Quagga BGPD 本地拒绝服务漏洞

漏洞信息详情

Quagga BGPD 本地拒绝服务漏洞

• CNNVD编号：CNNVD-200605-151
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2006-2276
  
• 漏洞类型：
  
  
  资源管理错误
  
• 发布时间：
  
  2006-05-09
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2006-05-10
  
• 厂        商：
  
  quagga
• 漏洞来源：
  This issue was dis…

Quagga 0.98和0.99 20060504之前版本中的bgpd可以使本地用户借助在telnet接口中输入的sh ip bgp命令，引起拒绝服务(CPU损耗)。

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接：
Quagga Quagga Routing Software Suite 0.98.3
Debian quagga_0.98.3-7.2_alpha.debDebian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.
2_alpha.deb
Debian quagga_0.98.3-7.2_amd64.debDebian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.
2_amd64.deb
Debian quagga_0.98.3-7.2_arm.debDebian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.
2_arm.deb
Debian quagga_0.98.3-7.2_hppa.debDebian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.
2_hppa.deb
Debian quagga_0.98.3-7.2_i386.deb7.2_arm.debDebian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.http
://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_i3
86.deb7.2_arm.deb
Debian quagga_0.98.3-7.2_ia64.debDebian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.
2_ia64.deb
Debian quagga_0.98.3-7.2_m68k.debDebian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.
2_m68k.deb
Debian quagga_0.98.3-7.2_mips.debDebian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.
2_mips.deb
Debian quagga_0.98.3-7.2_mipsel.debDebian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.
2_mipsel.deb
Debian quagga_0.98.3-7.2_powerpc.debDebian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.
2_powerpc.deb
Debian quagga_0.98.3-7.2_s390.debDebian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.
2_s390.deb
Debian quagga_0.98.3-7.2_sparc.debDebian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.
2_sparc.deb
Quagga quagga-0.98.6.tar.gz
http://www.quagga.net/download/quagga-0.98.6.tar.gz

来源: www.quagga.net

链接:http://www.quagga.net/news2.php?y=2006&m=5&d=4#id1146764580

来源: OSVDB

名称: 25245

链接:http://www.osvdb.org/25245

来源: MLIST

名称: [quagga-dev] 20060329 quagga locks with command sh ip bgp community 1:*

链接:http://lists.quagga.net/pipermail/quagga-dev/2006-March/004052.html

来源: UBUNTU

名称: USN-284-1

链接:http://www.ubuntulinux.org/support/documentation/usn/usn-284-1

来源: BID

名称: 17979

链接:http://www.securityfocus.com/bid/17979

来源: REDHAT

名称: RHSA-2006:0533

链接:http://www.redhat.com/support/errata/RHSA-2006-0533.html

来源: REDHAT

名称: RHSA-2006:0525

链接:http://www.redhat.com/support/errata/RHSA-2006-0525.html

来源: GENTOO

名称: GLSA-200605-15

链接:http://www.gentoo.org/security/en/glsa/glsa-200605-15.xml

来源: DEBIAN

名称: DSA-1059

链接:http://www.debian.org/security/2006/dsa-1059

来源: SECTRACK

名称: 1016204

链接:http://securitytracker.com/id?1016204

来源: SECUNIA

名称: 20782

链接:http://secunia.com/advisories/20782

来源: SECUNIA

名称: 20421

链接:http://secunia.com/advisories/20421

来源: SECUNIA

名称: 20420

链接:http://secunia.com/advisories/20420

来源: SECUNIA

名称: 20221

链接:http://secunia.com/advisories/20221

来源: SECUNIA

名称: 20138

链接:http://secunia.com/advisories/20138

来源: SECUNIA

名称: 20137

链接:http://secunia.com/advisories/20137

来源: SECUNIA

名称: 20116

链接:http://secunia.com/advisories/20116

来源: SGI

名称: 20060602-01-U

链接:ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc