Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2010-2949

Published: 10/09/2010 Updated: 13/02/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Quagga

Vulnerability Summary

bgpd in Quagga prior to 0.99.17 does not properly parse AS paths, which allows remote malicious users to cause a denial of service (NULL pointer dereference and daemon crash) via an unknown AS type in an AS path attribute in a BGP UPDATE message.

Vulnerable Product Search on Vulmon Subscribe to Product

quagga quagga 0.99.11

quagga quagga 0.99.2

quagga quagga 0.97.5

quagga quagga 0.95

quagga quagga 0.98.3

quagga quagga 0.96.3

quagga quagga 0.99.4

quagga quagga 0.99.7

quagga quagga 0.99.14

quagga quagga 0.99.5

quagga quagga 0.96.5

quagga quagga 0.98.0

quagga quagga

quagga quagga 0.96.1

quagga quagga 0.98.1

quagga quagga 0.96.4

quagga quagga 0.98.5

quagga quagga 0.97.3

quagga quagga 0.99.3

quagga quagga 0.99.13

quagga quagga 0.99.6

quagga quagga 0.98.6

quagga quagga 0.97.4

quagga quagga 0.98.4

quagga quagga 0.99.12

quagga quagga 0.98.2

quagga quagga 0.97.1

quagga quagga 0.97.0

quagga quagga 0.96.2

quagga quagga 0.99.9

quagga quagga 0.99.1

quagga quagga 0.97.2

quagga quagga 0.99.15

quagga quagga 0.99.10

quagga quagga 0.99.8

quagga quagga 0.96

Vendor Advisories

Debian CVElist Bug Report Logs: quagga: Two BGP security problems fixed in 0.99.17
Debian Bug report logs - #594262 quagga: Two BGP security problems fixed in 09917 Package: quagga; Maintainer for quagga is Brett Parker <iDunno@sommitrealweirdcouk>; Source for quagga is src:quagga (PTS, buildd, popcon) Reported by: Christian Hammers <ch@debianorg> Date: Tue, 24 Aug 2010 23:21:02 UTC Severity: ...
Ubuntu Security Notice: quagga vulnerabilities
It was discovered that Quagga incorrectly handled certain Outbound Route Filtering (ORF) records A remote authenticated attacker could use this flaw to cause a denial of service or potentially execute arbitrary code The default compiler options for Ubuntu 804 LTS and later should reduce the vulnerability to a denial of service (CVE-2010-2948) ...

References

NVD-CWE-Otherhttp://www.vupen.com/english/advisories/2010/2304http://www.quagga.net/news2.php?y=2010&m=8&d=19http://secunia.com/advisories/41238http://www.openwall.com/lists/oss-security/2010/08/25/4http://www.debian.org/security/2010/dsa-2104https://bugzilla.redhat.com/show_bug.cgi?id=626795http://www.openwall.com/lists/oss-security/2010/08/24/3http://www.securityfocus.com/bid/42642http://secunia.com/advisories/41038http://www.mandriva.com/security/advisories?name=MDVSA-2010:174http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.htmlhttp://secunia.com/advisories/42397http://www.vupen.com/english/advisories/2010/3097http://secunia.com/advisories/42498http://www.vupen.com/english/advisories/2010/3124http://www.ubuntu.com/usn/USN-1027-1http://www.redhat.com/support/errata/RHSA-2010-0945.htmlhttp://secunia.com/advisories/42446http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.htmlhttp://security.gentoo.org/glsa/glsa-201202-02.xmlhttp://secunia.com/advisories/48106http://code.quagga.net/?p=quagga.git%3Ba=commit%3Bh=cddb8112b80fa9867156c637d63e6e79eeac67bbhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=594262https://usn.ubuntu.com/1027-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypassCVE-2024-30051remoteCVE-2024-27954CVE-2023-51483CVE-2023-47782SSRFCVE-2024-24715CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook