Hi, The text for CVE-2017-5495 submitted to MITRE:
CVE-2017-5495. [Suggested description] All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading to a Denial-of-Service of Quagga daemons, or even the entire host. When Quagga daemons are configured with their telnet CLI enabled, anyone who can connect to the TCP ports can trigger this vulnerability, prior to authentication. Most distributions restrict the Quagga telnet interface to local access only by default. The Quagga telnet interface 'vty' input buffer grows automatically, without bound, so long as a newline is not entered. This allows an attacker to cause the Quagga daemon to allocate unbounded memory by sending very long strings without a newline. Eventually the daemon is terminated by the system, or the system itself runs out of memory. ------------------------------------------ [VulnerabilityType Other] Unlimited buffer growth without authentication ------------------------------------------ [Additional Information] Fixed in Quagga 1.1.1 ------------------------------------------ [Vendor of Product] Quagga Routing Software Suite ------------------------------------------ [Affected Product Code Base] Quagga routing daemons via VTY - 0.93 to 1.1.0. ------------------------------------------ [Affected Component] VTY interface for all daemons: zebra, ripd, ripngd, ospfd, bgpd, ospf6d, isisd, pimd, ldpd. Through the source file lib/vty.c ------------------------------------------ [Attack Type] Remote. Local, where the telnet interface is configured to listen only to localhost, which is the default on distributions such as Debian, CentOS, Fedora and RHEL. None where the telnet interface has been disabled. ------------------------------------------ [Impact Denial of Service] true ------------------------------------------ [Attack Vectors] Memory exhaustion by sending large buffers of ASCII data without newlines to one or more of TCP ports 2601-2608,2611, and 2612 (routing daemon VTY ports). No authentication is required. ------------------------------------------ [Reference] ------------------------------------------ [Has vendor confirmed or acknowledged the vulnerability?] true ------------------------------------------ [Discoverer] Quentin Young <[email protected]> regards, -- Paul Jakma | [email protected] | @pjakma | Key ID: 0xD86BF79464A2FF6A Fortune: Mountain Dew and doughnuts... because breakfast is the most important meal of the day. _______________________________________________ Quagga-dev mailing list [email protected] https://lists.quagga.net/mailman/listinfo/quagga-dev
