CVE-2010-1674
published 2011-03-29CVE-2010-1674: The extended-community parser in bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application…
PriorityP424medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
13.43%
96.0th percentile
The extended-community parser in bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed Extended Communities attribute.
Affected
37 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| quagga | quagga | <= 0.99.17 | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_redhat5.0MEDIUM
vendor_ubuntu5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-p35h-h7x4-jc7g: The extended-community parser in bgpd in Quagga before 0
ghsa_unreviewed·2022-05-14
CVE-2010-1674 [MEDIUM] GHSA-p35h-h7x4-jc7g: The extended-community parser in bgpd in Quagga before 0
The extended-community parser in bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed Extended Communities attribute.
Ubuntu
Quagga vulnerabilities
vendor_ubuntu·2011-03-29·CVSS 5.0
CVE-2010-1675 [MEDIUM] Quagga vulnerabilities
Title: Quagga vulnerabilities
Summary: An attacker could send crafted input to Quagga and cause it to crash.
It was discovered that Quagga incorrectly parsed certain malformed extended
communities. A remote attacker could use this flaw to cause Quagga to
crash, resulting in a denial of service. (CVE-2010-1674)
It was discovered that Quagga resets BGP sessions when encountering
malformed AS_PATHLIMIT attributes. A remote attacker could use this flaw to
disrupt BGP sessions, resulting in a denial of service. This update removes
AS_PATHLIMIT support from Quagga. This issue only affected Ubuntu 8.04 LTS,
9.10, 10.04 LTS and 10.10. (CVE-2010-1675)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
quagga: DoS (crash) by processing malformed extended community attribute in a route
vendor_redhat·2011-03-21·CVSS 5.0
CVE-2010-1674 [MEDIUM] quagga: DoS (crash) by processing malformed extended community attribute in a route
quagga: DoS (crash) by processing malformed extended community attribute in a route
The extended-community parser in bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed Extended Communities attribute.
Statement: Vulnerable. This issue affects quagga packages in Red Hat Enterprise
Linux 4 and 5. The Red Hat Security Response Team has rated this issue
as having low security impact, a future update may address this flaw.
Package: quagga (Red Hat Enterprise Linux 4) - Will not fix
No detection rules found.
Bugzilla
CVE-2010-1674 CVE-2010-1675 quagga various flaws [fedora-all]
bugzilla·2011-03-22·CVSS 5.0
CVE-2010-1674 [MEDIUM] CVE-2010-1674 CVE-2010-1675 quagga various flaws [fedora-all]
CVE-2010-1674 CVE-2010-1675 quagga various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=654603
Please note: this issue affects multiple supported ve
Bugzilla
CVE-2010-1674 quagga: DoS (crash) by processing malformed extended community attribute in a route
bugzilla·2010-11-18·CVSS 5.0
CVE-2010-1674 [MEDIUM] CVE-2010-1674 quagga: DoS (crash) by processing malformed extended community attribute in a route
CVE-2010-1674 quagga: DoS (crash) by processing malformed extended community attribute in a route
A NULL pointer dereference flaw was found in the way Quagga bgpd
daemon processed malformed route information. A configured BGP
peer could crash bgpd on a target system via a BGP message with
specially-crafted value of BGP Extended Communities attribute.
Discussion:
This issue affects the versions of the quagga package, as shipped
with Red Hat Enterprise Linux 4, 5, and 6.
--
This issue affects the versions of the quagga package, as shipped
with Fedora release of 13 and 14.
---
Updated upstream version, addressing this:
http://www.quagga.net/news2.php?y=2011&m=3&d=21#id1300723200
---
Created quagga tracking bugs for this issue
Affects: fedora-all [bug 689852]
---
Statement:
Vulne
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1258.htmlhttp://secunia.com/advisories/43499http://secunia.com/advisories/43770http://secunia.com/advisories/48106http://security.gentoo.org/glsa/glsa-201202-02.xmlhttp://www.debian.org/security/2011/dsa-2197http://www.mandriva.com/security/advisories?name=MDVSA-2011:058http://www.osvdb.org/71259http://www.quagga.net/news2.php?y=2011&m=3&d=21#id1300723200http://www.securityfocus.com/bid/46942http://www.vupen.com/english/advisories/2011/0711https://bugzilla.redhat.com/show_bug.cgi?id=654603https://exchange.xforce.ibmcloud.com/vulnerabilities/66211http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1258.htmlhttp://secunia.com/advisories/43499http://secunia.com/advisories/43770http://secunia.com/advisories/48106http://security.gentoo.org/glsa/glsa-201202-02.xmlhttp://www.debian.org/security/2011/dsa-2197http://www.mandriva.com/security/advisories?name=MDVSA-2011:058http://www.osvdb.org/71259http://www.quagga.net/news2.php?y=2011&m=3&d=21#id1300723200http://www.securityfocus.com/bid/46942http://www.vupen.com/english/advisories/2011/0711https://bugzilla.redhat.com/show_bug.cgi?id=654603https://exchange.xforce.ibmcloud.com/vulnerabilities/66211
2011-03-29
Published