bugzilla-daemon at allevil
Apr 8, 2007, 3:40 PM
Views: 700
Permalink
|
|
[Bug 354] New: bgpd vulnerable to DoS by configured peers
|
|
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug
report.
http://bugzilla.quagga.net/show_bug.cgi?id=354
Summary: bgpd vulnerable to DoS by configured peers
Product: Quagga
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: Very High
Component: bgpd
AssignedTo: maintainers [at] quagga
ReportedBy: paul [at] dishone
bgpd fails to properly validate length information retrieved from MP_REACH_NLRI
and MP_UNREACH_NLRI attributes. This can cause bgpd to attempt to request
information from beyond the bound of a packet, via the stream API. This may lead to:
- When the code is compiled with DEBUG enabled, such that assert() is enabled
(typically the case for most packages of Quagga): An assert in the lib/stream.c
code, when asked to retrieve a value out of bounds for the buffer. This causes
bgpd to exit,
Impact: Denial-of-Service.
- When DEBUG is not enabled, such that assert() does nothing (atypical): bgpd
will read from memory beyond that allocated to the buffer. Potentially invalid
memory.
Impact: Possible DoS. Not known to be exploitable at this time.
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
_______________________________________________
Quagga-bugs mailing list
Quagga-bugs [at] lists
http://lists.quagga.net/mailman/listinfo/quagga-bugs
|
[Bug 354] New: bgpd vulnerable to DoS by configured peers