CVE-2018-5381
published 2018-02-19CVE-2018-5381: The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the…
PriorityP348high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
30.66%
98.0th percentile
The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI, causing a denial of service.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| quagga | bgpd | >= bpgd < 1.2.3 | 1.2.3 |
| quagga | quagga | <= 1.2.2 | — |
| quagga | quagga | >= 0 < 0.99.22.4-3ubuntu1.5 | 0.99.22.4-3ubuntu1.5 |
| quagga | quagga | >= 0 < 0.99.24.1-2ubuntu1.4 | 0.99.24.1-2ubuntu1.4 |
| siemens | ruggedcom_rox_ii_firmware | < 2.13.0 | 2.13.0 |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_ubuntu7.1HIGH
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g4qp-j7fc-2xcf: The Quagga BGP daemon (bgpd) prior to version 1
ghsa_unreviewed·2022-05-13
CVE-2018-5381 [HIGH] CWE-835 GHSA-g4qp-j7fc-2xcf: The Quagga BGP daemon (bgpd) prior to version 1
The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI, causing a denial of service.
OSV
quagga vulnerabilities
osv·2018-02-16·CVSS 5.9
CVE-2018-5379 [MEDIUM] quagga vulnerabilities
quagga vulnerabilities
It was discovered that a double-free vulnerability existed in the
Quagga BGP daemon when processing certain forms of UPDATE message.
A remote attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2018-5379)
It was discovered that the Quagga BGP daemon did not properly bounds
check the data sent with a NOTIFY to a peer. An attacker could use this
to expose sensitive information or possibly cause a denial of service.
This issue only affected Ubuntu 17.10. (CVE-2018-5378)
It was discovered that a table overrun vulnerability existed in the
Quagga BGP daemon. An attacker in control of a configured peer could
use this to possibly expose sensitive information or possibly cause
a denial of service. (CVE-2018-5380)
It was discovered
OSV
CVE-2018-5381: The Quagga BGP daemon (bgpd) prior to version 1
osv·2018-02-13·CVSS 7.5
CVE-2018-5381 [HIGH] CVE-2018-5381: The Quagga BGP daemon (bgpd) prior to version 1
The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI, causing a denial of service.
CISA ICS
Siemens RUGGEDCOM ROX II
cisa_ics·2019-04-09·CVSS 7.5
[HIGH] Siemens RUGGEDCOM ROX II
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens RUGGEDCOM ROX II
Last RevisedApril 09, 2019
Alert CodeICSA-19-099-05
## 1. EXECUTIVE SUMMARY
-
CVSS v3 9.8
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Siemens
- Equipment: RUGGEDCOM ROX II
- Vulnerabilities: Double Free, Out-of-bounds Read, Uncontrolled Resource Consumption
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could result in remote code execution and/or a denial-of-service condition.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following RUGGEDCOM product is affected:
- RUGGEDCOM ROX II: All
Ubuntu
Quagga vulnerabilities
vendor_ubuntu·2018-02-16·CVSS 7.1
CVE-2018-5378 [HIGH] Quagga vulnerabilities
Title: Quagga vulnerabilities
Summary: Several security issues were fixed in Quagga.
It was discovered that a double-free vulnerability existed in the
Quagga BGP daemon when processing certain forms of UPDATE message.
A remote attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2018-5379)
It was discovered that the Quagga BGP daemon did not properly bounds
check the data sent with a NOTIFY to a peer. An attacker could use this
to expose sensitive information or possibly cause a denial of service.
This issue only affected Ubuntu 17.10. (CVE-2018-5378)
It was discovered that a table overrun vulnerability existed in the
Quagga BGP daemon. An attacker in control of a configured peer could
use this to possibly expose sensitive information or possibl
Red Hat
quagga: Infinite loop issue triggered by invalid OPEN message allows denial-of-service
vendor_redhat·2018-02-15·CVSS 6.5
CVE-2018-5381 [MEDIUM] CWE-835 quagga: Infinite loop issue triggered by invalid OPEN message allows denial-of-service
quagga: Infinite loop issue triggered by invalid OPEN message allows denial-of-service
The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI, causing a denial of service.
An infinite loop vulnerability was discovered in Quagga. A BGP peer could send specially crafted packets that would cause the daemon to enter an infinite loop, denying service and consuming CPU until it is restarted.
Package: quagga (Red Hat Enterprise Linux 5) - Will not fix
Package: quagga (Red Hat Enterprise Linux 6) - Will not fix
Package: quagga (Red Hat Enterprise Linu
No detection rules found.
No public exploits indexed.
Tenable
Critical Vulnerability in Siemens Spectrum Power (CVE-2019-6579) Patched in Monthly Advisory
blogs_tenable·2019-04-10·CVSS 9.8
[CRITICAL] Critical Vulnerability in Siemens Spectrum Power (CVE-2019-6579) Patched in Monthly Advisory
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Bugzilla
CVE-2018-5381 quagga: Infinite loop issue triggered by invalid OPEN message allows denial-of-service [fedora-all]
bugzilla·2018-02-16·CVSS 6.5
CVE-2018-5381 [MEDIUM] CVE-2018-5381 quagga: Infinite loop issue triggered by invalid OPEN message allows denial-of-service [fedora-all]
CVE-2018-5381 quagga: Infinite loop issue triggered by invalid OPEN message allows denial-of-service [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue
Bugzilla
CVE-2018-5381 quagga: Infinite loop issue triggered by invalid OPEN message allows denial-of-service
bugzilla·2018-02-07·CVSS 6.5
CVE-2018-5381 [MEDIUM] CVE-2018-5381 quagga: Infinite loop issue triggered by invalid OPEN message allows denial-of-service
CVE-2018-5381 quagga: Infinite loop issue triggered by invalid OPEN message allows denial-of-service
The Quagga BGP daemon, bgpd, can enter an infinite loop if sent an invalid
OPEN message by a configured peer.
This problem is triggerable by packets from a configured peer.
When triggered, the bgpd daemon enters an infinite loop and cease to respond
to any other events. BGP sessions will drop and not be reestablished. The
CLI interface will be unresponsive. The bgpd daemon will stay in this state
until it is restarted.
Affects versions of quagga since 0.99.9
If "override-capability" neighbour option is set, all versions are affected.
Discussion:
Acknowledgments:
Name: the Quagga project
---
Created attachment 1392683
Upstream patch
---
External References:
https://www.quagga.ne
http://savannah.nongnu.org/forum/forum.php?forum_id=9095http://www.kb.cert.org/vuls/id/940439https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdfhttps://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1975.txthttps://lists.debian.org/debian-lts-announce/2018/02/msg00021.htmlhttps://security.gentoo.org/glsa/201804-17https://usn.ubuntu.com/3573-1/https://www.debian.org/security/2018/dsa-4115http://savannah.nongnu.org/forum/forum.php?forum_id=9095http://www.kb.cert.org/vuls/id/940439https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdfhttps://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1975.txthttps://lists.debian.org/debian-lts-announce/2018/02/msg00021.htmlhttps://security.gentoo.org/glsa/201804-17https://usn.ubuntu.com/3573-1/https://www.debian.org/security/2018/dsa-4115
2018-02-19
Published