SB2017112324 - Denial of service in quagga (Alpine package)
Published: November 23, 2017
Security Bulletin ID
SB2017112324
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Denial of service (CVE-ID: CVE-2017-16227)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in the Quagga BGP daemon due to AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message. A remote attacker can іsupply specially crafted BGP UPDATE messages and cause session drop.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=1a8306681c2f74421374270a2a600e7584cee36c
- https://git.alpinelinux.org/aports/commit/?id=6e3ecd37f497c0cfbe5ce695900164b2b2d5c1c7
- https://git.alpinelinux.org/aports/commit/?id=ff979894bb2c6c2cd008c00f23cd6e0789928e35
- https://git.alpinelinux.org/aports/commit/?id=c00451450e78759def5a5ee4cba58a9b2b5c7042