[Sysadmins] Fwd: [SA19910] Quagga RIPd RIPv1 Request Handling Security Issue

Michael Shigorin =?iso-8859-1?q?mike_=CE=C1_osdn=2Eorg=2Eua?=
Ср Май 3 16:29:40 MSD 2006


	Здравствуйте.
Кто там кваггу нахваливал?  Чините.

----- Forwarded message from Secunia Security Advisories <sec-adv на secunia.com> -----

TITLE:
Quagga RIPd RIPv1 Request Handling Security Issue

SECUNIA ADVISORY ID:
SA19910

VERIFY ADVISORY:
http://secunia.com/advisories/19910/

CRITICAL:
Less critical

IMPACT:
Security Bypass, Exposure of system information

WHERE:
>From local network

SOFTWARE:
Quagga 0.x
http://secunia.com/product/4731/

DESCRIPTION:
Konstantin V. Gavrilenko has reported two security issues in Quagga,
which can be exploited by malicious people to bypass certain security
restrictions and to disclose system information.

1) An error in RIPd causes RIPv1 RESPONSE packets to be accepted for
routing state update, even when RIPv2 authentication has been
enabled. This can potentially be exploited to inject malicious route
into the RIP daemon.

2) An error in RIPd causes it to respond to RIPv1 SEND UPDATE
requests and to send out routing table information, even when RIPv2
authentication has been enabled. This can potentially be exploited to
obtain route information.

The security issues have been reported in 0.98.3 and 0.99.5. Other
versions may also be affected.

SOLUTION:
The security issues have been fixed in the CVS repositories.

PROVIDED AND/OR DISCOVERED BY:
Konstantin V. Gavrilenko

ORIGINAL ADVISORY:
http://bugzilla.quagga.net/show_bug.cgi?id=261
http://bugzilla.quagga.net/show_bug.cgi?id=262

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

----- End forwarded message -----

-- 
 ---- WBR, Michael Shigorin <mike на altlinux.ru>
  ------ Linux.Kiev http://www.linux.kiev.ua/



Подробная информация о списке рассылки Sysadmins