[Sysadmins] Fwd: [SA19910] Quagga RIPd RIPv1 Request Handling Security Issue

[Sysadmins] Fwd: [SA19910] Quagga RIPd RIPv1 Request Handling Security Issue

[Michael Shigorin]

	Здравствуйте.
Кто там кваггу нахваливал?  Чините.

----- Forwarded message from Secunia Security Advisories <sec-adv@secunia.com> -----

TITLE:
Quagga RIPd RIPv1 Request Handling Security Issue

SECUNIA ADVISORY ID:
SA19910

VERIFY ADVISORY:
http://secunia.com/advisories/19910/

CRITICAL:
Less critical

IMPACT:
Security Bypass, Exposure of system information

WHERE:
>From local network

SOFTWARE:
Quagga 0.x
http://secunia.com/product/4731/

DESCRIPTION:
Konstantin V. Gavrilenko has reported two security issues in Quagga,
which can be exploited by malicious people to bypass certain security
restrictions and to disclose system information.

1) An error in RIPd causes RIPv1 RESPONSE packets to be accepted for
routing state update, even when RIPv2 authentication has been
enabled. This can potentially be exploited to inject malicious route
into the RIP daemon.

2) An error in RIPd causes it to respond to RIPv1 SEND UPDATE
requests and to send out routing table information, even when RIPv2
authentication has been enabled. This can potentially be exploited to
obtain route information.

The security issues have been reported in 0.98.3 and 0.99.5. Other
versions may also be affected.

SOLUTION:
The security issues have been fixed in the CVS repositories.

PROVIDED AND/OR DISCOVERED BY:
Konstantin V. Gavrilenko

ORIGINAL ADVISORY:
http://bugzilla.quagga.net/show_bug.cgi?id=261
http://bugzilla.quagga.net/show_bug.cgi?id=262

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

----- End forwarded message -----

-- 
 ---- WBR, Michael Shigorin <mike@altlinux.ru>
  ------ Linux.Kiev http://www.linux.kiev.ua/

Re: [Sysadmins] Fwd: [SA19910] Quagga RIPd RIPv1 Request Handling Security Issue

[Sergey]

On Wednesday 03 May 2006 17:29, Michael Shigorin wrote:

> 	Здравствуйте.
> Кто там кваггу нахваливал?  Чините.

> ----- Forwarded message from Secunia Security Advisories <sec-adv@secunia.com> -----
> 
> TITLE:
> Quagga RIPd RIPv1 Request Handling Security Issue

Вообще-то, оно достаточно старая часть. Неплохо бы и Зебру проверить...
Пересоберу сегодня/завтра из CVS.

-- 
С уважением, Сергей
a_s_y@sama.ru

PS: кстати, а, вообще, RIP кто-то ещё использует широко, интересно ?