CVE-2017-5495
published 2017-01-24CVE-2017-5495: All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading to a Denial-of-Service of Quagga…
PriorityP352high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
18.80%
96.9th percentile
All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading to a Denial-of-Service of Quagga daemons, or even the entire host. When Quagga daemons are configured with their telnet CLI enabled, anyone who can connect to the TCP ports can trigger this vulnerability, prior to authentication. Most distributions restrict the Quagga telnet interface to local access only by default. The Quagga telnet interface 'vty' input buffer grows automatically, without bound, so long as a newline is not entered. This allows an attacker to cause the Quagga daemon to allocate unbounded memory by sending very long strings without a newline. Eventually the daemon is terminated by the system, or the system itself runs out of memory. This is fixed in Quagga 1.1.1 and Free Range Routing (FRR) Protocol Suite 2017-01-10.
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| quagga | quagga | <= 1.1.0 | — |
| quagga | quagga | >= 0 < 1.1.1-r0 | 1.1.1-r0 |
| quagga | quagga | >= 0 < 1.1.1-r0 | 1.1.1-r0 |
| quagga | quagga | >= 0 < 1.1.1-r0 | 1.1.1-r0 |
| quagga | quagga | >= 0 < 1.1.1-r0 | 1.1.1-r0 |
| quagga | quagga | >= 0 < 1.1.1-r0 | 1.1.1-r0 |
| quagga | quagga | >= 0 < 1.1.1-r0 | 1.1.1-r0 |
| quagga | quagga | >= 0 < 1.1.1-r0 | 1.1.1-r0 |
| quagga | quagga | >= 0 < 1.1.1-r0 | 1.1.1-r0 |
| quagga | quagga | >= 0 < 1.1.1-r0 | 1.1.1-r0 |
| quagga | quagga | >= 0 < 1.1.1-r0 | 1.1.1-r0 |
| quagga | quagga | >= 0 < 1.1.1-r0 | 1.1.1-r0 |
| quagga | quagga | >= 0 < 1.1.1-r0 | 1.1.1-r0 |
| quagga | quagga | >= 0 < 1.1.1-r0 | 1.1.1-r0 |
| quagga | quagga | >= 0 < 1.1.1-r0 | 1.1.1-r0 |
| quagga | quagga | >= 0 < 1.1.1-r0 | 1.1.1-r0 |
| quagga | quagga | >= 0 < 1.1.1-r0 | 1.1.1-r0 |
| quagga | quagga | >= 0 < 1.1.1-r0 | 1.1.1-r0 |
| quagga | quagga | >= 0 < 1.1.1-r0 | 1.1.1-r0 |
| quagga | quagga | >= 0 < 1.1.1-r0 | 1.1.1-r0 |
| quagga | quagga | >= 0 < 0.99.22.4-3ubuntu1.4 | 0.99.22.4-3ubuntu1.4 |
| quagga | quagga | >= 0 < 0.99.24.1-2ubuntu1.3 | 0.99.24.1-2ubuntu1.3 |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
osv7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Quagga vulnerabilities
vendor_ubuntu·2017-10-31·CVSS 7.5
CVE-2017-16227 [HIGH] Quagga vulnerabilities
Title: Quagga vulnerabilities
Summary: Several security issues were fixed in Quagga.
Andreas Jaggi discovered that Quagga incorrectly handled certain BGP UPDATE
messages. A remote attacker could possibly use this issue to cause Quagga
to crash, resulting in a denial of service. (CVE-2017-16227)
Quentin Young discovered that Quagga incorrectly handled memory in the
telnet vty CLI. An attacker able to connect to the telnet interface could
possibly use this issue to cause Quagga to consume memory, resulting in a
denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu
16.04 LTS. (CVE-2017-5495)
Instructions: After a standard system update you need to restart Quagga to make all the
necessary changes.
Red Hat
quagga: Telnet interface input buffer allocates unbounded amounts of memory
vendor_redhat·2017-01-23·CVSS 7.5
CVE-2017-5495 [HIGH] CWE-770 quagga: Telnet interface input buffer allocates unbounded amounts of memory
quagga: Telnet interface input buffer allocates unbounded amounts of memory
All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading to a Denial-of-Service of Quagga daemons, or even the entire host. When Quagga daemons are configured with their telnet CLI enabled, anyone who can connect to the TCP ports can trigger this vulnerability, prior to authentication. Most distributions restrict the Quagga telnet interface to local access only by default. The Quagga telnet interface 'vty' input buffer grows automatically, without bound, so long as a newline is not entered. This allows an attacker to cause the Quagga daemon to allocate unbounded memory by sending very long strings without a newline. Eventually the daemon is termi
GHSA
GHSA-6629-rcxv-r9v7: All versions of Quagga, 0
ghsa_unreviewed·2022-05-14
CVE-2017-5495 [HIGH] CWE-119 GHSA-6629-rcxv-r9v7: All versions of Quagga, 0
All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading to a Denial-of-Service of Quagga daemons, or even the entire host. When Quagga daemons are configured with their telnet CLI enabled, anyone who can connect to the TCP ports can trigger this vulnerability, prior to authentication. Most distributions restrict the Quagga telnet interface to local access only by default. The Quagga telnet interface 'vty' input buffer grows automatically, without bound, so long as a newline is not entered. This allows an attacker to cause the Quagga daemon to allocate unbounded memory by sending very long strings without a newline. Eventually the daemon is terminated by the system, or the system itself runs out of memory. This is fixed i
OSV
quagga vulnerabilities
osv·2017-10-31·CVSS 7.5
CVE-2017-16227 [HIGH] quagga vulnerabilities
quagga vulnerabilities
Andreas Jaggi discovered that Quagga incorrectly handled certain BGP UPDATE
messages. A remote attacker could possibly use this issue to cause Quagga
to crash, resulting in a denial of service. (CVE-2017-16227)
Quentin Young discovered that Quagga incorrectly handled memory in the
telnet vty CLI. An attacker able to connect to the telnet interface could
possibly use this issue to cause Quagga to consume memory, resulting in a
denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu
16.04 LTS. (CVE-2017-5495)
OSV
CVE-2017-5495: All versions of Quagga, 0
osv·2017-01-24·CVSS 7.5
CVE-2017-5495 [HIGH] CVE-2017-5495: All versions of Quagga, 0
All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading to a Denial-of-Service of Quagga daemons, or even the entire host. When Quagga daemons are configured with their telnet CLI enabled, anyone who can connect to the TCP ports can trigger this vulnerability, prior to authentication. Most distributions restrict the Quagga telnet interface to local access only by default. The Quagga telnet interface 'vty' input buffer grows automatically, without bound, so long as a newline is not entered. This allows an attacker to cause the Quagga daemon to allocate unbounded memory by sending very long strings without a newline. Eventually the daemon is terminated by the system, or the system itself runs out of memory. This is fixed i
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2017-5495 quagga: Telnet interface input buffer allocates unbounded amounts of memory [fedora-all]
bugzilla·2017-01-24·CVSS 7.5
CVE-2017-5495 [HIGH] CVE-2017-5495 quagga: Telnet interface input buffer allocates unbounded amounts of memory [fedora-all]
CVE-2017-5495 quagga: Telnet interface input buffer allocates unbounded amounts of memory [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects mu
Bugzilla
CVE-2017-5495 quagga: Telnet interface input buffer allocates unbounded amounts of memory
bugzilla·2017-01-24·CVSS 7.5
CVE-2017-5495 [HIGH] CVE-2017-5495 quagga: Telnet interface input buffer allocates unbounded amounts of memory
CVE-2017-5495 quagga: Telnet interface input buffer allocates unbounded amounts of memory
A vulnerability was found in quagga. Telnet interface input buffer allocates unbounded amounts of memory which leads to Denial-of-service.
References:
http://savannah.nongnu.org/forum/forum.php?forum_id=8783
http://mirror.easyname.at/nongnu//quagga/quagga-1.1.1.changelog.txt
Discussion:
Created quagga tracking bugs for this issue:
Affects: fedora-all [bug 1416017]
---
External References:
https://lists.quagga.net/pipermail/quagga-dev/2017-January/016586.html
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6
Via RHSA-2017:0794 https://rhn.redhat.com/errata/RHSA-2017-0794.html
http://rhn.redhat.com/errata/RHSA-2017-0794.htmlhttp://savannah.nongnu.org/forum/forum.php?forum_id=8783http://www.securityfocus.com/bid/95745http://www.securitytracker.com/id/1037688https://github.com/freerangerouting/frr/pull/63https://lists.quagga.net/pipermail/quagga-dev/2017-January/016586.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0794.htmlhttp://savannah.nongnu.org/forum/forum.php?forum_id=8783http://www.securityfocus.com/bid/95745http://www.securitytracker.com/id/1037688https://github.com/freerangerouting/frr/pull/63https://lists.quagga.net/pipermail/quagga-dev/2017-January/016586.html
2017-01-24
Published