var-201009-0230
Vulnerability from variot
bgpd in Quagga before 0.99.17 does not properly parse AS paths, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unknown AS type in an AS path attribute in a BGP UPDATE message. Quagga is a routing software suite that implements multiple routing protocols on Unix platforms. Quagga's bgpd daemon has a null pointer reference vulnerability when parsing the AS path. The configured BGP peer can send a BGP update request with an unknown AS type causing the daemon to crash. Quagga is prone to a remote denial-of-service vulnerability caused by a NULL-pointer dereference in the Border Gateway Protocol daemon (bgpd). Versions prior to Quagga 0.99.17 are vulnerable. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201202-02
http://security.gentoo.org/
Severity: High Title: Quagga: Multiple vulnerabilities Date: February 21, 2012 Bugs: #334303, #359903, #384651 ID: 201202-02
Synopsis
Multiple vulnerabilities were found in Quagga, the worst of which leading to remote execution of arbitrary code.
Background
Quagga is a free routing daemon replacing Zebra supporting RIP, OSPF and BGP.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/quagga < 0.99.20 >= 0.99.20
Description
Multiple vulnerabilities have been discovered in Quagga. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All Quagga users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/quagga-0.99.20 "
References
[ 1 ] CVE-2010-1674 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1674 [ 2 ] CVE-2010-1675 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1675 [ 3 ] CVE-2010-2948 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2948 [ 4 ] CVE-2010-2949 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2949 [ 5 ] CVE-2011-3323 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3323 [ 6 ] CVE-2011-3324 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3324 [ 7 ] CVE-2011-3325 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3325 [ 8 ] CVE-2011-3326 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3326 [ 9 ] CVE-2011-3327 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3327
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201202-02.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Debian Security Advisory DSA-2104-1 security@debian.org http://www.debian.org/security/ Florian Weimer September 06, 2010 http://www.debian.org/security/faq
Package : quagga Vulnerability : several Problem type : remote Debian-specific: no CVE Id(s) : CVE-2010-2948 CVE-2010-2949 Debian Bug : 594262
Several remote vulnerabilities have been discovered in the BGP implementation of Quagga, a routing daemon. In some configurations, such crafted AS paths could be relayed by intermediate BGP routers.
In addition, this update contains a reliability fix: Quagga will no longer advertise confederation-related AS paths to non-confederation peers, and reject unexpected confederation-related AS paths by resetting the session with the BGP peer which is advertising them. (Previously, such AS paths would trigger resets of unrelated BGP sessions.)
For the stable distribution (lenny), these problems have been fixed in version 0.99.10-1lenny3.
For the unstable distribution (sid) and the testing distribution (squeeze), these problems have been fixed in version 0.99.17-1.
We recommend that you upgrade your quagga package.
Upgrade instructions
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given below:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
Source archives:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10.orig.tar.gz Size/MD5 checksum: 2424191 c7a2d92e1c42214afef9b2e1cd4b5d06 http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3.diff.gz Size/MD5 checksum: 42826 100dbb936b3b0f0d4fb4947bf384d369 http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3.dsc Size/MD5 checksum: 1651 f5b9c26538e9d32008ad0256fe4ad0ed
Architecture independent packages:
http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.99.10-1lenny3_all.deb Size/MD5 checksum: 661354 f843c6f765a48f7e071a52d3c7834d2f
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_alpha.deb Size/MD5 checksum: 1902990 0f85c30d5f719f9c104f5a8977a5d1a0
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_amd64.deb Size/MD5 checksum: 1749952 89a53689c4daf3f0695ea2c21aa93254
arm architecture (ARM)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_arm.deb Size/MD5 checksum: 1449792 3c53e06e4d27ef8cf391533824668b19
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_armel.deb Size/MD5 checksum: 1457202 e52ae364e20ff137c5e0e5f75bfc1ec1
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_hppa.deb Size/MD5 checksum: 1683924 c8172ed22b010569949977f407c282b6
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_i386.deb Size/MD5 checksum: 1608678 e7b5fbd36e4466cdecaca46f1f96642b
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_ia64.deb Size/MD5 checksum: 2256144 75ebe4e12a3e22ef79e5e3dab2d457bf
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_mips.deb Size/MD5 checksum: 1605990 f33ef3d9b31f0da900aba6a20bdd188d
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_mipsel.deb Size/MD5 checksum: 1601240 68ff751ff9c022cc06db8d0d66895a6e
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_powerpc.deb Size/MD5 checksum: 1717802 931505a31bdcc1a7732a9a2e9f295a01
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_s390.deb Size/MD5 checksum: 1794990 7d52667f3f37553256e87b77450dc309
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_sparc.deb Size/MD5 checksum: 1671232 3706818c39b51bb45c58a0cf8fdba202
These files will probably be moved into the stable distribution on its next update.
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show
iQEcBAEBAgAGBQJMhUEPAAoJEL97/wQC1SS+dwMH/2tsjv3eQBHu3jvm+jMB7Dr1 6uRIi/1/DgaaRmVSD41quWSYoww374pkwZ5xjUVZqOQY1N6Y34avnwjN7FsSg8no H0Os4uioep8/IKzhse0EyeDZcmm2j8E41j3UZ+aANqWOssGa0MNddj846K3NDw2j dRuKUUy4JK8iRSwBLUaXqydAPI2ZjdXVH0Yy/3l51f2Aerm7N565f1ifUh38C6Y0 IR5BdiA1C6jzV+826VrZaj10cKAPg/Qm31mrNiZMBcVpi2sBJ+zQ8P/G3j7CpEdr sITi5UiULGAp+3cGvtPzZDtBxfkLLpVIpNgRPiSHhA+PTjG60HHvPK43OZkPdSY= =HP/T -----END PGP SIGNATURE----- .
Updated packages are available that bring Quagga to version 0.99.17 which provides numerous bugfixes over the previous 0.99.12 version, and also corrects these issues.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2948 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2949
Updated Packages:
Corporate 4.0: 982061c8bac57d5878a2dbd9747234f4 corporate/4.0/i586/libquagga0-0.99.17-0.1.20060mlcs4.i586.rpm 53b1e909e046539dcfd55f9b1f62e7ea corporate/4.0/i586/libquagga0-devel-0.99.17-0.1.20060mlcs4.i586.rpm 796ef3f10f793f6546ce6a0525082fa5 corporate/4.0/i586/quagga-0.99.17-0.1.20060mlcs4.i586.rpm 423c4032225687b252ddb3887db1f226 corporate/4.0/i586/quagga-contrib-0.99.17-0.1.20060mlcs4.i586.rpm 9f63365fc185a7bdf930a80cb6615c7d corporate/4.0/SRPMS/quagga-0.99.17-0.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64: 9b36814efd0751aa81e38baec0d2bae6 corporate/4.0/x86_64/lib64quagga0-0.99.17-0.1.20060mlcs4.x86_64.rpm 64ab6ba845a97236ffd2898e0aef892d corporate/4.0/x86_64/lib64quagga0-devel-0.99.17-0.1.20060mlcs4.x86_64.rpm 7d259ae75e30e1d172e340cc232d1ff2 corporate/4.0/x86_64/quagga-0.99.17-0.1.20060mlcs4.x86_64.rpm 2f3390db2bae0e0d505ec759e0a15232 corporate/4.0/x86_64/quagga-contrib-0.99.17-0.1.20060mlcs4.x86_64.rpm 9f63365fc185a7bdf930a80cb6615c7d corporate/4.0/SRPMS/quagga-0.99.17-0.1.20060mlcs4.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFMi592mqjQ0CJFipgRAoHFAJ0XDJVqB+SJmOHZ0hrPlMgjTMYeNgCgwxRw AMo+uyGwHeG+uyLmOzKKMOs= =ahfH -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . =========================================================== Ubuntu Security Notice USN-1027-1 December 07, 2010 quagga vulnerabilities CVE-2010-2948, CVE-2010-2949 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 9.10 Ubuntu 10.04 LTS
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 6.06 LTS: quagga 0.99.2-1ubuntu3.7
Ubuntu 8.04 LTS: quagga 0.99.9-2ubuntu1.4
Ubuntu 9.10: quagga 0.99.13-1ubuntu0.1
Ubuntu 10.04 LTS: quagga 0.99.15-1ubuntu0.1
In general, a standard system update will make all the necessary changes.
Details follow:
It was discovered that Quagga incorrectly handled certain Outbound Route Filtering (ORF) records. The default compiler options for Ubuntu 8.04 LTS and later should reduce the vulnerability to a denial of service. (CVE-2010-2948)
It was discovered that Quagga incorrectly parsed certain AS paths
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201009-0230",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.7"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.10"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.9"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.11"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.6"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.8"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.5"
},
{
"model": "quagga",
"scope": "lte",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.16"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.12"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.13"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.14"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.0"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.15"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.0"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.6"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.95"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.2"
},
{
"model": "quagga",
"scope": "lt",
"trust": 0.8,
"vendor": "quagga",
"version": "0.99.17"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "routing software suite",
"scope": "lt",
"trust": 0.6,
"vendor": "quagga",
"version": "0.99.17"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux enterprise server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11.3"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.2"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.1"
},
{
"model": "hat enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "hat enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "hat enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.16"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.15"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "routing software suite",
"scope": "ne",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.17"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1779"
},
{
"db": "BID",
"id": "42642"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002551"
},
{
"db": "CNNVD",
"id": "CNNVD-201009-094"
},
{
"db": "NVD",
"id": "CVE-2010-2949"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.95:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "0.99.16",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2010-2949"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Chris Hall",
"sources": [
{
"db": "BID",
"id": "42642"
},
{
"db": "CNNVD",
"id": "CNNVD-201009-094"
}
],
"trust": 0.9
},
"cve": "CVE-2010-2949",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2010-2949",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2010-2949",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201009-094",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-002551"
},
{
"db": "CNNVD",
"id": "CNNVD-201009-094"
},
{
"db": "NVD",
"id": "CVE-2010-2949"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "bgpd in Quagga before 0.99.17 does not properly parse AS paths, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unknown AS type in an AS path attribute in a BGP UPDATE message. Quagga is a routing software suite that implements multiple routing protocols on Unix platforms. Quagga\u0027s bgpd daemon has a null pointer reference vulnerability when parsing the AS path. The configured BGP peer can send a BGP update request with an unknown AS type causing the daemon to crash. Quagga is prone to a remote denial-of-service vulnerability caused by a NULL-pointer dereference in the Border Gateway Protocol daemon (bgpd). \nVersions prior to Quagga 0.99.17 are vulnerable. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201202-02\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Quagga: Multiple vulnerabilities\n Date: February 21, 2012\n Bugs: #334303, #359903, #384651\n ID: 201202-02\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities were found in Quagga, the worst of which\nleading to remote execution of arbitrary code. \n\nBackground\n==========\n\nQuagga is a free routing daemon replacing Zebra supporting RIP, OSPF\nand BGP. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/quagga \u003c 0.99.20 \u003e= 0.99.20\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Quagga. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Quagga users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/quagga-0.99.20 \"\n\nReferences\n==========\n\n[ 1 ] CVE-2010-1674\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1674\n[ 2 ] CVE-2010-1675\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1675\n[ 3 ] CVE-2010-2948\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2948\n[ 4 ] CVE-2010-2949\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2949\n[ 5 ] CVE-2011-3323\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3323\n[ 6 ] CVE-2011-3324\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3324\n[ 7 ] CVE-2011-3325\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3325\n[ 8 ] CVE-2011-3326\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3326\n[ 9 ] CVE-2011-3327\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3327\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201202-02.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\nDebian Security Advisory DSA-2104-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nSeptember 06, 2010 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : quagga\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2010-2948 CVE-2010-2949\nDebian Bug : 594262\n\nSeveral remote vulnerabilities have been discovered in the BGP\nimplementation of Quagga, a routing daemon. In some configurations, such crafted AS paths could\n\tbe relayed by intermediate BGP routers. \n\nIn addition, this update contains a reliability fix: Quagga will no\nlonger advertise confederation-related AS paths to non-confederation\npeers, and reject unexpected confederation-related AS paths by\nresetting the session with the BGP peer which is advertising them. \n(Previously, such AS paths would trigger resets of unrelated BGP\nsessions.)\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 0.99.10-1lenny3. \n\nFor the unstable distribution (sid) and the testing distribution\n(squeeze), these problems have been fixed in version 0.99.17-1. \n\nWe recommend that you upgrade your quagga package. \n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file. \n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration. \n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10.orig.tar.gz\n Size/MD5 checksum: 2424191 c7a2d92e1c42214afef9b2e1cd4b5d06\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3.diff.gz\n Size/MD5 checksum: 42826 100dbb936b3b0f0d4fb4947bf384d369\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3.dsc\n Size/MD5 checksum: 1651 f5b9c26538e9d32008ad0256fe4ad0ed\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.99.10-1lenny3_all.deb\n Size/MD5 checksum: 661354 f843c6f765a48f7e071a52d3c7834d2f\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_alpha.deb\n Size/MD5 checksum: 1902990 0f85c30d5f719f9c104f5a8977a5d1a0\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_amd64.deb\n Size/MD5 checksum: 1749952 89a53689c4daf3f0695ea2c21aa93254\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_arm.deb\n Size/MD5 checksum: 1449792 3c53e06e4d27ef8cf391533824668b19\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_armel.deb\n Size/MD5 checksum: 1457202 e52ae364e20ff137c5e0e5f75bfc1ec1\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_hppa.deb\n Size/MD5 checksum: 1683924 c8172ed22b010569949977f407c282b6\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_i386.deb\n Size/MD5 checksum: 1608678 e7b5fbd36e4466cdecaca46f1f96642b\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_ia64.deb\n Size/MD5 checksum: 2256144 75ebe4e12a3e22ef79e5e3dab2d457bf\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_mips.deb\n Size/MD5 checksum: 1605990 f33ef3d9b31f0da900aba6a20bdd188d\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_mipsel.deb\n Size/MD5 checksum: 1601240 68ff751ff9c022cc06db8d0d66895a6e\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_powerpc.deb\n Size/MD5 checksum: 1717802 931505a31bdcc1a7732a9a2e9f295a01\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_s390.deb\n Size/MD5 checksum: 1794990 7d52667f3f37553256e87b77450dc309\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_sparc.deb\n Size/MD5 checksum: 1671232 3706818c39b51bb45c58a0cf8fdba202\n\n\n These files will probably be moved into the stable distribution on\n its next update. \n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show \u003cpkg\u003e\u0027 and http://packages.debian.org/\u003cpkg\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niQEcBAEBAgAGBQJMhUEPAAoJEL97/wQC1SS+dwMH/2tsjv3eQBHu3jvm+jMB7Dr1\n6uRIi/1/DgaaRmVSD41quWSYoww374pkwZ5xjUVZqOQY1N6Y34avnwjN7FsSg8no\nH0Os4uioep8/IKzhse0EyeDZcmm2j8E41j3UZ+aANqWOssGa0MNddj846K3NDw2j\ndRuKUUy4JK8iRSwBLUaXqydAPI2ZjdXVH0Yy/3l51f2Aerm7N565f1ifUh38C6Y0\nIR5BdiA1C6jzV+826VrZaj10cKAPg/Qm31mrNiZMBcVpi2sBJ+zQ8P/G3j7CpEdr\nsITi5UiULGAp+3cGvtPzZDtBxfkLLpVIpNgRPiSHhA+PTjG60HHvPK43OZkPdSY=\n=HP/T\n-----END PGP SIGNATURE-----\n. \n \n Updated packages are available that bring Quagga to version 0.99.17\n which provides numerous bugfixes over the previous 0.99.12 version,\n and also corrects these issues. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2948\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2949\n _______________________________________________________________________\n\n Updated Packages:\n\n Corporate 4.0:\n 982061c8bac57d5878a2dbd9747234f4 corporate/4.0/i586/libquagga0-0.99.17-0.1.20060mlcs4.i586.rpm\n 53b1e909e046539dcfd55f9b1f62e7ea corporate/4.0/i586/libquagga0-devel-0.99.17-0.1.20060mlcs4.i586.rpm\n 796ef3f10f793f6546ce6a0525082fa5 corporate/4.0/i586/quagga-0.99.17-0.1.20060mlcs4.i586.rpm\n 423c4032225687b252ddb3887db1f226 corporate/4.0/i586/quagga-contrib-0.99.17-0.1.20060mlcs4.i586.rpm \n 9f63365fc185a7bdf930a80cb6615c7d corporate/4.0/SRPMS/quagga-0.99.17-0.1.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n 9b36814efd0751aa81e38baec0d2bae6 corporate/4.0/x86_64/lib64quagga0-0.99.17-0.1.20060mlcs4.x86_64.rpm\n 64ab6ba845a97236ffd2898e0aef892d corporate/4.0/x86_64/lib64quagga0-devel-0.99.17-0.1.20060mlcs4.x86_64.rpm\n 7d259ae75e30e1d172e340cc232d1ff2 corporate/4.0/x86_64/quagga-0.99.17-0.1.20060mlcs4.x86_64.rpm\n 2f3390db2bae0e0d505ec759e0a15232 corporate/4.0/x86_64/quagga-contrib-0.99.17-0.1.20060mlcs4.x86_64.rpm \n 9f63365fc185a7bdf930a80cb6615c7d corporate/4.0/SRPMS/quagga-0.99.17-0.1.20060mlcs4.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFMi592mqjQ0CJFipgRAoHFAJ0XDJVqB+SJmOHZ0hrPlMgjTMYeNgCgwxRw\nAMo+uyGwHeG+uyLmOzKKMOs=\n=ahfH\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. ===========================================================\nUbuntu Security Notice USN-1027-1 December 07, 2010\nquagga vulnerabilities\nCVE-2010-2948, CVE-2010-2949\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 6.06 LTS\nUbuntu 8.04 LTS\nUbuntu 9.10\nUbuntu 10.04 LTS\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 6.06 LTS:\n quagga 0.99.2-1ubuntu3.7\n\nUbuntu 8.04 LTS:\n quagga 0.99.9-2ubuntu1.4\n\nUbuntu 9.10:\n quagga 0.99.13-1ubuntu0.1\n\nUbuntu 10.04 LTS:\n quagga 0.99.15-1ubuntu0.1\n\nIn general, a standard system update will make all the necessary changes. \n\nDetails follow:\n\nIt was discovered that Quagga incorrectly handled certain Outbound Route\nFiltering (ORF) records. \nThe default compiler options for Ubuntu 8.04 LTS and later should reduce\nthe vulnerability to a denial of service. (CVE-2010-2948)\n\nIt was discovered that Quagga incorrectly parsed certain AS paths",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-2949"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002551"
},
{
"db": "CNVD",
"id": "CNVD-2010-1779"
},
{
"db": "BID",
"id": "42642"
},
{
"db": "PACKETSTORM",
"id": "110033"
},
{
"db": "PACKETSTORM",
"id": "93585"
},
{
"db": "PACKETSTORM",
"id": "93746"
},
{
"db": "PACKETSTORM",
"id": "96482"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-2949",
"trust": 3.7
},
{
"db": "SECUNIA",
"id": "41038",
"trust": 3.0
},
{
"db": "BID",
"id": "42642",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "42446",
"trust": 2.4
},
{
"db": "VUPEN",
"id": "ADV-2010-3124",
"trust": 2.4
},
{
"db": "VUPEN",
"id": "ADV-2010-2304",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2010-3097",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "48106",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "42397",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "41238",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "42498",
"trust": 1.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2010/08/25/4",
"trust": 1.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2010/08/24/3",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002551",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2010-1779",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201009-094",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "110033",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "93585",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "93746",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "96482",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1779"
},
{
"db": "BID",
"id": "42642"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002551"
},
{
"db": "PACKETSTORM",
"id": "110033"
},
{
"db": "PACKETSTORM",
"id": "93585"
},
{
"db": "PACKETSTORM",
"id": "93746"
},
{
"db": "PACKETSTORM",
"id": "96482"
},
{
"db": "CNNVD",
"id": "CNNVD-201009-094"
},
{
"db": "NVD",
"id": "CVE-2010-2949"
}
]
},
"id": "VAR-201009-0230",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1779"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1779"
}
]
},
"last_update_date": "2024-07-23T22:12:06.629000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "bgpd: fix handling of AS path data",
"trust": 0.8,
"url": "http://code.quagga.net/?p=quagga.git;a=commit;h=cddb8112b80fa9867156c637d63e6e79eeac67bb"
},
{
"title": "Index of /releases/quagga",
"trust": 0.8,
"url": "http://download.savannah.gnu.org/releases/quagga/"
},
{
"title": "RHSA-2010:0945",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2010-0945.html"
},
{
"title": "Multiple Denial of Service vulnerabilities in Quagga",
"trust": 0.8,
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_denial_of_service_vulnerabilities4"
},
{
"title": "Quagga bgpd null pointer reference denial of service patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/919"
},
{
"title": "quagga-0.99.17.tar",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=34542"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1779"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002551"
},
{
"db": "CNNVD",
"id": "CNNVD-201009-094"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-002551"
},
{
"db": "NVD",
"id": "CVE-2010-2949"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://secunia.com/advisories/41038"
},
{
"trust": 2.4,
"url": "http://secunia.com/advisories/42446"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/42642"
},
{
"trust": 2.4,
"url": "http://www.vupen.com/english/advisories/2010/3124"
},
{
"trust": 1.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=626795"
},
{
"trust": 1.7,
"url": "http://security.gentoo.org/glsa/glsa-201202-02.xml"
},
{
"trust": 1.6,
"url": "http://www.debian.org/security/2010/dsa-2104"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/48106"
},
{
"trust": 1.6,
"url": "http://www.openwall.com/lists/oss-security/2010/08/25/4"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/42397"
},
{
"trust": 1.6,
"url": "http://www.vupen.com/english/advisories/2010/2304"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/42498"
},
{
"trust": 1.6,
"url": "http://code.quagga.net/?p=quagga.git%3ba=commit%3bh=cddb8112b80fa9867156c637d63e6e79eeac67bb"
},
{
"trust": 1.6,
"url": "http://www.vupen.com/english/advisories/2010/3097"
},
{
"trust": 1.6,
"url": "http://www.openwall.com/lists/oss-security/2010/08/24/3"
},
{
"trust": 1.6,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0945.html"
},
{
"trust": 1.6,
"url": "http://www.ubuntu.com/usn/usn-1027-1"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/41238"
},
{
"trust": 1.6,
"url": "http://www.quagga.net/news2.php?y=2010\u0026m=8\u0026d=19"
},
{
"trust": 1.6,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2010:174"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2949"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2949"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/41038/"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2948"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2949"
},
{
"trust": 0.3,
"url": "http://permalink.gmane.org/gmane.comp.security.oss.general/3347"
},
{
"trust": 0.3,
"url": "http://www.quagga.net/news2.php?y=2010\u0026m=8\u0026d=19#id1282241100"
},
{
"trust": 0.3,
"url": "http://www.quagga.net/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1674"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3323"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2949"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3326"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3325"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3325"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3324"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3324"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1675"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3327"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3326"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3327"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3323"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2948"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1675"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1674"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_s390.deb"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.99.10-1lenny3_all.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_mips.deb"
},
{
"trust": 0.1,
"url": "http://packages.debian.org/\u003cpkg\u003e"
},
{
"trust": 0.1,
"url": "http://security.debian.org/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2948"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.4_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.1.diff.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.13.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.13-1ubuntu0.1_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.7.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.7_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.7_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.9-2ubuntu1.4_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.7_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.1.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.15-1ubuntu0.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.1.diff.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.4.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.7.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.2-1ubuntu3.7_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.1_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.1.dsc"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.1_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.7_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.4_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.4.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.15.orig.tar.gz"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1779"
},
{
"db": "BID",
"id": "42642"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002551"
},
{
"db": "PACKETSTORM",
"id": "110033"
},
{
"db": "PACKETSTORM",
"id": "93585"
},
{
"db": "PACKETSTORM",
"id": "93746"
},
{
"db": "PACKETSTORM",
"id": "96482"
},
{
"db": "CNNVD",
"id": "CNNVD-201009-094"
},
{
"db": "NVD",
"id": "CVE-2010-2949"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2010-1779"
},
{
"db": "BID",
"id": "42642"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002551"
},
{
"db": "PACKETSTORM",
"id": "110033"
},
{
"db": "PACKETSTORM",
"id": "93585"
},
{
"db": "PACKETSTORM",
"id": "93746"
},
{
"db": "PACKETSTORM",
"id": "96482"
},
{
"db": "CNNVD",
"id": "CNNVD-201009-094"
},
{
"db": "NVD",
"id": "CVE-2010-2949"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-09-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-1779"
},
{
"date": "2010-08-24T00:00:00",
"db": "BID",
"id": "42642"
},
{
"date": "2010-12-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-002551"
},
{
"date": "2012-02-22T02:10:03",
"db": "PACKETSTORM",
"id": "110033"
},
{
"date": "2010-09-08T03:57:17",
"db": "PACKETSTORM",
"id": "93585"
},
{
"date": "2010-09-11T19:28:36",
"db": "PACKETSTORM",
"id": "93746"
},
{
"date": "2010-12-08T19:17:16",
"db": "PACKETSTORM",
"id": "96482"
},
{
"date": "2010-08-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201009-094"
},
{
"date": "2010-09-10T19:00:02.597000",
"db": "NVD",
"id": "CVE-2010-2949"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-09-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-1779"
},
{
"date": "2013-07-18T18:23:00",
"db": "BID",
"id": "42642"
},
{
"date": "2012-04-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-002551"
},
{
"date": "2023-02-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201009-094"
},
{
"date": "2023-02-13T04:21:24.037000",
"db": "NVD",
"id": "CVE-2010-2949"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "110033"
},
{
"db": "PACKETSTORM",
"id": "93585"
},
{
"db": "PACKETSTORM",
"id": "93746"
},
{
"db": "PACKETSTORM",
"id": "96482"
},
{
"db": "CNNVD",
"id": "CNNVD-201009-094"
}
],
"trust": 1.0
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Quagga of bgpd Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-002551"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201009-094"
}
],
"trust": 0.6
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.