Bug#879474: marked as done (quagga-bgpd: CVE-2017-16227: BGP session termination due to rather long AS paths in update messages)

[Debian Bug Tracking System]

Your message dated Sun, 12 Nov 2017 13:05:28 +0000
with message-id <e1edrx2-0001fy...@fasolo.debian.org>
and subject line Bug#879474: fixed in quagga 1.2.2-1
has caused the Debian Bug report #879474,
regarding quagga-bgpd: CVE-2017-16227: BGP session termination due to rather 
long AS paths in update messages
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
879474: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879474
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: quagga-bgpd
Version: 1.1.1-3
Severity: important
Tags: security upstream

Dear Maintainer,

there is a longstanding bug in quagga where certain BGP update messages
cause a quagga bgpd to drop a session, possibly resulting in loss of
network connectivity.


Details:

Long paths in update messages are segmented in BGP, and the bug is in
the recalculation of the framing information if there are more than two
segments. The resulting data is invalid but will will be used for
redistribution. At least if the receiver is another quagga bgpd, that
message is rejected, eventually resulting in a BGP session termination.

The receiver's log (if written) contains an error message like
| BGP: 172.23.97.181: BGP type 2 length 3074 is too large, attribute total 
length is 2069.  attr_endp is 0x562feb368121.  endp is 0x562feb367d2c
then.

So if a site's BGP peers all run quagga, that site will lose network
connectivity due to frequent session termination. Additionally, the
repeated initial full table transfer will result in a significantly
bigger network load, I've seen around 1 MByte/sec/link, compared to
usually less than one 1 kbyte/sec/link.

Such extremely long AS paths have occured in the global BGP table at
least four times since June. Last time started on Oct 13th around 20:43
UTC and lasted until the following week.

All versions of quagga in Debian are affected.


How to fix:

Kudos to Andreas Jaggi who identified the bug and provided a fix[1].
After some hours of work I was able to reproduce the issue and can
confirm this patch resolves the issues for all versions of quagga in
Debian (wheezy, jessie, stretch = buster = sid). Details about the
setup available upon request, it's just some stuff to write down.


In my opinion this is serious enough to justify a security upload. If
stable security disagrees, please fix this in the next stable point
release.

Regards,
    Christoph

[1] https://lists.quagga.net/pipermail/quagga-dev/2017-September/033284.html
    
http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=7a42b78be9a4108d98833069a88e6fddb9285008

signature.asc
Description: Digital signature

--- End Message ---

--- Begin Message ---

Source: quagga
Source-Version: 1.2.2-1

We believe that the bug you reported is fixed in the latest version of
quagga, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 879...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Scott Leggett <sc...@sl.id.au> (supplier of updated quagga package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 05 Nov 2017 22:11:44 +1100
Source: quagga
Binary: quagga quagga-core quagga-doc quagga-bgpd quagga-isisd quagga-ospf6d 
quagga-ospfd quagga-pimd quagga-ripd quagga-ripngd
Architecture: source amd64 all
Version: 1.2.2-1
Distribution: unstable
Urgency: medium
Maintainer: Scott Leggett <sc...@sl.id.au>
Changed-By: Scott Leggett <sc...@sl.id.au>
Description:
 quagga     - network routing daemons (metapackage)
 quagga-bgpd - BGP4/BGP4+ routing daemon
 quagga-core - network routing daemons (core abstraction layer)
 quagga-doc - network routing daemons (documentation)
 quagga-isisd - IS-IS routing daemon
 quagga-ospf6d - OSPF6 routing daemon
 quagga-ospfd - OSPF routing daemon
 quagga-pimd - PIM routing daemon
 quagga-ripd - RIPv1 routing daemon
 quagga-ripngd - RIPng routing daemon
Closes: 847106 857187 879474 879971 880522
Changes:
 quagga (1.2.2-1) unstable; urgency=medium
 .
   * New upstream release (Closes: #879474, #857187).
   * Rework patches to apply against new upstream version.
   * Change zebra daemon GID to allow writing to /run/quagga (Closes: #880522).
   * Change group permissions on Quagga.conf (Closes: #847106).
   * Add missing build-dep on libc-ares-dev.
   * Add patch for documentation fixes (Closes: #879971).
Checksums-Sha1:
 5b4a661ac8edd5a477014716bb6bec090809926d 2593 quagga_1.2.2-1.dsc
 5aad3aca1ba179af6b70ba18afbc9c11c0b2f32b 2231866 quagga_1.2.2.orig.tar.gz
 34dfccf71682e6a950b178757ebc2a661c1411d9 32788 quagga_1.2.2-1.debian.tar.xz
 60ca22e2da4d8e5a3c394714595c0c18851587db 716852 
quagga-bgpd-dbgsym_1.2.2-1_amd64.deb
 0b438bdda2b4343071ea081b9a91b4e224dca322 255440 quagga-bgpd_1.2.2-1_amd64.deb
 bc60b8df14bb2846aed8996eb0045fac2fe80c76 1385280 
quagga-core-dbgsym_1.2.2-1_amd64.deb
 8ffd0137b2bba9a6ffa142926571e39e88fbf299 540488 quagga-core_1.2.2-1_amd64.deb
 e2b48cbaaefdaeed7180f41ec8b60e85d52468cd 884596 quagga-doc_1.2.2-1_all.deb
 d9b4e211a45067366fdcab770f8d87ed8ed76807 324600 
quagga-isisd-dbgsym_1.2.2-1_amd64.deb
 98a1b03c1cf6a520e454c3850274fcfce3bd1370 125052 quagga-isisd_1.2.2-1_amd64.deb
 59678891ba7147ae6b6eeb918ecc6c223a917b8b 300800 
quagga-ospf6d-dbgsym_1.2.2-1_amd64.deb
 8a6166edcac4295c66201bad2a27851031a1f544 123248 quagga-ospf6d_1.2.2-1_amd64.deb
 99aa06696f5d8077d5e00f8f9e355456da7d373b 22924 
quagga-ospfd-dbgsym_1.2.2-1_amd64.deb
 8c01c62bd7492478030d9912f1a848b491fb14b2 31696 quagga-ospfd_1.2.2-1_amd64.deb
 fbba52f3fc61833a2e2216bb9b6bc58e18d0284b 283720 
quagga-pimd-dbgsym_1.2.2-1_amd64.deb
 31661bd5197410867bffc3f76178fd537d81878a 112076 quagga-pimd_1.2.2-1_amd64.deb
 9c8243e5f9a2576b76e9361cd91cd46182eb7b58 123628 
quagga-ripd-dbgsym_1.2.2-1_amd64.deb
 5ce9ef25a407798b121fd687a3849ebe44c28a0b 64368 quagga-ripd_1.2.2-1_amd64.deb
 7b39b50ce18d0e76d2f7951db1ec4bb2a492d623 108260 
quagga-ripngd-dbgsym_1.2.2-1_amd64.deb
 fc944a8014f3c9c58cd34fbec15cd6c6302ed40b 56640 quagga-ripngd_1.2.2-1_amd64.deb
 4d280cd89ec207150362036da45d8a45df9aef18 14094 quagga_1.2.2-1_amd64.buildinfo
 d63e647a9fd4eca5d9ced152b31bc3569526a37a 23020 quagga_1.2.2-1_amd64.deb
Checksums-Sha256:
 2e97f0ae5b81b5a1f1092f454510f5e1bdc538d8f4921e5ac4b337af3709cc5e 2593 
quagga_1.2.2-1.dsc
 475bd3ccef6c20839d70b82e22b33ee521759aee6249511bff4cbf1b9669e06b 2231866 
quagga_1.2.2.orig.tar.gz
 53296f89b408dab8e1687c2ac8b9a4ebb4d84210d5f59ed17521d2c0f017c415 32788 
quagga_1.2.2-1.debian.tar.xz
 2a0ea84db6fb60a65d69c942e56f1cb05e3e4b0ee8ef29a7a00f0108cbbf1647 716852 
quagga-bgpd-dbgsym_1.2.2-1_amd64.deb
 4204150052a2806b679ffe89d0de0038e375a293575d3024dc5bed5be38f3651 255440 
quagga-bgpd_1.2.2-1_amd64.deb
 c2e43ce27ae32bd917a67470c917f9a51bdb624336c9dd3853a78bd891a56987 1385280 
quagga-core-dbgsym_1.2.2-1_amd64.deb
 e78d2ec10759daa2a861131e444bb83f8a9ff24fef14b78cecc2dffc9bf88473 540488 
quagga-core_1.2.2-1_amd64.deb
 604fb59cc39cef9d41d6352b08791350c5c4abeded79ad50a36f66b363ef1583 884596 
quagga-doc_1.2.2-1_all.deb
 8a161d03516ee39ca1720221ea2a0477e45cf19fcf0318514d598da8939e8ea6 324600 
quagga-isisd-dbgsym_1.2.2-1_amd64.deb
 58c7bb6836337aaaa3a675dc22d4082f9508fb772d8f14105f034717515f1640 125052 
quagga-isisd_1.2.2-1_amd64.deb
 8572d18a940156038b2f3ef512753cde594457d5ad8694ae39266193889a5244 300800 
quagga-ospf6d-dbgsym_1.2.2-1_amd64.deb
 3ca8f400cc2b0e9735ce56bfe11624ca4fa3a174641ac1362c24e0978aa22787 123248 
quagga-ospf6d_1.2.2-1_amd64.deb
 3f9559743b3e0a05f487559bf1af8c8157d0ad2f85ae7ea478340b469213d967 22924 
quagga-ospfd-dbgsym_1.2.2-1_amd64.deb
 9c12b434c21daeefcc0309e450a2dd1941b216205444c127968ac9b642780307 31696 
quagga-ospfd_1.2.2-1_amd64.deb
 07ee72615d4503837ecf1e6fadb0333758513674cf02dfeb65ea7de16286e329 283720 
quagga-pimd-dbgsym_1.2.2-1_amd64.deb
 790e42c9cefb0db33b0621ef06cd1207fe65034174b33650992e76c20bbf3aa9 112076 
quagga-pimd_1.2.2-1_amd64.deb
 c9c2928790744dfdc5e1eb0862ee555e2577280c02c6b81bf8db56383c808a40 123628 
quagga-ripd-dbgsym_1.2.2-1_amd64.deb
 d935d1206d349be8815e9acdb7fd807f831d566bf53ce7f2acb0d1a834117dbe 64368 
quagga-ripd_1.2.2-1_amd64.deb
 bc173c54dbc9b02839fcc33f59f786287fe93d172ca50b67e7760a8007c07825 108260 
quagga-ripngd-dbgsym_1.2.2-1_amd64.deb
 f4296c1d2f17d54deb8e99699b0f81d7bdfa04a464ad2e85078f971c5b572751 56640 
quagga-ripngd_1.2.2-1_amd64.deb
 a6d9218cf3c335150f5134a23bb23288d6c7969657527ad317677a365004d32d 14094 
quagga_1.2.2-1_amd64.buildinfo
 220e97097547e9ef17d478c9ae72ab1c8be833d45b1e05f5e8015cffb7f0362e 23020 
quagga_1.2.2-1_amd64.deb
Files:
 df4ad21254d75a416bb1ad16be726d97 2593 net optional quagga_1.2.2-1.dsc
 3b04d0343c87229328c45978a4c599ba 2231866 net optional quagga_1.2.2.orig.tar.gz
 1b05633a8e916215300e9cadf168b6ff 32788 net optional 
quagga_1.2.2-1.debian.tar.xz
 81e8e0439eb9b8d79df2f14f129aea2b 716852 debug optional 
quagga-bgpd-dbgsym_1.2.2-1_amd64.deb
 2f18f90b7b4ba5f478ddbe22720c37bc 255440 net optional 
quagga-bgpd_1.2.2-1_amd64.deb
 422c10276a00c03184cb00ee2c6ce55f 1385280 debug optional 
quagga-core-dbgsym_1.2.2-1_amd64.deb
 d0b4be0f3158869745b8981c9832cf8b 540488 net optional 
quagga-core_1.2.2-1_amd64.deb
 8d0df6ee3a406200b76f39157fac25a4 884596 doc optional quagga-doc_1.2.2-1_all.deb
 d456d99588f42c28dbf76a97aa1219d1 324600 debug optional 
quagga-isisd-dbgsym_1.2.2-1_amd64.deb
 b906e8988abaae1d284fd0d551d4c84a 125052 net optional 
quagga-isisd_1.2.2-1_amd64.deb
 37cf06f5068068820fc56000b495a0ed 300800 debug optional 
quagga-ospf6d-dbgsym_1.2.2-1_amd64.deb
 71ccde1c3495c077cc34d1da16860fe7 123248 net optional 
quagga-ospf6d_1.2.2-1_amd64.deb
 bff79dc86d4dd559fdbeb9d91f618e63 22924 debug optional 
quagga-ospfd-dbgsym_1.2.2-1_amd64.deb
 98ca5d7607d740d6d8ebf1aeadfbfc97 31696 net optional 
quagga-ospfd_1.2.2-1_amd64.deb
 df2a41467110095b43f77d5a777da235 283720 debug optional 
quagga-pimd-dbgsym_1.2.2-1_amd64.deb
 f1fb4308c8ddca35c52fa02c18096587 112076 net optional 
quagga-pimd_1.2.2-1_amd64.deb
 232d1bb4974d1ff61c9b0bceba5c1ba5 123628 debug optional 
quagga-ripd-dbgsym_1.2.2-1_amd64.deb
 22837ccdc91d22da1603c84180683105 64368 net optional 
quagga-ripd_1.2.2-1_amd64.deb
 d2bc1b58750d01facb8fa1651306003a 108260 debug optional 
quagga-ripngd-dbgsym_1.2.2-1_amd64.deb
 568a7d3aa7b7592740ba13e098f38ade 56640 net optional 
quagga-ripngd_1.2.2-1_amd64.deb
 ebb70a02a2550b48e41c3e1a6b2edc0a 14094 net optional 
quagga_1.2.2-1_amd64.buildinfo
 d7f24d6163f769b25a85a04d59899b8a 23020 net optional quagga_1.2.2-1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEErvI0h2bzccaJpzYAlaQv6DU1JfkFAloIRDMQHGJlcm5hdEBs
dWZmeS5jeAAKCRCVpC/oNTUl+RBZEACWMCHLBLm2oYoTeYEF79BN22yRS0iE/843
VghsMXoe0kkDlkLud2fQMzo/82Cu8jNcvCIzWhXxd12Xtqf88452MpmvaM1er7js
bQDycYiDlGVN1N0a/DijoSq9KC0LDbciZNAVpL/7xm5j/8qHz2n5iCz+5kwdToxF
abLpAT072+0PhDNh0PW1guhAWmguJ4dyeAUrJ4dzfHCZqx5FxU+L4H3diHSZnbI7
JYuMrU8R31RLsAkERyk58KQNfb0pe4NqQM2qdOblBf0/ZJ0Aw1Wc4KAhaCAvB9uR
v//Fb8fADkMFNDLbC6Vn5JfzGuywBsYrE1tneo+Zs3imECV/nVeo2xFQcORbZm/4
B0Qk49i/lxd6vjBVDk0TDp+INF4vv5mJgnbUhkXOSsKvu/L705YOACqMynUQyHvl
ziGRt0LJF42CcPeHh1C8vlLHPZcII1JnhlAlgPA7Wtg75Qau0AbVkd0U+7pX+9G+
2+TRLKTpwx8ceyglOoozn6AMDjk1752WLRJyTcGwXiaIGpb+jrKCkoZkDzGBJwp1
m0iUkx7g1VqGh/5r3IOrGpEi3qsCgUWko6f15FV81F3jDcHPugs1XaASi7eSrt/W
Nw/ZmBBnTjvORbRoUSA6gsbzhSSDxpmgVcrUO6sEAxIFf4FthU2KVXTN1aaNzI41
FNOhatdeGw==
=3AvB
-----END PGP SIGNATURE-----

--- End Message ---