Vigil@nce - Quagga Routing Suite: denial of service via telnet
March 2017 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An authenticated attacker can make the server allocates an
unbounded amount of memory in a telnet connection to Quagga
Routing Suite, in order to trigger a denial of service.
Impacted products: Fedora, Quagga, RHEL.
Severity: 2/4.
Creation date: 24/01/2017.
DESCRIPTION OF THE VULNERABILITY
The Quagga Routing Suite product provides a telnet service.
However, the server does not limit the amount of memory to be
allocated while reading command.
An authenticated attacker can therefore make the server allocates
an unbounded amount of memory in a telnet connection to Quagga
Routing Suite, in order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/Quagga-Routing-Suite-denial-of-service-via-telnet-21670