Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2007-4826

bgpd in Quagga before 0.99.9 allows explicitly configured BGP peers to cause a denial of service (crash) via a malformed (1) OPEN message or (2) a COMMUNITY attribute, which triggers a NULL pointer dereference. NOTE: vector 2 only exists when debugging is enabled.

Published

2007-09-12T10:17:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 3.5 (LOW)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

6.8

Impact Score

2.9

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	quagga	quagga	≤ 0.99.8	Yes
Application	quagga	quagga	0.95	Yes
Application	quagga	quagga	0.96	Yes
Application	quagga	quagga	0.96.1	Yes
Application	quagga	quagga	0.96.2	Yes
Application	quagga	quagga	0.96.3	Yes
Application	quagga	quagga	0.96.4	Yes
Application	quagga	quagga	0.96.5	Yes
Application	quagga	quagga	0.97.0	Yes
Application	quagga	quagga	0.97.1	Yes
Application	quagga	quagga	0.97.2	Yes
Application	quagga	quagga	0.97.3	Yes
Application	quagga	quagga	0.97.4	Yes
Application	quagga	quagga	0.97.5	Yes
Application	quagga	quagga	0.98.0	Yes
Application	quagga	quagga	0.98.1	Yes
Application	quagga	quagga	0.98.2	Yes
Application	quagga	quagga	0.98.3	Yes
Application	quagga	quagga	0.98.4	Yes
Application	quagga	quagga	0.98.5	Yes
Application	quagga	quagga	0.98.6	Yes
Application	quagga	quagga	0.99.1	Yes
Application	quagga	quagga	0.99.2	Yes
Application	quagga	quagga	0.99.3	Yes
Application	quagga	quagga	0.99.4	Yes
Application	quagga	quagga	0.99.5	Yes
Application	quagga	quagga	0.99.6	Yes
Application	quagga	quagga	0.99.7	Yes

References

http://fedoranews.org/updates/FEDORA-2007-219.shtml ([email protected])
http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00153.html ([email protected])
http://quagga.net/news2.php?y=2007&m=9&d=7#id1189190760 Patch ([email protected])
http://secunia.com/advisories/26744 Patch, Vendor Advisory ([email protected])
http://secunia.com/advisories/26829 Vendor Advisory ([email protected])
http://secunia.com/advisories/26863 Vendor Advisory ([email protected])
http://secunia.com/advisories/27049 Vendor Advisory ([email protected])
http://secunia.com/advisories/29743 Vendor Advisory ([email protected])
http://sunsolve.sun.com/search/document.do?assetkey=1-26-236141-1 ([email protected])
http://www.debian.org/security/2007/dsa-1382 ([email protected])
http://www.mandriva.com/security/advisories?name=MDKSA-2007:182 ([email protected])
http://www.quagga.net/download/quagga-0.99.9.changelog.txt ([email protected])
http://www.redhat.com/support/errata/RHSA-2010-0785.html ([email protected])
http://www.securityfocus.com/bid/25634 Patch ([email protected])
http://www.trustix.org/errata/2007/0028/ ([email protected])
http://www.ubuntu.com/usn/usn-512-1 ([email protected])
http://www.vupen.com/english/advisories/2007/3129 Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2008/1195/references Vendor Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/36551 ([email protected])
http://fedoranews.org/updates/FEDORA-2007-219.shtml (af854a3a-2127-422b-91ae-364da2661108)
http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00153.html (af854a3a-2127-422b-91ae-364da2661108)
http://quagga.net/news2.php?y=2007&m=9&d=7#id1189190760 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26744 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26829 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26863 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/27049 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/29743 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://sunsolve.sun.com/search/document.do?assetkey=1-26-236141-1 (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2007/dsa-1382 (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDKSA-2007:182 (af854a3a-2127-422b-91ae-364da2661108)
http://www.quagga.net/download/quagga-0.99.9.changelog.txt (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2010-0785.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/25634 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.trustix.org/errata/2007/0028/ (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/usn-512-1 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2007/3129 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2008/1195/references Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/36551 (af854a3a-2127-422b-91ae-364da2661108)