Vigil@nce: Quagga, denial of service via ASN4
May 2009 by Vigil@nce
An attacker can use Autonomous System Number on 4 bytes in order to stop Quagga.
Consequences: denial of service of service
Provenance: intranet client
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 05/05/2009
Quagga Routing Suite
DESCRIPTION OF THE VULNERABILITY
The RFC 4893 extents the BGP protocol to support ASN (Autonomous System Number) on 4 bytes, instead of 2 bytes.
The aspath_make_str_count() function of the bgpd/bgp_aspath.c file of Quagga converts an aspath structure to a string.
However, this function computes the size of the string with ASN on 2 bytes instead of 4 bytes. An assertion error thus occurs and stops Quagga.
An attacker can therefore use Autonomous System Number on 4 bytes in order to stop Quagga.
Identifiers: 526270, BID-34817, CVE-2009-1572, DSA 1787-1,