var-201802-1049
Vulnerability from variot
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code. Quagga bgpd Contains several vulnerabilities: * Buffer overflow (CWE-119) - CVE-2018-5378 (Quagga-2018-0543) * Double memory release (CWE-415) - CVE-2018-5379 (Quagga-2018-1114) * Out of bounds read (CWE-125) - CVE-2018-5380 (Quagga-2018-1550) * Improper handling of incorrect syntactic constructs (CWE-228) - CVE-2018-5381 (Quagga-2018-1975) Detail is Information provided by the developer Please refer to.The expected impact depends on each vulnerability, but remote code execution, information leakage, service operation interruption by a remote third party (DoS) An attack could be made. Quagga is prone to a remote code-execution vulnerability. Failed exploit attempts will likely cause a denial-of-service condition. Versions prior to Quagga 1.2.3 are vulnerable. A configured peer can take advantage of this flaw to cause a denial of service (bgpd daemon not responding to any other events; BGP sessions will drop and not be reestablished; unresponsive CLI interface).
https://www.quagga.net/security/Quagga-2018-1975.txt
For the oldstable distribution (jessie), these problems have been fixed in version 0.99.23.1-1+deb8u5.
For the stable distribution (stretch), these problems have been fixed in version 1.1.1-3+deb9u2.
We recommend that you upgrade your quagga packages.
For the detailed security status of quagga please refer to its security tracker page at: https://security-tracker.debian.org/tracker/quagga
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlqGBaVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RpyRAAhVpntFw+LSUUzL2/cx7m+s4fHijhOkU/AjKKmW4a9rAi0iJYW4HNv5BU cKfz6yhngFUzCa+Glhmiwzt77eAoeksJSvxkKio5CTqjV3OxCWbDPPz/iRRHcKvK MGhnqyShMCF8boQU0plmqNbfhnSWNAObbaI2fPmjLOU4A4jPY1T/fbzu4Sd3k5qY ETeHq9+HlVdGnyNEoYnoO0XQH56ueNHy3VlChJ0S2OPtFtoKXkjM/er+yG6413+G 3e90tcbm2xlitmrTyZm9K/Q08UWLJx510n1rxehaO1DTEz+bqSNezySOhyNb8sTA fuadDpgs2ozwgSmxyuWFj0RL3fKvgycw1ZeNiS5nUmRJTobrPlnjyX+A8FEJhPuI 9xyVa8j6wUeBVZdgd9b/EWLQ1Z9oDRiXmHRJeVOtz4JRNPP1KLtBcsPxFW9eCp83 9gFMqk/vMYQSpRqtQdnl5OawEpeurMtusBsnlEV5y9afiHU9jKB8N7RPwxCJgtjP /jmhS4lOvn3F5lNILahaL3lrk/b0EsECajBltbN9YVU0yabWWRWSMrJ3ujamhaXE aUQKmVj1alwDyg90vToiUftdr3R0hPPFuzA0BAK55SJVzjwJ2XInzItr+2y1tMPn dSpd32tzrxpDm86rvmRIiAJbj28n7QnX9I9BlKZqWq2fUUhTkNg= =Gy8j -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: quagga security update Advisory ID: RHSA-2018:0377-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:0377 Issue date: 2018-02-28 CVE Names: CVE-2018-5379 =====================================================================
- Summary:
An update for quagga is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le
- Description:
The quagga packages contain Quagga, the free network-routing software suite that manages TCP/IP based protocols. Quagga supports the BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng protocols, and is intended to be used as a Route Server and Route Reflector.
Security Fix(es):
- quagga: Double free vulnerability in bgpd when processing certain forms of UPDATE message allowing to crash or potentially execute arbitrary code (CVE-2018-5379)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank the Quagga project for reporting this issue.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the bgpd daemon must be restarted for the update to take effect.
- Package List:
Red Hat Enterprise Linux Server (v. 7):
Source: quagga-0.99.22.4-5.el7_4.src.rpm
ppc64: quagga-0.99.22.4-5.el7_4.ppc.rpm quagga-0.99.22.4-5.el7_4.ppc64.rpm quagga-debuginfo-0.99.22.4-5.el7_4.ppc.rpm quagga-debuginfo-0.99.22.4-5.el7_4.ppc64.rpm
ppc64le: quagga-0.99.22.4-5.el7_4.ppc64le.rpm quagga-debuginfo-0.99.22.4-5.el7_4.ppc64le.rpm
s390x: quagga-0.99.22.4-5.el7_4.s390.rpm quagga-0.99.22.4-5.el7_4.s390x.rpm quagga-debuginfo-0.99.22.4-5.el7_4.s390.rpm quagga-debuginfo-0.99.22.4-5.el7_4.s390x.rpm
x86_64: quagga-0.99.22.4-5.el7_4.i686.rpm quagga-0.99.22.4-5.el7_4.x86_64.rpm quagga-debuginfo-0.99.22.4-5.el7_4.i686.rpm quagga-debuginfo-0.99.22.4-5.el7_4.x86_64.rpm
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):
Source: quagga-0.99.22.4-5.el7_4.src.rpm
aarch64: quagga-0.99.22.4-5.el7_4.aarch64.rpm quagga-debuginfo-0.99.22.4-5.el7_4.aarch64.rpm
ppc64le: quagga-0.99.22.4-5.el7_4.ppc64le.rpm quagga-debuginfo-0.99.22.4-5.el7_4.ppc64le.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: quagga-contrib-0.99.22.4-5.el7_4.ppc64.rpm quagga-debuginfo-0.99.22.4-5.el7_4.ppc.rpm quagga-debuginfo-0.99.22.4-5.el7_4.ppc64.rpm quagga-devel-0.99.22.4-5.el7_4.ppc.rpm quagga-devel-0.99.22.4-5.el7_4.ppc64.rpm
ppc64le: quagga-contrib-0.99.22.4-5.el7_4.ppc64le.rpm quagga-debuginfo-0.99.22.4-5.el7_4.ppc64le.rpm quagga-devel-0.99.22.4-5.el7_4.ppc64le.rpm
s390x: quagga-contrib-0.99.22.4-5.el7_4.s390x.rpm quagga-debuginfo-0.99.22.4-5.el7_4.s390.rpm quagga-debuginfo-0.99.22.4-5.el7_4.s390x.rpm quagga-devel-0.99.22.4-5.el7_4.s390.rpm quagga-devel-0.99.22.4-5.el7_4.s390x.rpm
x86_64: quagga-contrib-0.99.22.4-5.el7_4.x86_64.rpm quagga-debuginfo-0.99.22.4-5.el7_4.i686.rpm quagga-debuginfo-0.99.22.4-5.el7_4.x86_64.rpm quagga-devel-0.99.22.4-5.el7_4.i686.rpm quagga-devel-0.99.22.4-5.el7_4.x86_64.rpm
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):
aarch64: quagga-contrib-0.99.22.4-5.el7_4.aarch64.rpm quagga-debuginfo-0.99.22.4-5.el7_4.aarch64.rpm quagga-devel-0.99.22.4-5.el7_4.aarch64.rpm
ppc64le: quagga-contrib-0.99.22.4-5.el7_4.ppc64le.rpm quagga-debuginfo-0.99.22.4-5.el7_4.ppc64le.rpm quagga-devel-0.99.22.4-5.el7_4.ppc64le.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: quagga-0.99.22.4-5.el7_4.src.rpm
x86_64: quagga-0.99.22.4-5.el7_4.i686.rpm quagga-0.99.22.4-5.el7_4.x86_64.rpm quagga-debuginfo-0.99.22.4-5.el7_4.i686.rpm quagga-debuginfo-0.99.22.4-5.el7_4.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: quagga-contrib-0.99.22.4-5.el7_4.x86_64.rpm quagga-debuginfo-0.99.22.4-5.el7_4.i686.rpm quagga-debuginfo-0.99.22.4-5.el7_4.x86_64.rpm quagga-devel-0.99.22.4-5.el7_4.i686.rpm quagga-devel-0.99.22.4-5.el7_4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-5379 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFalvS5XlSAg2UNWIIRAt2VAJoDHq+b03wv2cXdpBivxT/zOAniAQCgkE2/ WD9+DkKEg1eZpmyT0FyyN8s= =NOHT -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201804-17
https://security.gentoo.org/
Severity: High Title: Quagga: Multiple vulnerabilities Date: April 22, 2018 Bugs: #647788 ID: 201804-17
Synopsis
Multiple vulnerabilities have been found in Quagga, the worst of which could allow remote attackers to execute arbitrary code.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/quagga < 1.2.4 >= 1.2.4
Description
Multiple vulnerabilities have been discovered in Quagga. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All Quagga users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/quagga-1.2.4"
References
[ 1 ] CVE-2018-5378 https://nvd.nist.gov/vuln/detail/CVE-2018-5378 [ 2 ] CVE-2018-5379 https://nvd.nist.gov/vuln/detail/CVE-2018-5379 [ 3 ] CVE-2018-5380 https://nvd.nist.gov/vuln/detail/CVE-2018-5380 [ 4 ] CVE-2018-5381 https://nvd.nist.gov/vuln/detail/CVE-2018-5381
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201804-17
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-3573-1 February 16, 2018
quagga vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Quagga. (CVE-2018-5379)
It was discovered that the Quagga BGP daemon did not properly bounds check the data sent with a NOTIFY to a peer. This issue only affected Ubuntu 17.10. (CVE-2018-5378)
It was discovered that a table overrun vulnerability existed in the Quagga BGP daemon. (CVE-2018-5380)
It was discovered that the Quagga BGP daemon in some configurations did not properly handle invalid OPEN messages. (CVE-2018-5381)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 17.10: quagga 1.1.1-3ubuntu0.2 quagga-bgpd 1.1.1-3ubuntu0.2
Ubuntu 16.04 LTS: quagga 0.99.24.1-2ubuntu1.4
Ubuntu 14.04 LTS: quagga 0.99.22.4-3ubuntu1.5
After a standard system update you need to restart Quagga to make all the necessary changes
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201802-1049",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linux",
"scope": "eq",
"trust": 1.6,
"vendor": "debian",
"version": "9.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.6,
"vendor": "debian",
"version": "8.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "17.10"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.5"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.0"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "ruggedcom rox ii",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.13.0"
},
{
"model": "quagga",
"scope": "lte",
"trust": 1.0,
"vendor": "quagga",
"version": "1.2.2"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian gnu linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "suse linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubuntu",
"version": null
},
{
"model": "quagga",
"scope": "lt",
"trust": 0.8,
"vendor": "quagga",
"version": "1.2.3 earlier"
},
{
"model": "ruggedcom rox ii",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2.9"
},
{
"model": "ruggedcom rox ii",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2.12"
},
{
"model": "ruggedcom rox ii",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2.11"
},
{
"model": "ruggedcom rox ii",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2.10"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "1.2.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "1.2.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "1.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "1.1.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "1.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "1.0.20160309"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.24"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.22"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.21"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.17"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.16"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.15"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.14"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.13"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.12"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.11"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.10"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.9"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.8"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.7"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.6"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.6"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.97.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.97.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.97.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.97.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.97"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "1.0.20161017"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "1.0"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.24.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.22.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.22.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.22.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.20.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.20"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.19"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.18"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.97.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.95"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.93"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.3"
},
{
"model": "ruggedcom rox ii",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "2.13"
},
{
"model": "quagga",
"scope": "ne",
"trust": 0.3,
"vendor": "quagga",
"version": "1.2.3"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#940439"
},
{
"db": "BID",
"id": "103105"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001492"
},
{
"db": "NVD",
"id": "CVE-2018-5379"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-829"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.2.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_ii_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.13.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_ii:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-5379"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.,Siemens reported these vulnerabilities to NCCIC.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201802-829"
}
],
"trust": 0.6
},
"cve": "CVE-2018-5379",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "JPCERT/CC",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2018-001492",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-5379",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "cret@cert.org",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "JPCERT/CC",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2018-001492",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-5379",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "cret@cert.org",
"id": "CVE-2018-5379",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "JPCERT/CC",
"id": "JVNDB-2018-001492",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201802-829",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2018-5379",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-5379"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001492"
},
{
"db": "NVD",
"id": "CVE-2018-5379"
},
{
"db": "NVD",
"id": "CVE-2018-5379"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-829"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code. Quagga bgpd Contains several vulnerabilities: * Buffer overflow (CWE-119) - CVE-2018-5378 (Quagga-2018-0543) * Double memory release (CWE-415) - CVE-2018-5379 (Quagga-2018-1114) * Out of bounds read (CWE-125) - CVE-2018-5380 (Quagga-2018-1550) * Improper handling of incorrect syntactic constructs (CWE-228) - CVE-2018-5381 (Quagga-2018-1975) Detail is \u003ca href=\"https://savannah.nongnu.org/forum/forum.php?forum_id=9095\"target=\"blank\"\u003e Information provided by the developer \u003c/a\u003e Please refer to.The expected impact depends on each vulnerability, but remote code execution, information leakage, service operation interruption by a remote third party (DoS) An attack could be made. Quagga is prone to a remote code-execution vulnerability. Failed exploit attempts will likely cause a denial-of-service condition. \nVersions prior to Quagga 1.2.3 are vulnerable. \n A configured peer can take advantage of this flaw to cause a denial\n of service (bgpd daemon not responding to any other events; BGP\n sessions will drop and not be reestablished; unresponsive CLI\n interface). \n\n https://www.quagga.net/security/Quagga-2018-1975.txt\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 0.99.23.1-1+deb8u5. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.1.1-3+deb9u2. \n\nWe recommend that you upgrade your quagga packages. \n\nFor the detailed security status of quagga please refer to its security\ntracker page at: https://security-tracker.debian.org/tracker/quagga\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlqGBaVfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0RpyRAAhVpntFw+LSUUzL2/cx7m+s4fHijhOkU/AjKKmW4a9rAi0iJYW4HNv5BU\ncKfz6yhngFUzCa+Glhmiwzt77eAoeksJSvxkKio5CTqjV3OxCWbDPPz/iRRHcKvK\nMGhnqyShMCF8boQU0plmqNbfhnSWNAObbaI2fPmjLOU4A4jPY1T/fbzu4Sd3k5qY\nETeHq9+HlVdGnyNEoYnoO0XQH56ueNHy3VlChJ0S2OPtFtoKXkjM/er+yG6413+G\n3e90tcbm2xlitmrTyZm9K/Q08UWLJx510n1rxehaO1DTEz+bqSNezySOhyNb8sTA\nfuadDpgs2ozwgSmxyuWFj0RL3fKvgycw1ZeNiS5nUmRJTobrPlnjyX+A8FEJhPuI\n9xyVa8j6wUeBVZdgd9b/EWLQ1Z9oDRiXmHRJeVOtz4JRNPP1KLtBcsPxFW9eCp83\n9gFMqk/vMYQSpRqtQdnl5OawEpeurMtusBsnlEV5y9afiHU9jKB8N7RPwxCJgtjP\n/jmhS4lOvn3F5lNILahaL3lrk/b0EsECajBltbN9YVU0yabWWRWSMrJ3ujamhaXE\naUQKmVj1alwDyg90vToiUftdr3R0hPPFuzA0BAK55SJVzjwJ2XInzItr+2y1tMPn\ndSpd32tzrxpDm86rvmRIiAJbj28n7QnX9I9BlKZqWq2fUUhTkNg=\n=Gy8j\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: quagga security update\nAdvisory ID: RHSA-2018:0377-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2018:0377\nIssue date: 2018-02-28\nCVE Names: CVE-2018-5379 \n=====================================================================\n\n1. Summary:\n\nAn update for quagga is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le\n\n3. Description:\n\nThe quagga packages contain Quagga, the free network-routing software suite\nthat manages TCP/IP based protocols. Quagga supports the BGP4, BGP4+,\nOSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng protocols, and is intended to be\nused as a Route Server and Route Reflector. \n\nSecurity Fix(es):\n\n* quagga: Double free vulnerability in bgpd when processing certain forms\nof UPDATE message allowing to crash or potentially execute arbitrary code\n(CVE-2018-5379)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nRed Hat would like to thank the Quagga project for reporting this issue. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the bgpd daemon must be restarted\nfor the update to take effect. \n\n5. Package List:\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nquagga-0.99.22.4-5.el7_4.src.rpm\n\nppc64:\nquagga-0.99.22.4-5.el7_4.ppc.rpm\nquagga-0.99.22.4-5.el7_4.ppc64.rpm\nquagga-debuginfo-0.99.22.4-5.el7_4.ppc.rpm\nquagga-debuginfo-0.99.22.4-5.el7_4.ppc64.rpm\n\nppc64le:\nquagga-0.99.22.4-5.el7_4.ppc64le.rpm\nquagga-debuginfo-0.99.22.4-5.el7_4.ppc64le.rpm\n\ns390x:\nquagga-0.99.22.4-5.el7_4.s390.rpm\nquagga-0.99.22.4-5.el7_4.s390x.rpm\nquagga-debuginfo-0.99.22.4-5.el7_4.s390.rpm\nquagga-debuginfo-0.99.22.4-5.el7_4.s390x.rpm\n\nx86_64:\nquagga-0.99.22.4-5.el7_4.i686.rpm\nquagga-0.99.22.4-5.el7_4.x86_64.rpm\nquagga-debuginfo-0.99.22.4-5.el7_4.i686.rpm\nquagga-debuginfo-0.99.22.4-5.el7_4.x86_64.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):\n\nSource:\nquagga-0.99.22.4-5.el7_4.src.rpm\n\naarch64:\nquagga-0.99.22.4-5.el7_4.aarch64.rpm\nquagga-debuginfo-0.99.22.4-5.el7_4.aarch64.rpm\n\nppc64le:\nquagga-0.99.22.4-5.el7_4.ppc64le.rpm\nquagga-debuginfo-0.99.22.4-5.el7_4.ppc64le.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nquagga-contrib-0.99.22.4-5.el7_4.ppc64.rpm\nquagga-debuginfo-0.99.22.4-5.el7_4.ppc.rpm\nquagga-debuginfo-0.99.22.4-5.el7_4.ppc64.rpm\nquagga-devel-0.99.22.4-5.el7_4.ppc.rpm\nquagga-devel-0.99.22.4-5.el7_4.ppc64.rpm\n\nppc64le:\nquagga-contrib-0.99.22.4-5.el7_4.ppc64le.rpm\nquagga-debuginfo-0.99.22.4-5.el7_4.ppc64le.rpm\nquagga-devel-0.99.22.4-5.el7_4.ppc64le.rpm\n\ns390x:\nquagga-contrib-0.99.22.4-5.el7_4.s390x.rpm\nquagga-debuginfo-0.99.22.4-5.el7_4.s390.rpm\nquagga-debuginfo-0.99.22.4-5.el7_4.s390x.rpm\nquagga-devel-0.99.22.4-5.el7_4.s390.rpm\nquagga-devel-0.99.22.4-5.el7_4.s390x.rpm\n\nx86_64:\nquagga-contrib-0.99.22.4-5.el7_4.x86_64.rpm\nquagga-debuginfo-0.99.22.4-5.el7_4.i686.rpm\nquagga-debuginfo-0.99.22.4-5.el7_4.x86_64.rpm\nquagga-devel-0.99.22.4-5.el7_4.i686.rpm\nquagga-devel-0.99.22.4-5.el7_4.x86_64.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):\n\naarch64:\nquagga-contrib-0.99.22.4-5.el7_4.aarch64.rpm\nquagga-debuginfo-0.99.22.4-5.el7_4.aarch64.rpm\nquagga-devel-0.99.22.4-5.el7_4.aarch64.rpm\n\nppc64le:\nquagga-contrib-0.99.22.4-5.el7_4.ppc64le.rpm\nquagga-debuginfo-0.99.22.4-5.el7_4.ppc64le.rpm\nquagga-devel-0.99.22.4-5.el7_4.ppc64le.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nquagga-0.99.22.4-5.el7_4.src.rpm\n\nx86_64:\nquagga-0.99.22.4-5.el7_4.i686.rpm\nquagga-0.99.22.4-5.el7_4.x86_64.rpm\nquagga-debuginfo-0.99.22.4-5.el7_4.i686.rpm\nquagga-debuginfo-0.99.22.4-5.el7_4.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nquagga-contrib-0.99.22.4-5.el7_4.x86_64.rpm\nquagga-debuginfo-0.99.22.4-5.el7_4.i686.rpm\nquagga-debuginfo-0.99.22.4-5.el7_4.x86_64.rpm\nquagga-devel-0.99.22.4-5.el7_4.i686.rpm\nquagga-devel-0.99.22.4-5.el7_4.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-5379\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFalvS5XlSAg2UNWIIRAt2VAJoDHq+b03wv2cXdpBivxT/zOAniAQCgkE2/\nWD9+DkKEg1eZpmyT0FyyN8s=\n=NOHT\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201804-17\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Quagga: Multiple vulnerabilities\n Date: April 22, 2018\n Bugs: #647788\n ID: 201804-17\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Quagga, the worst of which\ncould allow remote attackers to execute arbitrary code. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/quagga \u003c 1.2.4 \u003e= 1.2.4 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Quagga. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Quagga users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/quagga-1.2.4\"\n\nReferences\n==========\n\n[ 1 ] CVE-2018-5378\n https://nvd.nist.gov/vuln/detail/CVE-2018-5378\n[ 2 ] CVE-2018-5379\n https://nvd.nist.gov/vuln/detail/CVE-2018-5379\n[ 3 ] CVE-2018-5380\n https://nvd.nist.gov/vuln/detail/CVE-2018-5380\n[ 4 ] CVE-2018-5381\n https://nvd.nist.gov/vuln/detail/CVE-2018-5381\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201804-17\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2018 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. ==========================================================================\nUbuntu Security Notice USN-3573-1\nFebruary 16, 2018\n\nquagga vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 17.10\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Quagga. (CVE-2018-5379)\n\nIt was discovered that the Quagga BGP daemon did not properly bounds\ncheck the data sent with a NOTIFY to a peer. \nThis issue only affected Ubuntu 17.10. (CVE-2018-5378)\n\nIt was discovered that a table overrun vulnerability existed in the\nQuagga BGP daemon. (CVE-2018-5380)\n\nIt was discovered that the Quagga BGP daemon in some configurations\ndid not properly handle invalid OPEN messages. (CVE-2018-5381)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 17.10:\n quagga 1.1.1-3ubuntu0.2\n quagga-bgpd 1.1.1-3ubuntu0.2\n\nUbuntu 16.04 LTS:\n quagga 0.99.24.1-2ubuntu1.4\n\nUbuntu 14.04 LTS:\n quagga 0.99.22.4-3ubuntu1.5\n\nAfter a standard system update you need to restart Quagga to make\nall the necessary changes",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-5379"
},
{
"db": "CERT/CC",
"id": "VU#940439"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001492"
},
{
"db": "BID",
"id": "103105"
},
{
"db": "VULMON",
"id": "CVE-2018-5379"
},
{
"db": "PACKETSTORM",
"id": "146416"
},
{
"db": "PACKETSTORM",
"id": "146610"
},
{
"db": "PACKETSTORM",
"id": "147305"
},
{
"db": "PACKETSTORM",
"id": "146410"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#940439",
"trust": 3.3
},
{
"db": "NVD",
"id": "CVE-2018-5379",
"trust": 3.2
},
{
"db": "BID",
"id": "103105",
"trust": 2.0
},
{
"db": "ICS CERT",
"id": "ICSA-19-099-05",
"trust": 1.8
},
{
"db": "SIEMENS",
"id": "SSA-451142",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU95518305",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001492",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.1207",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201802-829",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2018-5379",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "146416",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "146610",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147305",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "146410",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#940439"
},
{
"db": "VULMON",
"id": "CVE-2018-5379"
},
{
"db": "BID",
"id": "103105"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001492"
},
{
"db": "PACKETSTORM",
"id": "146416"
},
{
"db": "PACKETSTORM",
"id": "146610"
},
{
"db": "PACKETSTORM",
"id": "147305"
},
{
"db": "PACKETSTORM",
"id": "146410"
},
{
"db": "NVD",
"id": "CVE-2018-5379"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-829"
}
]
},
"id": "VAR-201802-1049",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.52540106
},
"last_update_date": "2023-12-18T12:29:10.855000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AXSA:2018-2582:01",
"trust": 0.8,
"url": "https://tsn.miraclelinux.com/ja/node/9025"
},
{
"title": "Quagga 1.2.3 Release, with significant BGP security fixes",
"trust": 0.8,
"url": "https://savannah.nongnu.org/forum/forum.php?forum_id=9095"
},
{
"title": "\u4e0d\u6b63\u306a\u30e1\u30c3\u30bb\u30fc\u30b8\u306e\u53d7\u4fe1\u306b\u3088\u308aBGP\u6a5f\u80fd\u304c\u505c\u6b62\u3059\u308b\u8106\u5f31\u6027",
"trust": 0.8,
"url": "http://www.seil.jp/support/security/a01864.html"
},
{
"title": "Quagga BGP daemon Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=90582"
},
{
"title": "Red Hat: Important: quagga security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20180377 - security advisory"
},
{
"title": "Ubuntu Security Notice: quagga vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3573-1"
},
{
"title": "Red Hat: CVE-2018-5379",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2018-5379"
},
{
"title": "Debian Security Advisories: DSA-4115-1 quagga -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=60039c87d27a61271ac8cea042fa360d"
},
{
"title": "Amazon Linux AMI: ALAS-2018-957",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2018-957"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=743274c8dcbded6c8c6a2fcbd1f712aa"
},
{
"title": "Debian CVElist Bug Report Logs: quagga: CVE-2018-5378 CVE-2018-5379 CVE-2018-5380 CVE-2018-5381",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=4da9cc5babf3128084a3957af98f57a1"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - January 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=f20bc19459353e30190c7e47d9da0c23"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=72fe5ebf222112c8481815fd7cefc7af"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-5379"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001492"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-829"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-415",
"trust": 1.8
},
{
"problemtype": "CWE-119",
"trust": 0.8
},
{
"problemtype": "CWE-125",
"trust": 0.8
},
{
"problemtype": "CWE-228",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001492"
},
{
"db": "NVD",
"id": "CVE-2018-5379"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.kb.cert.org/vuls/id/940439"
},
{
"trust": 2.5,
"url": "http://savannah.nongnu.org/forum/forum.php?forum_id=9095"
},
{
"trust": 2.5,
"url": "https://www.debian.org/security/2018/dsa-4115"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/103105"
},
{
"trust": 2.0,
"url": "https://gogs.quagga.net/quagga/quagga/src/master/doc/security/quagga-2018-1114.txt"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2018:0377"
},
{
"trust": 1.8,
"url": "https://usn.ubuntu.com/3573-1/"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/201804-17"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00021.html"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdf"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5379"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5378"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5380"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5381"
},
{
"trust": 1.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-099-05"
},
{
"trust": 1.0,
"url": "https://access.redhat.com/security/cve/cve-2018-5379"
},
{
"trust": 0.9,
"url": "http://cwe.mitre.org/data/definitions/415.html"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1542985"
},
{
"trust": 0.9,
"url": "https://www.oracle.com/technetwork/topics/security/bulletinapr2018-4443185.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/125.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/228.html"
},
{
"trust": 0.8,
"url": "http://lists.suse.com/pipermail/sle-security-updates/2018-february/003735.html"
},
{
"trust": 0.8,
"url": "https://usn.ubuntu.com/usn/usn-3573-1/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5381"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5378"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5379"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5380"
},
{
"trust": 0.8,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-099-05"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu95518305/index.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/78746"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=57162"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.quagga.net/security/quagga-2018-0543.txt"
},
{
"trust": 0.1,
"url": "https://www.quagga.net/security/quagga-2018-1975.txt"
},
{
"trust": 0.1,
"url": "https://www.quagga.net/security/quagga-2018-1550.txt"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://www.quagga.net/security/quagga-2018-1114.txt"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/quagga"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/quagga/1.1.1-3ubuntu0.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/quagga/0.99.22.4-3ubuntu1.5"
},
{
"trust": 0.1,
"url": "https://www.ubuntu.com/usn/usn-3573-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/quagga/0.99.24.1-2ubuntu1.4"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#940439"
},
{
"db": "VULMON",
"id": "CVE-2018-5379"
},
{
"db": "BID",
"id": "103105"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001492"
},
{
"db": "PACKETSTORM",
"id": "146416"
},
{
"db": "PACKETSTORM",
"id": "146610"
},
{
"db": "PACKETSTORM",
"id": "147305"
},
{
"db": "PACKETSTORM",
"id": "146410"
},
{
"db": "NVD",
"id": "CVE-2018-5379"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-829"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#940439"
},
{
"db": "VULMON",
"id": "CVE-2018-5379"
},
{
"db": "BID",
"id": "103105"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001492"
},
{
"db": "PACKETSTORM",
"id": "146416"
},
{
"db": "PACKETSTORM",
"id": "146610"
},
{
"db": "PACKETSTORM",
"id": "147305"
},
{
"db": "PACKETSTORM",
"id": "146410"
},
{
"db": "NVD",
"id": "CVE-2018-5379"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-829"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-15T00:00:00",
"db": "CERT/CC",
"id": "VU#940439"
},
{
"date": "2018-02-19T00:00:00",
"db": "VULMON",
"id": "CVE-2018-5379"
},
{
"date": "2018-02-15T00:00:00",
"db": "BID",
"id": "103105"
},
{
"date": "2018-02-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001492"
},
{
"date": "2018-02-16T14:36:28",
"db": "PACKETSTORM",
"id": "146416"
},
{
"date": "2018-02-28T23:24:22",
"db": "PACKETSTORM",
"id": "146610"
},
{
"date": "2018-04-23T20:02:00",
"db": "PACKETSTORM",
"id": "147305"
},
{
"date": "2018-02-15T23:25:00",
"db": "PACKETSTORM",
"id": "146410"
},
{
"date": "2018-02-19T13:29:00.413000",
"db": "NVD",
"id": "CVE-2018-5379"
},
{
"date": "2018-02-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201802-829"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-19T00:00:00",
"db": "CERT/CC",
"id": "VU#940439"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2018-5379"
},
{
"date": "2019-04-10T11:00:00",
"db": "BID",
"id": "103105"
},
{
"date": "2019-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001492"
},
{
"date": "2019-10-09T23:41:15.437000",
"db": "NVD",
"id": "CVE-2018-5379"
},
{
"date": "2019-04-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201802-829"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "147305"
},
{
"db": "PACKETSTORM",
"id": "146410"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-829"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Quagga bgpd is affected by multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#940439"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201802-829"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.