CVE-2007-4826: Null Pointer Dereference
First published: Wed Sep 12 2007(Updated: )
bgpd in Quagga before 0.99.9 allows explicitly configured BGP peers to cause a denial of service (crash) via a malformed (1) OPEN message or (2) a COMMUNITY attribute, which triggers a NULL pointer dereference. NOTE: vector 2 only exists when debugging is enabled.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Quagga Routing Software Suite | =0.99.2 | |
| Quagga Routing Software Suite | =0.97.5 | |
| Quagga Routing Software Suite | =0.95 | |
| Quagga Routing Software Suite | =0.98.3 | |
| Quagga Routing Software Suite | =0.96.3 | |
| Quagga Routing Software Suite | =0.99.4 | |
| Quagga Routing Software Suite | =0.99.7 | |
| Quagga Routing Software Suite | =0.99.5 | |
| Quagga Routing Software Suite | =0.96.5 | |
| Quagga Routing Software Suite | =0.98.0 | |
| Quagga Routing Software Suite | =0.96.1 | |
| Quagga Routing Software Suite | =0.98.1 | |
| Quagga Routing Software Suite | =0.96.4 | |
| Quagga Routing Software Suite | =0.98.5 | |
| Quagga Routing Software Suite | =0.97.3 | |
| Quagga Routing Software Suite | =0.99.3 | |
| Quagga Routing Software Suite | <=0.99.8 | |
| Quagga Routing Software Suite | =0.99.6 | |
| Quagga Routing Software Suite | =0.98.6 | |
| Quagga Routing Software Suite | =0.97.4 | |
| Quagga Routing Software Suite | =0.98.4 | |
| Quagga Routing Software Suite | =0.98.2 | |
| Quagga Routing Software Suite | =0.97.1 | |
| Quagga Routing Software Suite | =0.97.0 | |
| Quagga Routing Software Suite | =0.96.2 | |
| Quagga Routing Software Suite | =0.99.1 | |
| Quagga Routing Software Suite | =0.97.2 | |
| Quagga Routing Software Suite | =0.96 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://quagga.net/news2.php?y=2007&m=9&d=7#id1189190760
- http://www.securityfocus.com/bid/25634
- http://secunia.com/advisories/26744
- http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00153.html
- http://www.quagga.net/download/quagga-0.99.9.changelog.txt
- http://www.debian.org/security/2007/dsa-1382
- http://fedoranews.org/updates/FEDORA-2007-219.shtml
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:182
- http://www.trustix.org/errata/2007/0028/
- http://www.ubuntu.com/usn/usn-512-1
- http://secunia.com/advisories/26829
- http://secunia.com/advisories/26863
- http://secunia.com/advisories/27049
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-236141-1
- http://secunia.com/advisories/29743
- http://www.redhat.com/support/errata/RHSA-2010-0785.html
- http://www.vupen.com/english/advisories/2007/3129
- http://www.vupen.com/english/advisories/2008/1195/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36551
Frequently Asked Questions
What is the severity of CVE-2007-4826?
CVE-2007-4826 is classified as a denial-of-service vulnerability.
How do I fix CVE-2007-4826?
To fix CVE-2007-4826, update Quagga to version 0.99.9 or later.
What versions of Quagga are affected by CVE-2007-4826?
CVE-2007-4826 affects Quagga versions 0.95 through 0.99.8.
What type of attacks can exploit CVE-2007-4826?
CVE-2007-4826 can be exploited by sending a malformed OPEN message or COMMUNITY attribute to a BGP peer.
Is debugging mode necessary for CVE-2007-4826 to be exploited?
Debugging mode is not necessary for the initial attack vector but is required for exploiting the COMMUNITY attribute.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/severity
- agent/references
- agent/last-modified-date
- agent/remedy
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/quagga
- canonical/quagga routing software suite
- version/quagga routing software suite/0.99.2
- version/quagga routing software suite/0.97.5
- version/quagga routing software suite/0.95
- version/quagga routing software suite/0.98.3
- version/quagga routing software suite/0.96.3
- version/quagga routing software suite/0.99.4
- version/quagga routing software suite/0.99.7
- version/quagga routing software suite/0.99.5
- version/quagga routing software suite/0.96.5
- version/quagga routing software suite/0.98.0
- version/quagga routing software suite/0.96.1
- version/quagga routing software suite/0.98.1
- version/quagga routing software suite/0.96.4
- version/quagga routing software suite/0.98.5
- version/quagga routing software suite/0.97.3
- version/quagga routing software suite/0.99.3
- version/quagga routing software suite/0.99.8
- version/quagga routing software suite/0.99.6
- version/quagga routing software suite/0.98.6
- version/quagga routing software suite/0.97.4
- version/quagga routing software suite/0.98.4
- version/quagga routing software suite/0.98.2
- version/quagga routing software suite/0.97.1
- version/quagga routing software suite/0.97.0
- version/quagga routing software suite/0.96.2
- version/quagga routing software suite/0.99.1
- version/quagga routing software suite/0.97.2
- version/quagga routing software suite/0.96