CVE-2018-5378
published 2018-02-19CVE-2018-5378: The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid…
PriorityP353medium5.9CVSS 3.0
AVNACHPRLUINSUCLINAH
EPSS
74.60%
99.4th percentile
The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may crash.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| quagga | bgpd | >= bpgd < 1.2.3 | 1.2.3 |
| quagga | quagga | <= 1.2.2 | — |
| quagga | quagga | >= 0 < 0.99.22.4-3ubuntu1.5 | 0.99.22.4-3ubuntu1.5 |
| quagga | quagga | >= 0 < 0.99.24.1-2ubuntu1.4 | 0.99.24.1-2ubuntu1.4 |
Detection & IOCsextracted from sources · hover to see the quote
- →Target process is bgpd (Quagga BGP daemon); monitor for out-of-bounds read triggered by a crafted BGP NOTIFY message with an invalid attribute length, which may cause bgpd to crash or leak up to 64KB of process memory to a peer. ↗
- →Vulnerable Quagga bgpd versions are 1.1.0, 1.1.1, 1.2.0, 1.2.1, and 1.2.2; versions 0.99.x are NOT affected. Alert on these specific version strings in asset inventory or package scans. ↗
- →The vulnerability is triggered via a BGP NOTIFY message with an invalid attribute length; inspect BGP (TCP port 179) traffic for NOTIFY messages where the attribute length field exceeds the actual data bounds. ↗
- ·Only Quagga versions after 1.1.0 (specifically 1.1.0–1.2.2) are affected; Quagga 0.99.x (shipped with RHEL 5/6/7/8) is NOT vulnerable. ↗
- ·On Ubuntu, this issue only affected Ubuntu 17.10; other Ubuntu releases were not impacted. ↗
- ·The upstream security advisory and patch are available at the Quagga project security page; reference for patch validation. ↗
CVSS provenance
nvdv3.05.9MEDIUMCVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H
nvdv2.04.9MEDIUMAV:N/AC:M/Au:S/C:P/I:N/A:P
osv5.9MEDIUM
vendor_redhat7.1HIGH
vendor_ubuntu7.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Quagga vulnerabilities
vendor_ubuntu·2018-02-16·CVSS 7.1
CVE-2018-5378 [HIGH] Quagga vulnerabilities
Title: Quagga vulnerabilities
Summary: Several security issues were fixed in Quagga.
It was discovered that a double-free vulnerability existed in the
Quagga BGP daemon when processing certain forms of UPDATE message.
A remote attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2018-5379)
It was discovered that the Quagga BGP daemon did not properly bounds
check the data sent with a NOTIFY to a peer. An attacker could use this
to expose sensitive information or possibly cause a denial of service.
This issue only affected Ubuntu 17.10. (CVE-2018-5378)
It was discovered that a table overrun vulnerability existed in the
Quagga BGP daemon. An attacker in control of a configured peer could
use this to possibly expose sensitive information or possibl
Red Hat
quagga: bgpd does not properly bounds check the data sent with a NOTIFY allowing leak of sensitive data or crash
vendor_redhat·2018-02-15·CVSS 7.1
CVE-2018-5378 [HIGH] CWE-125 quagga: bgpd does not properly bounds check the data sent with a NOTIFY allowing leak of sensitive data or crash
quagga: bgpd does not properly bounds check the data sent with a NOTIFY allowing leak of sensitive data or crash
The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may crash.
An out-of-bounds read vulnerability was discovered in Quagga. A BGP peer could send a specially crafted message which would cause Quagga to read out of bounds, potentially causing a crash or disclosure of up to 64KB process memory to the peer.
Statement: This vulnerability affects Quagga versions after 1.1.0. Versions 0.99.x, included with Red Hat Enterprise Linux, are not affected by this issue.
Package: quagga (Red Hat En
GHSA
GHSA-529c-38p9-5c53: The Quagga BGP daemon (bgpd) prior to version 1
ghsa_unreviewed·2022-05-13
CVE-2018-5378 [MEDIUM] CWE-119 GHSA-529c-38p9-5c53: The Quagga BGP daemon (bgpd) prior to version 1
The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may crash.
OSV
quagga vulnerabilities
osv·2018-02-16·CVSS 5.9
CVE-2018-5379 [MEDIUM] quagga vulnerabilities
quagga vulnerabilities
It was discovered that a double-free vulnerability existed in the
Quagga BGP daemon when processing certain forms of UPDATE message.
A remote attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2018-5379)
It was discovered that the Quagga BGP daemon did not properly bounds
check the data sent with a NOTIFY to a peer. An attacker could use this
to expose sensitive information or possibly cause a denial of service.
This issue only affected Ubuntu 17.10. (CVE-2018-5378)
It was discovered that a table overrun vulnerability existed in the
Quagga BGP daemon. An attacker in control of a configured peer could
use this to possibly expose sensitive information or possibly cause
a denial of service. (CVE-2018-5380)
It was discovered
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2018-5378 quagga: bgpd does not properly bounds check the data sent with a NOTIFY allowing leak of sensitive data or crash [fedora-all]
bugzilla·2018-02-16·CVSS 7.1
CVE-2018-5378 [HIGH] CVE-2018-5378 quagga: bgpd does not properly bounds check the data sent with a NOTIFY allowing leak of sensitive data or crash [fedora-all]
CVE-2018-5378 quagga: bgpd does not properly bounds check the data sent with a NOTIFY allowing leak of sensitive data or crash [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit
Bugzilla
CVE-2018-5378 quagga: bgpd does not properly bounds check the data sent with a NOTIFY allowing leak of sensitive data or crash
bugzilla·2018-02-07·CVSS 7.1
CVE-2018-5378 [HIGH] CVE-2018-5378 quagga: bgpd does not properly bounds check the data sent with a NOTIFY allowing leak of sensitive data or crash
CVE-2018-5378 quagga: bgpd does not properly bounds check the data sent with a NOTIFY allowing leak of sensitive data or crash
The Quagga BGP daemon, bgpd, does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or it may crash.
Affected versions: 1.1.0, 1.1.1, 1.2.0, 1.2.1, 1.2.2
Discussion:
Acknowledgments:
Name: the Quagga project
---
Created attachment 1392686
Upstream patch
---
External References:
https://www.quagga.net/security/Quagga-2018-0543.txt
---
Statement:
This vulnerability affects Quagga versions after 1.1.0. Versions 0.99.x, included with Red Hat Enterprise Linux, are not affected by this issue.
---
Created quagga tracking bugs for
http://savannah.nongnu.org/forum/forum.php?forum_id=9095http://www.kb.cert.org/vuls/id/940439https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-0543.txthttps://security.gentoo.org/glsa/201804-17https://usn.ubuntu.com/3573-1/https://www.debian.org/security/2018/dsa-4115http://savannah.nongnu.org/forum/forum.php?forum_id=9095http://www.kb.cert.org/vuls/id/940439https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-0543.txthttps://security.gentoo.org/glsa/201804-17https://usn.ubuntu.com/3573-1/https://www.debian.org/security/2018/dsa-4115
2018-02-19
Published