CVE-2007-4826

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2007-4826
bgpd in Quagga before 0.99.9 allows explicitly configured BGP peers to cause a denial of service (crash) via a malformed (1) OPEN message or (2) a COMMUNITY attribute, which triggers a NULL pointer dereference. NOTE: vector 2 only exists when debugging is enabled.

3.5 /10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:M/Au:S/C:N/I:N/A:P

Exploitability : 6.8 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
http://fedoranews.org/updates/FEDORA-2007-219.shtml
http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00153.html
http://quagga.net/news2.php?y=2007&m=9&d=7#id1189190760 Patch
http://secunia.com/advisories/26744 Patch Vendor Advisory
http://secunia.com/advisories/26829 Vendor Advisory
http://secunia.com/advisories/26863 Vendor Advisory
http://secunia.com/advisories/27049 Vendor Advisory
http://secunia.com/advisories/29743 Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-236141-1
http://www.debian.org/security/2007/dsa-1382
http://www.mandriva.com/security/advisories?name=MDKSA-2007:182
http://www.quagga.net/download/quagga-0.99.9.changelog.txt
http://www.redhat.com/support/errata/RHSA-2010-0785.html
http://www.securityfocus.com/bid/25634 Patch
http://www.trustix.org/errata/2007/0028/
http://www.ubuntu.com/usn/usn-512-1
http://www.vupen.com/english/advisories/2007/3129 Vendor Advisory
http://www.vupen.com/english/advisories/2008/1195/references Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/36551
http://fedoranews.org/updates/FEDORA-2007-219.shtml
http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00153.html
http://quagga.net/news2.php?y=2007&m=9&d=7#id1189190760 Patch
http://secunia.com/advisories/26744 Patch Vendor Advisory
http://secunia.com/advisories/26829 Vendor Advisory
http://secunia.com/advisories/26863 Vendor Advisory
http://secunia.com/advisories/27049 Vendor Advisory
http://secunia.com/advisories/29743 Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-236141-1
http://www.debian.org/security/2007/dsa-1382
http://www.mandriva.com/security/advisories?name=MDKSA-2007:182
http://www.quagga.net/download/quagga-0.99.9.changelog.txt
http://www.redhat.com/support/errata/RHSA-2010-0785.html
http://www.securityfocus.com/bid/25634 Patch
http://www.trustix.org/errata/2007/0028/
http://www.ubuntu.com/usn/usn-512-1
http://www.vupen.com/english/advisories/2007/3129 Vendor Advisory
http://www.vupen.com/english/advisories/2008/1195/references Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/36551
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.95:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.96:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.96.1:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.96.2:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.96.3:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.96.4:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.96.5:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.97.0:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.97.1:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.97.2:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.97.3:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.97.4:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.97.5:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.98.0:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.98.1:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.98.2:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.98.3:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.98.4:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.98.5:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.98.6:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.1:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.2:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.3:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.4:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.5:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.6:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.99.7:*:*:*:*:*:*:*
History

21 Nov 2024, 00:36

Type Values Removed Values Added
References () http://fedoranews.org/updates/FEDORA-2007-219.shtml - () http://fedoranews.org/updates/FEDORA-2007-219.shtml -
References () http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00153.html - () http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00153.html -
References () http://quagga.net/news2.php?y=2007&m=9&d=7#id1189190760 - Patch () http://quagga.net/news2.php?y=2007&m=9&d=7#id1189190760 - Patch
References () http://secunia.com/advisories/26744 - Patch, Vendor Advisory () http://secunia.com/advisories/26744 - Patch, Vendor Advisory
References () http://secunia.com/advisories/26829 - Vendor Advisory () http://secunia.com/advisories/26829 - Vendor Advisory
References () http://secunia.com/advisories/26863 - Vendor Advisory () http://secunia.com/advisories/26863 - Vendor Advisory
References () http://secunia.com/advisories/27049 - Vendor Advisory () http://secunia.com/advisories/27049 - Vendor Advisory
References () http://secunia.com/advisories/29743 - Vendor Advisory () http://secunia.com/advisories/29743 - Vendor Advisory
References () http://sunsolve.sun.com/search/document.do?assetkey=1-26-236141-1 - () http://sunsolve.sun.com/search/document.do?assetkey=1-26-236141-1 -
References () http://www.debian.org/security/2007/dsa-1382 - () http://www.debian.org/security/2007/dsa-1382 -
References () http://www.mandriva.com/security/advisories?name=MDKSA-2007:182 - () http://www.mandriva.com/security/advisories?name=MDKSA-2007:182 -
References () http://www.quagga.net/download/quagga-0.99.9.changelog.txt - () http://www.quagga.net/download/quagga-0.99.9.changelog.txt -
References () http://www.redhat.com/support/errata/RHSA-2010-0785.html - () http://www.redhat.com/support/errata/RHSA-2010-0785.html -
References () http://www.securityfocus.com/bid/25634 - Patch () http://www.securityfocus.com/bid/25634 - Patch
References () http://www.trustix.org/errata/2007/0028/ - () http://www.trustix.org/errata/2007/0028/ -
References () http://www.ubuntu.com/usn/usn-512-1 - () http://www.ubuntu.com/usn/usn-512-1 -
References () http://www.vupen.com/english/advisories/2007/3129 - Vendor Advisory () http://www.vupen.com/english/advisories/2007/3129 - Vendor Advisory
References () http://www.vupen.com/english/advisories/2008/1195/references - Vendor Advisory () http://www.vupen.com/english/advisories/2008/1195/references - Vendor Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/36551 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/36551 -
Information

Published : 2007-09-12 10:17

Updated : 2024-11-21 00:36

NVD link : CVE-2007-4826

Mitre link : CVE-2007-4826

CVE.ORG link : CVE-2007-4826

JSON object : View

Products Affected

quagga

  • quagga
CWE
NVD-CWE-noinfo

NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024