Zebra 0.93b and earlier, and quagga before 0.95, allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Zebra | Gnu | * | 0.91 (including) |
| Quagga_routing_software_suite | Quagga | * | 0.95 (including) |
| Red Hat Enterprise Linux 3 | RedHat | quagga-0:0.96.2-8.3E | * |
| Red Hat Enterprise Linux AS (Advanced Server) version 2.1 | RedHat | * | |
| Red Hat Linux 7.2 | RedHat | * | |
| Red Hat Linux 7.3 | RedHat | * | |
| Red Hat Linux 8.0 | RedHat | * | |
| Red Hat Linux 9 | RedHat | * | |
| Red Hat Linux Advanced Workstation 2.1 | RedHat | * | |
| Quagga | Ubuntu | dapper | * |
| Quagga | Ubuntu | devel | * |
| Quagga | Ubuntu | edgy | * |
| Quagga | Ubuntu | feisty | * |
References
- http://secunia.com/advisories/10563
- http://www.debian.org/security/2004/dsa-415
- http://www.redhat.com/support/errata/RHSA-2003-305.html
- http://www.redhat.com/support/errata/RHSA-2003-307.html
- http://www.redhat.com/support/errata/RHSA-2003-315.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10169
- http://secunia.com/advisories/10563
- http://www.debian.org/security/2004/dsa-415
- http://www.redhat.com/support/errata/RHSA-2003-305.html
- http://www.redhat.com/support/errata/RHSA-2003-307.html
- http://www.redhat.com/support/errata/RHSA-2003-315.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10169