Vulnerability Description
bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Quagga | Quagga | <= 0.98.6 |
Related Weaknesses (CWE)
References
- http://bugzilla.quagga.net/show_bug.cgi?id=354
- http://bugzilla.quagga.net/show_bug.cgi?id=355
- http://secunia.com/advisories/24808Vendor Advisory
- http://secunia.com/advisories/25084Vendor Advisory
- http://secunia.com/advisories/25119Vendor Advisory
- http://secunia.com/advisories/25255Vendor Advisory
- http://secunia.com/advisories/25293Vendor Advisory
- http://secunia.com/advisories/25312Vendor Advisory
- http://secunia.com/advisories/25428Vendor Advisory
- http://secunia.com/advisories/29743Vendor Advisory
- http://security.gentoo.org/glsa/glsa-200705-05.xml
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-236141-1
- http://www.debian.org/security/2007/dsa-1293
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:096
- http://www.novell.com/linux/security/advisories/2007_9_sr.html
FAQ
What is CVE-2007-1995?
CVE-2007-1995 is a vulnerability with a CVSS score of 6.3 (MEDIUM). bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers t...
How severe is CVE-2007-1995?
CVE-2007-1995 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-1995?
Check the references section above for vendor advisories and patch information. Affected products include: Quagga Quagga.