Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2006-2276: bgpd denial of service in bgpd telnet interface

Related Vulnerabilities: CVE-2006-2276  

Source

Debian Bug report logs - #366980
CVE-2006-2276: bgpd denial of service in bgpd telnet interface

version graph

Package: quagga; Maintainer for quagga is Brett Parker <iDunno@sommitrealweird.co.uk>; Source for quagga is src:quagga (PTS, buildd, popcon).

Reported by: Stefan Fritsch <sf@sfritsch.de>

Date: Fri, 12 May 2006 16:18:11 UTC

Severity: important

Tags: fixed, security

Fixed in version quagga/0.99.4-1

Done: Christian Hammers <ch@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Christian Hammers <ch@debian.org>:
Bug#366980; Package quagga. (full text, mbox, link).

Acknowledgement sent to Stefan Fritsch <sf@sfritsch.de>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Christian Hammers <ch@debian.org>. (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Stefan Fritsch <sf@sfritsch.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2006-2276: bgpd denial of service in bgpd telnet interface
Date: Fri, 12 May 2006 18:03:35 +0200
Package: quagga
Severity: important
Tags: security

CVE-2006-2276:
bgpd in Quagga 0.98 and 0.99 before 20060504 allows local users to
cause a denial of service (CPU consumption) via a certain sh ip bgp
command entered in the telnet interface.

See
http://www.quagga.net/news2.php?y=2006&m=5&d=4#id1146764580

Reply sent to Christian Hammers <ch@debian.org>:
You have taken responsibility. (full text, mbox, link).

Notification sent to Stefan Fritsch <sf@sfritsch.de>:
Bug acknowledged by developer. (full text, mbox, link).

Message #10 received at 366980-close@bugs.debian.org (full text, mbox, reply):

From: Christian Hammers <ch@debian.org>
To: 366980-close@bugs.debian.org
Subject: Bug#366980: fixed in quagga 0.99.4-1
Date: Sat, 13 May 2006 14:34:02 -0700
Source: quagga
Source-Version: 0.99.4-1

We believe that the bug you reported is fixed in the latest version of
quagga, which is due to be installed in the Debian FTP archive:

quagga-doc_0.99.4-1_all.deb
  to pool/main/q/quagga/quagga-doc_0.99.4-1_all.deb
quagga_0.99.4-1.diff.gz
  to pool/main/q/quagga/quagga_0.99.4-1.diff.gz
quagga_0.99.4-1.dsc
  to pool/main/q/quagga/quagga_0.99.4-1.dsc
quagga_0.99.4-1_amd64.deb
  to pool/main/q/quagga/quagga_0.99.4-1_amd64.deb
quagga_0.99.4.orig.tar.gz
  to pool/main/q/quagga/quagga_0.99.4.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 366980@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christian Hammers <ch@debian.org> (supplier of updated quagga package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat, 13 May 2006 19:54:40 +0200
Source: quagga
Binary: quagga quagga-doc
Architecture: source amd64 all
Version: 0.99.4-1
Distribution: unstable
Urgency: low
Maintainer: Christian Hammers <ch@debian.org>
Changed-By: Christian Hammers <ch@debian.org>
Description: 
 quagga     - unoff. successor of the Zebra BGP/OSPF/RIP routing daemon
 quagga-doc - documentation files for quagga
Closes: 366980
Changes: 
 quagga (0.99.4-1) unstable; urgency=low
 .
   * New upstream release to fix a security problem in the telnet interface
     of the BGP daemon which could be used for DoS attacks (CVE-2006-2276).
     Closes: 366980
Files: 
 a09089020497056069bad7b893732131 752 net optional quagga_0.99.4-1.dsc
 a75d3f5ed0b3354274c28d195e3f6479 2207774 net optional quagga_0.99.4.orig.tar.gz
 9699db4e06a58a7fc6f930363b8857c3 27252 net optional quagga_0.99.4-1.diff.gz
 dc614819d075ac71c2df2c8c429301e8 524832 net optional quagga-doc_0.99.4-1_all.deb
 6d959a54974636421aec36168f3dcb0c 1410394 net optional quagga_0.99.4-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iEYEARECAAYFAkRmTPIACgkQkR9K5oahGObhPQCgylx7gSH4WRFUmTNfDHupndJN
PWUAn1CtQ1FSj5v0HWUUUPQUMOXWmtnf
=roSo
-----END PGP SIGNATURE-----

Tags added: fixed Request was from Martin Schulze <joey@infodrom.org> to control@bugs.debian.org. (full text, mbox, link).

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 26 Jun 2007 18:05:26 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 15:26:57 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started