within the advisory below?
This is now part of the Secunia commercial solutions.
-- Debian GNU/Linux 5.0 alias lenny --
Source archives:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10.orig.tar.gz Size/MD5 checksum: 2424191 c7a2d92e1c42214afef9b2e1cd4b5d06 http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2.diff.gz Size/MD5 checksum: 40070 b72e19ed913b32923cf4ef293c67f71c http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2.dsc Size/MD5 checksum: 1651 a8ef80d57fd5a5a5b08c7ccc70e6a179
Architecture independent packages:
http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.99.10-1lenny2_all.deb Size/MD5 checksum: 661226 720947423143cb35eb5c26a0d420066b
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_alpha.deb Size/MD5 checksum: 1902736 570becd04ecb3dd8a0581010884928df
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_amd64.deb Size/MD5 checksum: 1748838 f3fcd731d119c422463c36bb4f08be1a
arm architecture (ARM)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_arm.deb Size/MD5 checksum: 1449222 6b654e2d4e1a4f00169309ebbbd3dbf9
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_hppa.deb Size/MD5 checksum: 1681872 8894106d57df0a3d92bb84f148150c2d
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_i386.deb Size/MD5 checksum: 1606310 80046937a2da8a949a8167f753a583ce
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_mipsel.deb Size/MD5 checksum: 1600660 716f61415932929c2f668f99faea448e
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_powerpc.deb Size/MD5 checksum: 1715848 995194031d563994b7d77018d8a4ca3e
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_s390.deb Size/MD5 checksum: 1794568 b1b47e8dae153461f73c98a61c653e1e
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_sparc.deb Size/MD5 checksum: 1670342 18f98f0978f510ac18636ca1ccc9dfe7
-- Debian GNU/Linux unstable alias sid --
Fixed in version 0.99.11-2.
Updated packages are available that bring Quagga to version 0.99.12 which provides numerous bugfixes over the previous 0.99.9 version, and also corrects this issue.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1572
Updated Packages:
Corporate 4.0: 48c1d2504e08d2a26ac6ace2bc01124d corporate/4.0/i586/libquagga0-0.99.12-0.1.20060mlcs4.i586.rpm df93a452f47b8926f65a51231dd11f36 corporate/4.0/i586/libquagga0-devel-0.99.12-0.1.20060mlcs4.i586.rpm d2386e488423fbb81e44cb6dda4de9df corporate/4.0/i586/quagga-0.99.12-0.1.20060mlcs4.i586.rpm d4b9c5e2cec03ce49a76adcfe0e4a42e corporate/4.0/i586/quagga-contrib-0.99.12-0.1.20060mlcs4.i586.rpm 15e76c29c25f7730eae72c18da15b772 corporate/4.0/SRPMS/quagga-0.99.12-0.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64: afc986d05e0bde73541f0cfe5b147d2c corporate/4.0/x86_64/lib64quagga0-0.99.12-0.1.20060mlcs4.x86_64.rpm 4cc0bec07f2b919abeac75dc06d7f3c0 corporate/4.0/x86_64/lib64quagga0-devel-0.99.12-0.1.20060mlcs4.x86_64.rpm 3d606fef235993483e9a448665e4e377 corporate/4.0/x86_64/quagga-0.99.12-0.1.20060mlcs4.x86_64.rpm f549ced36115d6609ac835c5aca0863d corporate/4.0/x86_64/quagga-contrib-0.99.12-0.1.20060mlcs4.x86_64.rpm 15e76c29c25f7730eae72c18da15b772 corporate/4.0/SRPMS/quagga-0.99.12-0.1.20060mlcs4.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFKBsjAmqjQ0CJFipgRAkoyAJ4o+uz6I6p3tycZQfB5GbqTsTL5TwCgjJHK lIRHZW4+jB0P4UXMSyVUpxo= =2fxe -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . =========================================================== Ubuntu Security Notice USN-775-1 May 12, 2009 quagga vulnerability CVE-2009-1572 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 6.06 LTS: quagga 0.99.2-1ubuntu3.5
Ubuntu 8.04 LTS: quagga 0.99.9-2ubuntu1.2
Ubuntu 8.10: quagga 0.99.9-6ubuntu0.1
Ubuntu 9.04: quagga 0.99.11-1ubuntu0.1
In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
It was discovered that the BGP service in Quagga did not correctly handle certain AS paths containing 4-byte ASNs. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability intelligence source on the market.
Implement it through Secunia.
For more information visit: http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com
TITLE: SUSE Update for Multiple Packages
SECUNIA ADVISORY ID: SA35685
VERIFY ADVISORY: http://secunia.com/advisories/35685/
DESCRIPTION: SUSE has issued an update for multiple packages. This fixes some vulnerabilities, which can be exploited by malicious users to disclose sensitive information, manipulate certain data, and by malicious people to disclose sensitive information, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
For more information: SA33338 SA33853 SA33884 SA34035 SA34481 SA34746 SA34797 SA35021 SA35128 SA35216 SA35296 SA35344 SA35422
1) A boundary error exists within the "pg_db_putline()" function in perl-DBD-Pg's dbdimp.c. This can be exploited to cause a heap-based buffer overflow if malicious rows are retrieved from the database using the "pg_getline()" or "getline()" function.
2) A memory leak exists within the function "dequote_bytea()" in perl-DBD-Pg's quote.c, which can be exploited to cause a memory exhaustion.
3) Various integer overflow errors exist within the "pdftops" application. This can be exploited to e.g. cause a crash or potentially execute arbitrary code by printing a specially crafted PDF file.
4) A vulnerability is caused due to an assertion error in bgpd when handling an AS path containing multiple 4 byte AS numbers, which can be exploited to crash to the daemon by advertising specially crafted AS paths.
SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server.
ORIGINAL ADVISORY: SUSE-SR:2009:012: http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
OTHER REFERENCES: SA33338: http://secunia.com/advisories/33338/
SA33853: http://secunia.com/advisories/33853/
SA33884: http://secunia.com/advisories/33884/
SA34035: http://secunia.com/advisories/34035/
SA34481: http://secunia.com/advisories/34481/
SA34746: http://secunia.com/advisories/34746/
SA34797: http://secunia.com/advisories/34797/
SA35021: http://secunia.com/advisories/35021/
SA35128: http://secunia.com/advisories/35128/
SA35216: http://secunia.com/advisories/35216/
SA35296: http://secunia.com/advisories/35296/
SA35344: http://secunia.com/advisories/35344/
SA35422: http://secunia.com/advisories/35422/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200905-0194",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quagga",
"scope": "lte",
"trust": 1.8,
"vendor": "quagga",
"version": "0.99.11"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.98.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.9"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.96.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.98.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.7"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.98.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.98.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.10"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.8"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.0"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.0"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.6"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.6"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.95"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.6,
"vendor": "quagga",
"version": "0.99.11"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux enterprise server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "9"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "9"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise desktop sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise desktop sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise sp2 debuginfo",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise sp1 debuginfo",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "suse linux enterprise server rt solution",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "100"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.1"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.0"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.3"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.11"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.9"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.8"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.7"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.6"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.5"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.4"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.3"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.2"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.1"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.6"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.5"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.3"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.97.3"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.4"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.3"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.2"
},
{
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
}
],
"sources": [
{
"db": "BID",
"id": "34817"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002713"
},
{
"db": "CNNVD",
"id": "CNNVD-200905-076"
},
{
"db": "NVD",
"id": "CVE-2009-1572"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "0.99.11",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.95:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1572"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Chris Caputo",
"sources": [
{
"db": "BID",
"id": "34817"
},
{
"db": "CNNVD",
"id": "CNNVD-200905-076"
}
],
"trust": 0.9
},
"cve": "CVE-2009-1572",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2009-1572",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 1.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-1572",
"trust": 1.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200905-076",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002713"
},
{
"db": "CNNVD",
"id": "CNNVD-200905-076"
},
{
"db": "NVD",
"id": "CVE-2009-1572"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote attackers to cause a denial of service (crash) via an AS path containing ASN elements whose string representation is longer than expected, which triggers an assert error. Quagga is prone to a remote denial-of-service vulnerability. \nExploiting this issue allows remote attackers to cause the vulnerable process to crash, denying further service to legitimate users. \nQuagga 0.99.11 is vulnerable; other versions may also be affected. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\n-- Debian GNU/Linux 5.0 alias lenny --\n\nSource archives:\n\nhttp://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10.orig.tar.gz\nSize/MD5 checksum: 2424191 c7a2d92e1c42214afef9b2e1cd4b5d06\nhttp://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2.diff.gz\nSize/MD5 checksum: 40070 b72e19ed913b32923cf4ef293c67f71c\nhttp://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2.dsc\nSize/MD5 checksum: 1651 a8ef80d57fd5a5a5b08c7ccc70e6a179\n\nArchitecture independent packages:\n\nhttp://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.99.10-1lenny2_all.deb\nSize/MD5 checksum: 661226 720947423143cb35eb5c26a0d420066b\n\nalpha architecture (DEC Alpha)\n\nhttp://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_alpha.deb\nSize/MD5 checksum: 1902736 570becd04ecb3dd8a0581010884928df\n\namd64 architecture (AMD x86_64 (AMD64))\n\nhttp://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_amd64.deb\nSize/MD5 checksum: 1748838 f3fcd731d119c422463c36bb4f08be1a\n\narm architecture (ARM)\n\nhttp://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_arm.deb\nSize/MD5 checksum: 1449222 6b654e2d4e1a4f00169309ebbbd3dbf9\n\nhppa architecture (HP PA RISC)\n\nhttp://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_hppa.deb\nSize/MD5 checksum: 1681872 8894106d57df0a3d92bb84f148150c2d\n\ni386 architecture (Intel ia32)\n\nhttp://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_i386.deb\nSize/MD5 checksum: 1606310 80046937a2da8a949a8167f753a583ce\n\nmipsel architecture (MIPS (Little Endian))\n\nhttp://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_mipsel.deb\nSize/MD5 checksum: 1600660 716f61415932929c2f668f99faea448e\n\npowerpc architecture (PowerPC)\n\nhttp://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_powerpc.deb\nSize/MD5 checksum: 1715848 995194031d563994b7d77018d8a4ca3e\n\ns390 architecture (IBM S/390)\n\nhttp://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_s390.deb\nSize/MD5 checksum: 1794568 b1b47e8dae153461f73c98a61c653e1e\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\nhttp://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_sparc.deb\nSize/MD5 checksum: 1670342 18f98f0978f510ac18636ca1ccc9dfe7\n\n-- Debian GNU/Linux unstable alias sid --\n\nFixed in version 0.99.11-2. \n \n Updated packages are available that bring Quagga to version 0.99.12\n which provides numerous bugfixes over the previous 0.99.9 version,\n and also corrects this issue. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1572\n _______________________________________________________________________\n\n Updated Packages:\n\n Corporate 4.0:\n 48c1d2504e08d2a26ac6ace2bc01124d corporate/4.0/i586/libquagga0-0.99.12-0.1.20060mlcs4.i586.rpm\n df93a452f47b8926f65a51231dd11f36 corporate/4.0/i586/libquagga0-devel-0.99.12-0.1.20060mlcs4.i586.rpm\n d2386e488423fbb81e44cb6dda4de9df corporate/4.0/i586/quagga-0.99.12-0.1.20060mlcs4.i586.rpm\n d4b9c5e2cec03ce49a76adcfe0e4a42e corporate/4.0/i586/quagga-contrib-0.99.12-0.1.20060mlcs4.i586.rpm \n 15e76c29c25f7730eae72c18da15b772 corporate/4.0/SRPMS/quagga-0.99.12-0.1.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n afc986d05e0bde73541f0cfe5b147d2c corporate/4.0/x86_64/lib64quagga0-0.99.12-0.1.20060mlcs4.x86_64.rpm\n 4cc0bec07f2b919abeac75dc06d7f3c0 corporate/4.0/x86_64/lib64quagga0-devel-0.99.12-0.1.20060mlcs4.x86_64.rpm\n 3d606fef235993483e9a448665e4e377 corporate/4.0/x86_64/quagga-0.99.12-0.1.20060mlcs4.x86_64.rpm\n f549ced36115d6609ac835c5aca0863d corporate/4.0/x86_64/quagga-contrib-0.99.12-0.1.20060mlcs4.x86_64.rpm \n 15e76c29c25f7730eae72c18da15b772 corporate/4.0/SRPMS/quagga-0.99.12-0.1.20060mlcs4.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFKBsjAmqjQ0CJFipgRAkoyAJ4o+uz6I6p3tycZQfB5GbqTsTL5TwCgjJHK\nlIRHZW4+jB0P4UXMSyVUpxo=\n=2fxe\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. ===========================================================\nUbuntu Security Notice USN-775-1 May 12, 2009\nquagga vulnerability\nCVE-2009-1572\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 6.06 LTS\nUbuntu 8.04 LTS\nUbuntu 8.10\nUbuntu 9.04\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 6.06 LTS:\n quagga 0.99.2-1ubuntu3.5\n\nUbuntu 8.04 LTS:\n quagga 0.99.9-2ubuntu1.2\n\nUbuntu 8.10:\n quagga 0.99.9-6ubuntu0.1\n\nUbuntu 9.04:\n quagga 0.99.11-1ubuntu0.1\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes. \n\nDetails follow:\n\nIt was discovered that the BGP service in Quagga did not correctly\nhandle certain AS paths containing 4-byte ASNs. ----------------------------------------------------------------------\n\nDo you have VARM strategy implemented?\n\n(Vulnerability Assessment Remediation Management) \n\nIf not, then implement it through the most reliable vulnerability\nintelligence source on the market. \n\nImplement it through Secunia. \n\nFor more information visit:\nhttp://secunia.com/advisories/business_solutions/\n\nAlternatively request a call from a Secunia representative today to\ndiscuss how we can help you with our capabilities contact us at:\nsales@secunia.com\n\n----------------------------------------------------------------------\n\nTITLE:\nSUSE Update for Multiple Packages\n\nSECUNIA ADVISORY ID:\nSA35685\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/35685/\n\nDESCRIPTION:\nSUSE has issued an update for multiple packages. This fixes some\nvulnerabilities, which can be exploited by malicious users to\ndisclose sensitive information, manipulate certain data, and by\nmalicious people to disclose sensitive information, cause a DoS\n(Denial of Service), and potentially compromise a vulnerable system. \n\nFor more information:\nSA33338\nSA33853\nSA33884\nSA34035\nSA34481\nSA34746\nSA34797\nSA35021\nSA35128\nSA35216\nSA35296\nSA35344\nSA35422\n\n1) A boundary error exists within the \"pg_db_putline()\" function in\nperl-DBD-Pg\u0027s dbdimp.c. This can be exploited to cause a heap-based\nbuffer overflow if malicious rows are retrieved from the database\nusing the \"pg_getline()\" or \"getline()\" function. \n\n2) A memory leak exists within the function \"dequote_bytea()\" in\nperl-DBD-Pg\u0027s quote.c, which can be exploited to cause a memory\nexhaustion. \n\n3) Various integer overflow errors exist within the \"pdftops\"\napplication. This can be exploited to e.g. cause a crash or\npotentially execute arbitrary code by printing a specially crafted\nPDF file. \n\n4) A vulnerability is caused due to an assertion error in bgpd when\nhandling an AS path containing multiple 4 byte AS numbers, which can\nbe exploited to crash to the daemon by advertising specially crafted\nAS paths. \n\nSOLUTION:\nApply updated packages via YaST Online Update or the SUSE FTP server. \n\nORIGINAL ADVISORY:\nSUSE-SR:2009:012:\nhttp://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html\n\nOTHER REFERENCES:\nSA33338:\nhttp://secunia.com/advisories/33338/\n\nSA33853:\nhttp://secunia.com/advisories/33853/\n\nSA33884:\nhttp://secunia.com/advisories/33884/\n\nSA34035:\nhttp://secunia.com/advisories/34035/\n\nSA34481:\nhttp://secunia.com/advisories/34481/\n\nSA34746:\nhttp://secunia.com/advisories/34746/\n\nSA34797:\nhttp://secunia.com/advisories/34797/\n\nSA35021:\nhttp://secunia.com/advisories/35021/\n\nSA35128:\nhttp://secunia.com/advisories/35128/\n\nSA35216:\nhttp://secunia.com/advisories/35216/\n\nSA35296:\nhttp://secunia.com/advisories/35296/\n\nSA35344:\nhttp://secunia.com/advisories/35344/\n\nSA35422:\nhttp://secunia.com/advisories/35422/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1572"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002713"
},
{
"db": "BID",
"id": "34817"
},
{
"db": "PACKETSTORM",
"id": "77439"
},
{
"db": "PACKETSTORM",
"id": "77275"
},
{
"db": "PACKETSTORM",
"id": "77391"
},
{
"db": "PACKETSTORM",
"id": "77460"
},
{
"db": "PACKETSTORM",
"id": "77750"
},
{
"db": "PACKETSTORM",
"id": "78953"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-1572",
"trust": 2.9
},
{
"db": "BID",
"id": "34817",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "35061",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "34999",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "35203",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "35685",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2009/05/01/2",
"trust": 1.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2009/05/01/1",
"trust": 1.6
},
{
"db": "OSVDB",
"id": "54200",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1022164",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002713",
"trust": 0.8
},
{
"db": "UBUNTU",
"id": "USN-775-1",
"trust": 0.6
},
{
"db": "MLIST",
"id": "[OSS-SECURITY] 20090501 RE: CVE REQUEST (SORT OF): QUAGGA BGP CRASHER",
"trust": 0.6
},
{
"db": "MLIST",
"id": "[OSS-SECURITY] 20090501 CVE REQUEST (SORT OF): QUAGGA BGP CRASHER",
"trust": 0.6
},
{
"db": "MLIST",
"id": "[QUAGGA-DEV] 20090203 [QUAGGA-DEV 6391] [PATCH] BGP 4-BYTE ASN BUG FIXES",
"trust": 0.6
},
{
"db": "DEBIAN",
"id": "DSA-1788",
"trust": 0.6
},
{
"db": "MANDRIVA",
"id": "MDVSA-2009:109",
"trust": 0.6
},
{
"db": "FEDORA",
"id": "FEDORA-2009-5324",
"trust": 0.6
},
{
"db": "FEDORA",
"id": "FEDORA-2009-5284",
"trust": 0.6
},
{
"db": "XF",
"id": "50317",
"trust": 0.6
},
{
"db": "SUSE",
"id": "SUSE-SR:2009:012",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200905-076",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "77439",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77275",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77391",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77460",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77750",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "78953",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34817"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002713"
},
{
"db": "PACKETSTORM",
"id": "77439"
},
{
"db": "PACKETSTORM",
"id": "77275"
},
{
"db": "PACKETSTORM",
"id": "77391"
},
{
"db": "PACKETSTORM",
"id": "77460"
},
{
"db": "PACKETSTORM",
"id": "77750"
},
{
"db": "PACKETSTORM",
"id": "78953"
},
{
"db": "CNNVD",
"id": "CNNVD-200905-076"
},
{
"db": "NVD",
"id": "CVE-2009-1572"
}
]
},
"id": "VAR-200905-0194",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.1590909
},
"last_update_date": "2022-05-04T07:50:34.944000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Index of /releases/quagga",
"trust": 0.8,
"url": "http://download.savannah.gnu.org/releases/quagga/"
},
{
"title": "Multiple Denial of Service vulnerabilities in Quagga",
"trust": 0.8,
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_denial_of_service_vulnerabilities4"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002713"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002713"
},
{
"db": "NVD",
"id": "CVE-2009-1572"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://marc.info/?l=quagga-dev\u0026m=123364779626078\u0026w=2"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-may/msg01037.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"trust": 1.6,
"url": "http://www.debian.org/security/2009/dsa-1788"
},
{
"trust": 1.6,
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526311"
},
{
"trust": 1.6,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-may/msg01107.html"
},
{
"trust": 1.6,
"url": "http://www.ubuntu.com/usn/usn-775-1"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id?1022164"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/34817"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/54200"
},
{
"trust": 1.6,
"url": "http://www.openwall.com/lists/oss-security/2009/05/01/2"
},
{
"trust": 1.6,
"url": "http://www.openwall.com/lists/oss-security/2009/05/01/1"
},
{
"trust": 1.6,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2009:109"
},
{
"trust": 1.6,
"url": "http://thread.gmane.org/gmane.network.quagga.devel/6513"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/35685"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/35203"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/35061"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/34999"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50317"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1572"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-1572"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/50317"
},
{
"trust": 0.4,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.4,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.4,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.4,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.3,
"url": "http://groups.google.com/group/linux.debian.bugs.dist/browse_thread/thread/c2b15dbcccedc2ea"
},
{
"trust": 0.3,
"url": "http://www.quagga.net/"
},
{
"trust": 0.3,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.5_i386.deb"
},
{
"trust": 0.2,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-6ubuntu0.1_sparc.deb"
},
{
"trust": 0.2,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.11-1ubuntu0.1_sparc.deb"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.9-2ubuntu1.2_all.deb"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.5.dsc"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.2.dsc"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-6ubuntu0.1_i386.deb"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.11-1ubuntu0.1_all.deb"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.5_powerpc.deb"
},
{
"trust": 0.2,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.2_sparc.deb"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.11-1ubuntu0.1_i386.deb"
},
{
"trust": 0.2,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.2_lpia.deb"
},
{
"trust": 0.2,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.2_powerpc.deb"
},
{
"trust": 0.2,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-6ubuntu0.1_lpia.deb"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.5_amd64.deb"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-6ubuntu0.1.dsc"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.2_amd64.deb"
},
{
"trust": 0.2,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.11-1ubuntu0.1_lpia.deb"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-6ubuntu0.1.diff.gz"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2.orig.tar.gz"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9.orig.tar.gz"
},
{
"trust": 0.2,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.11-1ubuntu0.1_powerpc.deb"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.2-1ubuntu3.5_all.deb"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.9-6ubuntu0.1_all.deb"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.11-1ubuntu0.1.dsc"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.5.diff.gz"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.5_sparc.deb"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.2_i386.deb"
},
{
"trust": 0.2,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-6ubuntu0.1_powerpc.deb"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.2.diff.gz"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-6ubuntu0.1_amd64.deb"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.11.orig.tar.gz"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.11-1ubuntu0.1_amd64.deb"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.11-1ubuntu0.1.diff.gz"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1572"
},
{
"trust": 0.1,
"url": "https://lists.ubuntu.com/archives/ubuntu-security-announce/2009-may/000902.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35061/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.99.10-1lenny2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_i386.deb"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/34999/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_s390.deb"
},
{
"trust": 0.1,
"url": "http://lists.debian.org/debian-security-announce/2009/msg00099.html"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_arm.deb"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35203/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/34797/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35296/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/34481/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35422/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/33853/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35216/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35685/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35021/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/34035/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/33884/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35344/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/34746/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/33338/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35128/"
}
],
"sources": [
{
"db": "BID",
"id": "34817"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002713"
},
{
"db": "PACKETSTORM",
"id": "77439"
},
{
"db": "PACKETSTORM",
"id": "77275"
},
{
"db": "PACKETSTORM",
"id": "77391"
},
{
"db": "PACKETSTORM",
"id": "77460"
},
{
"db": "PACKETSTORM",
"id": "77750"
},
{
"db": "PACKETSTORM",
"id": "78953"
},
{
"db": "CNNVD",
"id": "CNNVD-200905-076"
},
{
"db": "NVD",
"id": "CVE-2009-1572"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34817"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002713"
},
{
"db": "PACKETSTORM",
"id": "77439"
},
{
"db": "PACKETSTORM",
"id": "77275"
},
{
"db": "PACKETSTORM",
"id": "77391"
},
{
"db": "PACKETSTORM",
"id": "77460"
},
{
"db": "PACKETSTORM",
"id": "77750"
},
{
"db": "PACKETSTORM",
"id": "78953"
},
{
"db": "CNNVD",
"id": "CNNVD-200905-076"
},
{
"db": "NVD",
"id": "CVE-2009-1572"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-30T00:00:00",
"db": "BID",
"id": "34817"
},
{
"date": "2012-04-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-002713"
},
{
"date": "2009-05-13T07:18:17",
"db": "PACKETSTORM",
"id": "77439"
},
{
"date": "2009-05-05T14:42:57",
"db": "PACKETSTORM",
"id": "77275"
},
{
"date": "2009-05-11T03:05:32",
"db": "PACKETSTORM",
"id": "77391"
},
{
"date": "2009-05-13T16:52:18",
"db": "PACKETSTORM",
"id": "77460"
},
{
"date": "2009-05-24T05:47:14",
"db": "PACKETSTORM",
"id": "77750"
},
{
"date": "2009-07-06T14:42:32",
"db": "PACKETSTORM",
"id": "78953"
},
{
"date": "2009-04-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200905-076"
},
{
"date": "2009-05-06T17:30:00",
"db": "NVD",
"id": "CVE-2009-1572"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-13T21:21:00",
"db": "BID",
"id": "34817"
},
{
"date": "2012-04-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-002713"
},
{
"date": "2009-06-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200905-076"
},
{
"date": "2017-08-17T01:30:00",
"db": "NVD",
"id": "CVE-2009-1572"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "77391"
},
{
"db": "PACKETSTORM",
"id": "77460"
},
{
"db": "CNNVD",
"id": "CNNVD-200905-076"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Quagga of BGP Service disruption in daemon ( crash ) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002713"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200905-076"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.