var-201802-1051
Vulnerability from variot
The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI, causing a denial of service. The Quagga BGP daemon bgpd prior to version 1.2.3 may be vulnerable to multiple issues that may result in denial of service, information disclosure, or remote code execution. Quagga bgpd Contains several vulnerabilities: * Buffer overflow (CWE-119) - CVE-2018-5378 (Quagga-2018-0543) * Double memory release (CWE-415) - CVE-2018-5379 (Quagga-2018-1114) * Out of bounds read (CWE-125) - CVE-2018-5380 (Quagga-2018-1550) * Improper handling of incorrect syntactic constructs (CWE-228) - CVE-2018-5381 (Quagga-2018-1975) Detail is Information provided by the developer Please refer to.The expected impact depends on each vulnerability, but remote code execution, information leakage, service operation interruption by a remote third party (DoS) An attack could be made. Quagga is prone to multiple denial of service vulnerabilities. Attackers can exploit these issues to crash the affected application, denying service to legitimate users. A configured peer can take advantage of this flaw to cause a denial of service (bgpd daemon not responding to any other events; BGP sessions will drop and not be reestablished; unresponsive CLI interface).
https://www.quagga.net/security/Quagga-2018-1975.txt
For the oldstable distribution (jessie), these problems have been fixed in version 0.99.23.1-1+deb8u5.
For the stable distribution (stretch), these problems have been fixed in version 1.1.1-3+deb9u2.
We recommend that you upgrade your quagga packages.
For the detailed security status of quagga please refer to its security tracker page at: https://security-tracker.debian.org/tracker/quagga
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlqGBaVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RpyRAAhVpntFw+LSUUzL2/cx7m+s4fHijhOkU/AjKKmW4a9rAi0iJYW4HNv5BU cKfz6yhngFUzCa+Glhmiwzt77eAoeksJSvxkKio5CTqjV3OxCWbDPPz/iRRHcKvK MGhnqyShMCF8boQU0plmqNbfhnSWNAObbaI2fPmjLOU4A4jPY1T/fbzu4Sd3k5qY ETeHq9+HlVdGnyNEoYnoO0XQH56ueNHy3VlChJ0S2OPtFtoKXkjM/er+yG6413+G 3e90tcbm2xlitmrTyZm9K/Q08UWLJx510n1rxehaO1DTEz+bqSNezySOhyNb8sTA fuadDpgs2ozwgSmxyuWFj0RL3fKvgycw1ZeNiS5nUmRJTobrPlnjyX+A8FEJhPuI 9xyVa8j6wUeBVZdgd9b/EWLQ1Z9oDRiXmHRJeVOtz4JRNPP1KLtBcsPxFW9eCp83 9gFMqk/vMYQSpRqtQdnl5OawEpeurMtusBsnlEV5y9afiHU9jKB8N7RPwxCJgtjP /jmhS4lOvn3F5lNILahaL3lrk/b0EsECajBltbN9YVU0yabWWRWSMrJ3ujamhaXE aUQKmVj1alwDyg90vToiUftdr3R0hPPFuzA0BAK55SJVzjwJ2XInzItr+2y1tMPn dSpd32tzrxpDm86rvmRIiAJbj28n7QnX9I9BlKZqWq2fUUhTkNg= =Gy8j -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201804-17
https://security.gentoo.org/
Severity: High Title: Quagga: Multiple vulnerabilities Date: April 22, 2018 Bugs: #647788 ID: 201804-17
Synopsis
Multiple vulnerabilities have been found in Quagga, the worst of which could allow remote attackers to execute arbitrary code. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All Quagga users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/quagga-1.2.4"
References
[ 1 ] CVE-2018-5378 https://nvd.nist.gov/vuln/detail/CVE-2018-5378 [ 2 ] CVE-2018-5379 https://nvd.nist.gov/vuln/detail/CVE-2018-5379 [ 3 ] CVE-2018-5380 https://nvd.nist.gov/vuln/detail/CVE-2018-5380 [ 4 ] CVE-2018-5381 https://nvd.nist.gov/vuln/detail/CVE-2018-5381
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201804-17
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-3573-1 February 16, 2018
quagga vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Quagga.
Software Description: - quagga: BGP/OSPF/RIP routing daemon
Details:
It was discovered that a double-free vulnerability existed in the Quagga BGP daemon when processing certain forms of UPDATE message. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2018-5379)
It was discovered that the Quagga BGP daemon did not properly bounds check the data sent with a NOTIFY to a peer. An attacker could use this to expose sensitive information or possibly cause a denial of service. This issue only affected Ubuntu 17.10. (CVE-2018-5378)
It was discovered that a table overrun vulnerability existed in the Quagga BGP daemon. An attacker in control of a configured peer could use this to possibly expose sensitive information or possibly cause a denial of service. (CVE-2018-5381)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 17.10: quagga 1.1.1-3ubuntu0.2 quagga-bgpd 1.1.1-3ubuntu0.2
Ubuntu 16.04 LTS: quagga 0.99.24.1-2ubuntu1.4
Ubuntu 14.04 LTS: quagga 0.99.22.4-3ubuntu1.5
After a standard system update you need to restart Quagga to make all the necessary changes.
References: https://www.ubuntu.com/usn/usn-3573-1 CVE-2018-5378, CVE-2018-5379, CVE-2018-5380, CVE-2018-5381
Package Information: https://launchpad.net/ubuntu/+source/quagga/1.1.1-3ubuntu0.2 https://launchpad.net/ubuntu/+source/quagga/0.99.24.1-2ubuntu1.4 https://launchpad.net/ubuntu/+source/quagga/0.99.22.4-3ubuntu1.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201802-1051",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linux",
"scope": "eq",
"trust": 1.6,
"vendor": "debian",
"version": "8.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.6,
"vendor": "debian",
"version": "9.0"
},
{
"model": "ruggedcom rox ii",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.13.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "17.10"
},
{
"model": "quagga",
"scope": "lte",
"trust": 1.0,
"vendor": "quagga",
"version": "1.2.2"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian gnu linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "suse linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubuntu",
"version": null
},
{
"model": "quagga",
"scope": "lt",
"trust": 0.8,
"vendor": "quagga",
"version": "1.2.3 earlier"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "17.10"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "16.04"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "ruggedcom rox ii",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2.9"
},
{
"model": "ruggedcom rox ii",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2.12"
},
{
"model": "ruggedcom rox ii",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2.11"
},
{
"model": "ruggedcom rox ii",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2.10"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "1.2.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "1.2.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "1.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "1.1.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "1.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.24"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.22"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.21"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.17"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.16"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.15"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.14"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.13"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.12"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.11"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.10"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.9"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.8"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.7"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.6"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.6"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.97.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.97.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.97.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.97.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.97"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.22.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.22.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.22.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.20"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.19"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.18"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.97.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.95"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.93"
},
{
"model": "ruggedcom rox ii",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "2.13"
},
{
"model": "quagga",
"scope": "ne",
"trust": 0.3,
"vendor": "quagga",
"version": "1.2.3"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#940439"
},
{
"db": "BID",
"id": "107837"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001492"
},
{
"db": "NVD",
"id": "CVE-2018-5381"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-827"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.2.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_ii_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.13.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_ii:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-5381"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens reported these vulnerabilities to NCCIC.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201802-827"
}
],
"trust": 0.6
},
"cve": "CVE-2018-5381",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "JPCERT/CC",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2018-001492",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-5381",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cret@cert.org",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "JPCERT/CC",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2018-001492",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-5381",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cret@cert.org",
"id": "CVE-2018-5381",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "JPCERT/CC",
"id": "JVNDB-2018-001492",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201802-827",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-5381",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-5381"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001492"
},
{
"db": "NVD",
"id": "CVE-2018-5381"
},
{
"db": "NVD",
"id": "CVE-2018-5381"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-827"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of \"Capabilities\" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI, causing a denial of service. The Quagga BGP daemon bgpd prior to version 1.2.3 may be vulnerable to multiple issues that may result in denial of service, information disclosure, or remote code execution. Quagga bgpd Contains several vulnerabilities: * Buffer overflow (CWE-119) - CVE-2018-5378 (Quagga-2018-0543) * Double memory release (CWE-415) - CVE-2018-5379 (Quagga-2018-1114) * Out of bounds read (CWE-125) - CVE-2018-5380 (Quagga-2018-1550) * Improper handling of incorrect syntactic constructs (CWE-228) - CVE-2018-5381 (Quagga-2018-1975) Detail is \u003ca href=\"https://savannah.nongnu.org/forum/forum.php?forum_id=9095\"target=\"blank\"\u003e Information provided by the developer \u003c/a\u003e Please refer to.The expected impact depends on each vulnerability, but remote code execution, information leakage, service operation interruption by a remote third party (DoS) An attack could be made. Quagga is prone to multiple denial of service vulnerabilities. \nAttackers can exploit these issues to crash the affected application, denying service to legitimate users. \n A configured peer can take advantage of this flaw to cause a denial\n of service (bgpd daemon not responding to any other events; BGP\n sessions will drop and not be reestablished; unresponsive CLI\n interface). \n\n https://www.quagga.net/security/Quagga-2018-1975.txt\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 0.99.23.1-1+deb8u5. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.1.1-3+deb9u2. \n\nWe recommend that you upgrade your quagga packages. \n\nFor the detailed security status of quagga please refer to its security\ntracker page at: https://security-tracker.debian.org/tracker/quagga\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlqGBaVfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0RpyRAAhVpntFw+LSUUzL2/cx7m+s4fHijhOkU/AjKKmW4a9rAi0iJYW4HNv5BU\ncKfz6yhngFUzCa+Glhmiwzt77eAoeksJSvxkKio5CTqjV3OxCWbDPPz/iRRHcKvK\nMGhnqyShMCF8boQU0plmqNbfhnSWNAObbaI2fPmjLOU4A4jPY1T/fbzu4Sd3k5qY\nETeHq9+HlVdGnyNEoYnoO0XQH56ueNHy3VlChJ0S2OPtFtoKXkjM/er+yG6413+G\n3e90tcbm2xlitmrTyZm9K/Q08UWLJx510n1rxehaO1DTEz+bqSNezySOhyNb8sTA\nfuadDpgs2ozwgSmxyuWFj0RL3fKvgycw1ZeNiS5nUmRJTobrPlnjyX+A8FEJhPuI\n9xyVa8j6wUeBVZdgd9b/EWLQ1Z9oDRiXmHRJeVOtz4JRNPP1KLtBcsPxFW9eCp83\n9gFMqk/vMYQSpRqtQdnl5OawEpeurMtusBsnlEV5y9afiHU9jKB8N7RPwxCJgtjP\n/jmhS4lOvn3F5lNILahaL3lrk/b0EsECajBltbN9YVU0yabWWRWSMrJ3ujamhaXE\naUQKmVj1alwDyg90vToiUftdr3R0hPPFuzA0BAK55SJVzjwJ2XInzItr+2y1tMPn\ndSpd32tzrxpDm86rvmRIiAJbj28n7QnX9I9BlKZqWq2fUUhTkNg=\n=Gy8j\n-----END PGP SIGNATURE-----\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201804-17\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Quagga: Multiple vulnerabilities\n Date: April 22, 2018\n Bugs: #647788\n ID: 201804-17\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Quagga, the worst of which\ncould allow remote attackers to execute arbitrary code. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Quagga users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/quagga-1.2.4\"\n\nReferences\n==========\n\n[ 1 ] CVE-2018-5378\n https://nvd.nist.gov/vuln/detail/CVE-2018-5378\n[ 2 ] CVE-2018-5379\n https://nvd.nist.gov/vuln/detail/CVE-2018-5379\n[ 3 ] CVE-2018-5380\n https://nvd.nist.gov/vuln/detail/CVE-2018-5380\n[ 4 ] CVE-2018-5381\n https://nvd.nist.gov/vuln/detail/CVE-2018-5381\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201804-17\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2018 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. ==========================================================================\nUbuntu Security Notice USN-3573-1\nFebruary 16, 2018\n\nquagga vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 17.10\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Quagga. \n\nSoftware Description:\n- quagga: BGP/OSPF/RIP routing daemon\n\nDetails:\n\nIt was discovered that a double-free vulnerability existed in the\nQuagga BGP daemon when processing certain forms of UPDATE message. \nA remote attacker could use this to cause a denial of service or\npossibly execute arbitrary code. (CVE-2018-5379)\n\nIt was discovered that the Quagga BGP daemon did not properly bounds\ncheck the data sent with a NOTIFY to a peer. An attacker could use this\nto expose sensitive information or possibly cause a denial of service. \nThis issue only affected Ubuntu 17.10. (CVE-2018-5378)\n\nIt was discovered that a table overrun vulnerability existed in the\nQuagga BGP daemon. An attacker in control of a configured peer could\nuse this to possibly expose sensitive information or possibly cause\na denial of service. (CVE-2018-5381)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 17.10:\n quagga 1.1.1-3ubuntu0.2\n quagga-bgpd 1.1.1-3ubuntu0.2\n\nUbuntu 16.04 LTS:\n quagga 0.99.24.1-2ubuntu1.4\n\nUbuntu 14.04 LTS:\n quagga 0.99.22.4-3ubuntu1.5\n\nAfter a standard system update you need to restart Quagga to make\nall the necessary changes. \n\nReferences:\n https://www.ubuntu.com/usn/usn-3573-1\n CVE-2018-5378, CVE-2018-5379, CVE-2018-5380, CVE-2018-5381\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/quagga/1.1.1-3ubuntu0.2\n https://launchpad.net/ubuntu/+source/quagga/0.99.24.1-2ubuntu1.4\n https://launchpad.net/ubuntu/+source/quagga/0.99.22.4-3ubuntu1.5\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-5381"
},
{
"db": "CERT/CC",
"id": "VU#940439"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001492"
},
{
"db": "BID",
"id": "107837"
},
{
"db": "VULMON",
"id": "CVE-2018-5381"
},
{
"db": "PACKETSTORM",
"id": "146416"
},
{
"db": "PACKETSTORM",
"id": "147305"
},
{
"db": "PACKETSTORM",
"id": "146410"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#940439",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2018-5381",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSA-19-099-05",
"trust": 1.8
},
{
"db": "SIEMENS",
"id": "SSA-451142",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU95518305",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001492",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.1207",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201802-827",
"trust": 0.6
},
{
"db": "BID",
"id": "107837",
"trust": 0.3
},
{
"db": "VULMON",
"id": "CVE-2018-5381",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "146416",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147305",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "146410",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#940439"
},
{
"db": "VULMON",
"id": "CVE-2018-5381"
},
{
"db": "BID",
"id": "107837"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001492"
},
{
"db": "PACKETSTORM",
"id": "146416"
},
{
"db": "PACKETSTORM",
"id": "147305"
},
{
"db": "PACKETSTORM",
"id": "146410"
},
{
"db": "NVD",
"id": "CVE-2018-5381"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-827"
}
]
},
"id": "VAR-201802-1051",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.52540106
},
"last_update_date": "2023-12-18T12:29:10.809000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AXSA:2018-2582:01",
"trust": 0.8,
"url": "https://tsn.miraclelinux.com/ja/node/9025"
},
{
"title": "Quagga 1.2.3 Release, with significant BGP security fixes",
"trust": 0.8,
"url": "https://savannah.nongnu.org/forum/forum.php?forum_id=9095"
},
{
"title": "\u4e0d\u6b63\u306a\u30e1\u30c3\u30bb\u30fc\u30b8\u306e\u53d7\u4fe1\u306b\u3088\u308aBGP\u6a5f\u80fd\u304c\u505c\u6b62\u3059\u308b\u8106\u5f31\u6027",
"trust": 0.8,
"url": "http://www.seil.jp/support/security/a01864.html"
},
{
"title": "Quagga BGP daemon Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=90580"
},
{
"title": "Ubuntu Security Notice: quagga vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3573-1"
},
{
"title": "Red Hat: CVE-2018-5381",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2018-5381"
},
{
"title": "Debian Security Advisories: DSA-4115-1 quagga -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=60039c87d27a61271ac8cea042fa360d"
},
{
"title": "Amazon Linux AMI: ALAS-2018-957",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2018-957"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=743274c8dcbded6c8c6a2fcbd1f712aa"
},
{
"title": "Debian CVElist Bug Report Logs: quagga: CVE-2018-5378 CVE-2018-5379 CVE-2018-5380 CVE-2018-5381",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=4da9cc5babf3128084a3957af98f57a1"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=72fe5ebf222112c8481815fd7cefc7af"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-5381"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001492"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-827"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-835",
"trust": 1.0
},
{
"problemtype": "CWE-119",
"trust": 0.8
},
{
"problemtype": "CWE-125",
"trust": 0.8
},
{
"problemtype": "CWE-415",
"trust": 0.8
},
{
"problemtype": "CWE-228",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001492"
},
{
"db": "NVD",
"id": "CVE-2018-5381"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://savannah.nongnu.org/forum/forum.php?forum_id=9095"
},
{
"trust": 2.8,
"url": "https://www.debian.org/security/2018/dsa-4115"
},
{
"trust": 2.6,
"url": "http://www.kb.cert.org/vuls/id/940439"
},
{
"trust": 2.1,
"url": "https://usn.ubuntu.com/3573-1/"
},
{
"trust": 2.0,
"url": "https://gogs.quagga.net/quagga/quagga/src/master/doc/security/quagga-2018-1975.txt"
},
{
"trust": 2.0,
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00021.html"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/201804-17"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdf"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5378"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5379"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5380"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5381"
},
{
"trust": 1.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-099-05"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/125.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/228.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/415.html"
},
{
"trust": 0.8,
"url": "http://lists.suse.com/pipermail/sle-security-updates/2018-february/003735.html"
},
{
"trust": 0.8,
"url": "https://usn.ubuntu.com/usn/usn-3573-1/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5381"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5378"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5379"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5380"
},
{
"trust": 0.8,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-099-05"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu95518305/index.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/78746"
},
{
"trust": 0.3,
"url": "http://www.quagga.net/"
},
{
"trust": 0.3,
"url": "https://www.kb.cert.org/vuls/id/940439/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-5380"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-5381"
},
{
"trust": 0.3,
"url": "https://gogs.quagga.net/quagga/quagga/src/master/doc/security/quagga-2018-1550.txt"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/835.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.quagga.net/security/quagga-2018-0543.txt"
},
{
"trust": 0.1,
"url": "https://www.quagga.net/security/quagga-2018-1975.txt"
},
{
"trust": 0.1,
"url": "https://www.quagga.net/security/quagga-2018-1550.txt"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://www.quagga.net/security/quagga-2018-1114.txt"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/quagga"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/quagga/1.1.1-3ubuntu0.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/quagga/0.99.22.4-3ubuntu1.5"
},
{
"trust": 0.1,
"url": "https://www.ubuntu.com/usn/usn-3573-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/quagga/0.99.24.1-2ubuntu1.4"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#940439"
},
{
"db": "VULMON",
"id": "CVE-2018-5381"
},
{
"db": "BID",
"id": "107837"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001492"
},
{
"db": "PACKETSTORM",
"id": "146416"
},
{
"db": "PACKETSTORM",
"id": "147305"
},
{
"db": "PACKETSTORM",
"id": "146410"
},
{
"db": "NVD",
"id": "CVE-2018-5381"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-827"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#940439"
},
{
"db": "VULMON",
"id": "CVE-2018-5381"
},
{
"db": "BID",
"id": "107837"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001492"
},
{
"db": "PACKETSTORM",
"id": "146416"
},
{
"db": "PACKETSTORM",
"id": "147305"
},
{
"db": "PACKETSTORM",
"id": "146410"
},
{
"db": "NVD",
"id": "CVE-2018-5381"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-827"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-15T00:00:00",
"db": "CERT/CC",
"id": "VU#940439"
},
{
"date": "2018-02-19T00:00:00",
"db": "VULMON",
"id": "CVE-2018-5381"
},
{
"date": "2018-02-19T00:00:00",
"db": "BID",
"id": "107837"
},
{
"date": "2018-02-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001492"
},
{
"date": "2018-02-16T14:36:28",
"db": "PACKETSTORM",
"id": "146416"
},
{
"date": "2018-04-23T20:02:00",
"db": "PACKETSTORM",
"id": "147305"
},
{
"date": "2018-02-15T23:25:00",
"db": "PACKETSTORM",
"id": "146410"
},
{
"date": "2018-02-19T13:29:00.583000",
"db": "NVD",
"id": "CVE-2018-5381"
},
{
"date": "2018-02-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201802-827"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-19T00:00:00",
"db": "CERT/CC",
"id": "VU#940439"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2018-5381"
},
{
"date": "2018-02-19T00:00:00",
"db": "BID",
"id": "107837"
},
{
"date": "2019-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001492"
},
{
"date": "2019-10-09T23:41:15.877000",
"db": "NVD",
"id": "CVE-2018-5381"
},
{
"date": "2019-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201802-827"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "147305"
},
{
"db": "PACKETSTORM",
"id": "146410"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-827"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Quagga bgpd is affected by multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#940439"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201802-827"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.