Vulnerability Details : CVE-2009-1572
The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote attackers to cause a denial of service (crash) via an AS path containing ASN elements whose string representation is longer than expected, which triggers an assert error.
Vulnerability category: Denial of service
Products affected by CVE-2009-1572
- cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.95:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.96.2:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.96.1:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.96:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.98.5:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.99.3:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.98.0:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.98.1:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.97.3:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.97.4:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.98.4:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.97.0:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.96.4:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.98.2:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.98.3:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.97.5:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.96.5:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.97.1:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.97.2:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.96.3:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.99.2:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.99.6:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.99.4:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.99.7:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.99.5:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.98.6:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.99.1:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.99.9:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.99.10:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.99.8:*:*:*:*:*:*:*
Threat overview for CVE-2009-1572
Top countries where our scanners detected CVE-2009-1572
Top open port discovered on systems with this issue
2601
IPs affected by CVE-2009-1572 541
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2009-1572!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2009-1572
11.64%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-1572
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
Vendor statements for CVE-2009-1572
-
Red Hat 2009-05-18Not vulnerable. This issue did not affect the versions of zebra as shipped with Red Hat Enterprise Linux 2.1, and the versions of quagga as shipped with Red Hat Enterprise Linux 3, 4, or 5.
References for CVE-2009-1572
-
http://www.ubuntu.com/usn/usn-775-1
USN-775-1: Quagga vulnerability | Ubuntu security notices | Ubuntu
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/50317
Quagga autonomous system number denial of service CVE-2009-1572 Vulnerability Report
-
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01037.html
[SECURITY] Fedora 10 Update: quagga-0.99.12-1.fc10
-
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526311
#526311 - quagga: bgpd crashes - Debian Bug report logsExploit;Patch
-
http://thread.gmane.org/gmane.network.quagga.devel/6513
Exploit
-
http://www.securitytracker.com/id?1022164
Access Denied
-
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2009:012 - openSUSE Security Announce - openSUSE Mailing Lists
-
http://www.mandriva.com/security/advisories?name=MDVSA-2009:109
Mandriva
-
http://www.debian.org/security/2009/dsa-1788
Debian -- The Universal Operating SystemPatch
-
http://marc.info/?l=quagga-dev&m=123364779626078&w=2
'[quagga-dev 6391] [PATCH] BGP 4-byte ASN bug fixes' - MARCExploit;Patch
-
http://www.securityfocus.com/bid/34817
-
http://www.openwall.com/lists/oss-security/2009/05/01/1
oss-security - CVE request (sort of): Quagga BGP crasher
-
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01107.html
[SECURITY] Fedora 11 Update: quagga-0.99.12-1.fc11
-
http://www.openwall.com/lists/oss-security/2009/05/01/2
oss-security - Re: CVE request (sort of): Quagga BGP crasher
Jump to