Vigil@nce: Quagga, denial of service via ASN4
May 2009 by Vigil@nce
An attacker can use Autonomous System Number on 4 bytes in order
to stop Quagga.
– Severity: 2/4
– Consequences: denial of service of service
– Provenance: intranet client
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 05/05/2009
IMPACTED PRODUCTS
– Debian Linux
– Mandriva Corporate
– Quagga Routing Suite
DESCRIPTION OF THE VULNERABILITY
The RFC 4893 extents the BGP protocol to support ASN (Autonomous
System Number) on 4 bytes, instead of 2 bytes.
The aspath_make_str_count() function of the bgpd/bgp_aspath.c file
of Quagga converts an aspath structure to a string.
However, this function computes the size of the string with ASN on
2 bytes instead of 4 bytes. An assertion error thus occurs and
stops Quagga.
An attacker can therefore use Autonomous System Number on 4 bytes
in order to stop Quagga.
CHARACTERISTICS
– Identifiers: 526270, BID-34817, CVE-2009-1572, DSA 1787-1,
MDVSA-2009:109, VIGILANCE-VUL-8691
– Url: http://vigilance.fr/vulnerability/Quagga-denial-of-service-via-ASN4-8691