CVE-2018-5381 HIGH

Published: 2018-02-19 | Last Modified: 2026-06-17 | Status: Modified

Description

The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI, causing a denial of service.

Additional Descriptions (1)

El demonio Quagga BGP (bgpd), en versiones anteriores a la 1.2.3, tiene un error en su análisis de "Capabilities" en los mensajes BGP OPEN, en la función bgp_packet.c:bgp_capability_msg_parse. El analizador puede entrar en un bucle infinito o invalidar capacidades si una capacidad Multi-Protocol no tiene un AFI/SAFI reconocido, lo que provocaría una denegación de servicio (DoS).

CVSS Metrics

Base Score: 5.0 (MEDIUM)

AV:N/AC:L/Au:N/C:N/I:N/A:P

Access Vector	NETWORK
Access Complexity	LOW
Authentication	NONE
Confidentiality Impact	NONE
Integrity Impact	NONE
Availability Impact	PARTIAL

Source: [email protected]

Type: Primary

Exploitability Score: 10.0

Impact Score: 2.9

Weaknesses

Source	Type	Description
[email protected]	Secondary	en CWE-228
[email protected]	Primary	en CWE-835

Affected Products

Vendor	Product	Version	Update	Type
quagga	quagga	*	<built-in method update of dict object at 0x72a9cc4242c0>	Application
canonical	ubuntu_linux	14.04	<built-in method update of dict object at 0x72a9cc425a80>	Operating System
canonical	ubuntu_linux	16.04	<built-in method update of dict object at 0x72a9cc424280>	Operating System
canonical	ubuntu_linux	17.10	<built-in method update of dict object at 0x72a9cc750500>	Operating System
debian	debian_linux	7.0	<built-in method update of dict object at 0x72a9cc424440>	Operating System
debian	debian_linux	8.0	<built-in method update of dict object at 0x72a9cc424680>	Operating System
debian	debian_linux	9.0	<built-in method update of dict object at 0x72a9e4185b80>	Operating System
siemens	ruggedcom_rox_ii_firmware	*	<built-in method update of dict object at 0x72a9b0d8e080>	Operating System

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:quagga:quagga::::::::`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::`
Yes	`cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::`
Yes	`cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:debian:debian_linux:7.0:::::::*`
Yes	`cpe:2.3:o:debian:debian_linux:8.0:::::::*`
Yes	`cpe:2.3:o:debian:debian_linux:9.0:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:siemens:ruggedcom_rox_ii_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:siemens:ruggedcom_rox_ii:-:::::::*`

References

http://savannah.nongnu.org/forum/forum.php?forum_id=9095
Source: [email protected]

Third Party Advisory
http://www.kb.cert.org/vuls/id/940439
Source: [email protected]

Third Party Advisory US Government Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdf
Source: [email protected]

Mitigation Third Party Advisory
https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1975.txt
Source: [email protected]

Vendor Advisory
https://lists.debian.org/debian-lts-announce/2018/02/msg00021.html
Source: [email protected]

Mailing List Third Party Advisory
https://security.gentoo.org/glsa/201804-17
Source: [email protected]

Third Party Advisory
https://usn.ubuntu.com/3573-1/
Source: [email protected]

Third Party Advisory
https://www.debian.org/security/2018/dsa-4115
Source: [email protected]

Third Party Advisory
http://savannah.nongnu.org/forum/forum.php?forum_id=9095
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
http://www.kb.cert.org/vuls/id/940439
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory US Government Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdf
Source: af854a3a-2127-422b-91ae-364da2661108

Mitigation Third Party Advisory
https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1975.txt
Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory
https://lists.debian.org/debian-lts-announce/2018/02/msg00021.html
Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Third Party Advisory
https://security.gentoo.org/glsa/201804-17
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://usn.ubuntu.com/3573-1/
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://www.debian.org/security/2018/dsa-4115
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory