CVE-2009-1572

The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote attackers to cause a denial of service (crash) via an AS path containing ASN elements whose string representation is longer than expected, which triggers an assert error.

🔗 References (38)

• cve@mitrehttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526311
• cve@mitrehttp://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
• cve@mitrehttp://marc.info/?l=quagga-dev&m=123364779626078&w=2
• cve@mitrehttp://secunia.com/advisories/34999
• cve@mitrehttp://secunia.com/advisories/35061
• cve@mitrehttp://secunia.com/advisories/35203
• cve@mitrehttp://secunia.com/advisories/35685
• cve@mitrehttp://thread.gmane.org/gmane.network.quagga.devel/6513
• cve@mitrehttp://www.debian.org/security/2009/dsa-1788
• cve@mitrehttp://www.mandriva.com/security/advisories?name=MDVSA-2009:109
• cve@mitrehttp://www.openwall.com/lists/oss-security/2009/05/01/1
• cve@mitrehttp://www.openwall.com/lists/oss-security/2009/05/01/2
• cve@mitrehttp://www.osvdb.org/54200
• cve@mitrehttp://www.securityfocus.com/bid/34817
• cve@mitrehttp://www.securitytracker.com/id?1022164