CVE - CVE-2010-2949

CVE-ID
CVE-2010-2949	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
bgpd in Quagga before 0.99.17 does not properly parse AS paths, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unknown AS type in an AS path attribute in a BGP UPDATE message.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:41038 URL:http://secunia.com/advisories/41038 MISC:41238 URL:http://secunia.com/advisories/41238 MISC:42397 URL:http://secunia.com/advisories/42397 MISC:42446 URL:http://secunia.com/advisories/42446 MISC:42498 URL:http://secunia.com/advisories/42498 MISC:42642 URL:http://www.securityfocus.com/bid/42642 MISC:48106 URL:http://secunia.com/advisories/48106 MISC:ADV-2010-2304 URL:~~http://www.vupen.com/english/advisories/2010/2304~~ (Obsolete source) MISC:ADV-2010-3097 URL:~~http://www.vupen.com/english/advisories/2010/3097~~ (Obsolete source) MISC:ADV-2010-3124 URL:~~http://www.vupen.com/english/advisories/2010/3124~~ (Obsolete source) MISC:DSA-2104 URL:http://www.debian.org/security/2010/dsa-2104 MISC:GLSA-201202-02 URL:http://security.gentoo.org/glsa/glsa-201202-02.xml MISC:MDVSA-2010:174 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2010:174~~ (Obsolete source) MISC:RHSA-2010:0945 URL:http://www.redhat.com/support/errata/RHSA-2010-0945.html MISC:SUSE-SR:2010:022 URL:http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html MISC:SUSE-SU-2011:1316 URL:http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html MISC:USN-1027-1 URL:http://www.ubuntu.com/usn/USN-1027-1 MISC:[oss-security] 20100824 CVE Request -- Quagga (bgpd) [two ids] -- 1, Stack buffer overflow by processing crafted Refresh-Route msgs 2, NULL ptr deref by parsing certain AS paths by BGP update request URL:http://www.openwall.com/lists/oss-security/2010/08/24/3 MISC:[oss-security] 20100825 Re: CVE Request -- Quagga (bgpd) [two ids] -- 1, Stack buffer overflow by processing crafted Refresh-Route msgs 2, NULL ptr deref by parsing certain AS paths by BGP update request URL:http://www.openwall.com/lists/oss-security/2010/08/25/4 MISC:http://code.quagga.net/?p=quagga.git%3Ba=commit%3Bh=cddb8112b80fa9867156c637d63e6e79eeac67bb URL:http://code.quagga.net/?p=quagga.git%3Ba=commit%3Bh=cddb8112b80fa9867156c637d63e6e79eeac67bb MISC:http://www.quagga.net/news2.php?y=2010&m=8&d=19 URL:http://www.quagga.net/news2.php?y=2010&m=8&d=19 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=626795 URL:https://bugzilla.redhat.com/show_bug.cgi?id=626795
Assigning CNA
Red Hat, Inc.
Date Record Created
20100804	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20100804)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)

Site Map | Terms of Use | Privacy Policy | Contact Us | Follow CVE

Use of the CVE® List and the associated references from this website are subject to the terms of use. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 1999–2024, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation.