Quagga BGPD 本地拒绝服务漏洞

CNNVD-ID编号	CNNVD-200605-151
CVE编号	CVE-2006-2276
发布时间	2006-05-09
更新时间	2006-05-10
漏洞类型	资源管理错误
漏洞来源	This issue was disclosed by Fredrik Widell.
危险等级	中危
威胁类型	本地
厂商	quagga

漏洞介绍

Quagga 0.98和0.99 20060504之前版本中的bgpd可以使本地用户借助在telnet接口中输入的sh ip bgp命令，引起拒绝服务(CPU损耗)。

漏洞补丁

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接： Quagga Quagga Routing Software Suite 0.98.3 Debian quagga_0.98.3-7.2_alpha.debDebian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7. 2_alpha.deb Debian quagga_0.98.3-7.2_amd64.debDebian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7. 2_amd64.deb Debian quagga_0.98.3-7.2_arm.debDebian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7. 2_arm.deb Debian quagga_0.98.3-7.2_hppa.debDebian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7. 2_hppa.deb Debian quagga_0.98.3-7.2_i386.deb7.2_arm.debDebian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.http ://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_i3 86.deb7.2_arm.deb Debian quagga_0.98.3-7.2_ia64.debDebian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7. 2_ia64.deb Debian quagga_0.98.3-7.2_m68k.debDebian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7. 2_m68k.deb Debian quagga_0.98.3-7.2_mips.debDebian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7. 2_mips.deb Debian quagga_0.98.3-7.2_mipsel.debDebian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7. 2_mipsel.deb Debian quagga_0.98.3-7.2_powerpc.debDebian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7. 2_powerpc.deb Debian quagga_0.98.3-7.2_s390.debDebian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7. 2_s390.deb Debian quagga_0.98.3-7.2_sparc.debDebian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7. 2_sparc.deb Quagga quagga-0.98.6.tar.gz http://www.quagga.net/download/quagga-0.98.6.tar.gz

参考网址

来源: www.quagga.net

链接：http://www.quagga.net/news2.php?y=2006&m=5&d=4#id1146764580
来源: OSVDB

名称: 25245

链接：http://www.osvdb.org/25245
来源: MLIST

名称: [quagga-dev] 20060329 quagga locks with command sh ip bgp community 1:*

链接：http://lists.quagga.net/pipermail/quagga-dev/2006-March/004052.html
来源: UBUNTU

名称: USN-284-1

链接：http://www.ubuntulinux.org/support/documentation/usn/usn-284-1
来源: BID

名称: 17979

链接：http://www.securityfocus.com/bid/17979
来源: REDHAT

名称: RHSA-2006:0533

链接：http://www.redhat.com/support/errata/RHSA-2006-0533.html
来源: REDHAT

名称: RHSA-2006:0525

链接：http://www.redhat.com/support/errata/RHSA-2006-0525.html
来源: GENTOO

名称: GLSA-200605-15

链接：http://www.gentoo.org/security/en/glsa/glsa-200605-15.xml
来源: DEBIAN

名称: DSA-1059

链接：http://www.debian.org/security/2006/dsa-1059
来源: SECTRACK

名称: 1016204

链接：http://securitytracker.com/id?1016204
来源: SECUNIA

名称: 20782

链接：http://secunia.com/advisories/20782
来源: SECUNIA

名称: 20421

链接：http://secunia.com/advisories/20421
来源: SECUNIA

名称: 20420

链接：http://secunia.com/advisories/20420
来源: SECUNIA

名称: 20221

链接：http://secunia.com/advisories/20221
来源: SECUNIA

名称: 20138

链接：http://secunia.com/advisories/20138
来源: SECUNIA

名称: 20137

链接：http://secunia.com/advisories/20137
来源: SECUNIA

名称: 20116

链接：http://secunia.com/advisories/20116

受影响实体

信息来源

http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200605-151