Vulnerabilities > CVE-2013-6051 - Unspecified vulnerability in Quagga 0.99.21
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN quagga
nessus
Summary
The bgp_attr_unknown function in bgp_attr.c in Quagga 0.99.21 does not properly initialize the total variable, which allows remote attackers to cause a denial of service (bgpd crash) via a crafted BGP update.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2014-279.NASL description The bgp_attr_unknown function in bgp_attr.c in Quagga 0.99.21 does not properly initialize the total variable, which allows remote attackers to cause a denial of service (bgpd crash) via a crafted BGP update. last seen 2020-06-01 modified 2020-06-02 plugin id 72297 published 2014-02-05 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72297 title Amazon Linux AMI : quagga (ALAS-2014-279) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2014-279. # include("compat.inc"); if (description) { script_id(72297); script_version("1.4"); script_cvs_date("Date: 2018/04/18 15:09:35"); script_cve_id("CVE-2013-6051"); script_xref(name:"ALAS", value:"2014-279"); script_name(english:"Amazon Linux AMI : quagga (ALAS-2014-279)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "The bgp_attr_unknown function in bgp_attr.c in Quagga 0.99.21 does not properly initialize the total variable, which allows remote attackers to cause a denial of service (bgpd crash) via a crafted BGP update." ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2014-279.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update quagga' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:quagga"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:quagga-contrib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:quagga-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:quagga-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2014/01/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/02/05"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"quagga-0.99.21-6.12.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"quagga-contrib-0.99.21-6.12.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"quagga-debuginfo-0.99.21-6.12.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"quagga-devel-0.99.21-6.12.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "quagga / quagga-contrib / quagga-debuginfo / quagga-devel"); }NASL family Fedora Local Security Checks NASL id FEDORA_2013-23504.NASL description Fix for CVE-2013-6051 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-12-27 plugin id 71638 published 2013-12-27 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/71638 title Fedora 18 : quagga-0.99.21-6.fc18 (2013-23504) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2013-23504. # include("compat.inc"); if (description) { script_id(71638); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-6051"); script_bugtraq_id(63937); script_xref(name:"FEDORA", value:"2013-23504"); script_name(english:"Fedora 18 : quagga-0.99.21-6.fc18 (2013-23504)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Fix for CVE-2013-6051 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1043370" ); # https://lists.fedoraproject.org/pipermail/package-announce/2013-December/125130.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?15d0954b" ); script_set_attribute( attribute:"solution", value:"Update the affected quagga package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:quagga"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:18"); script_set_attribute(attribute:"patch_publication_date", value:"2013/12/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^18([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 18.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC18", reference:"quagga-0.99.21-6.fc18")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "quagga"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2803.NASL description Multiple vulnerabilities were discovered in Quagga, a BGP/OSPF/RIP routing daemon : - CVE-2013-2236 A buffer overflow was found in the OSPF API-server (exporting the LSDB and allowing announcement of Opaque-LSAs). - CVE-2013-6051 bgpd could be crashed through BGP updates. This only affects Wheezy/stable. last seen 2020-03-17 modified 2013-11-27 plugin id 71097 published 2013-11-27 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/71097 title Debian DSA-2803-1 : quagga - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-2803. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(71097); script_version("1.8"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-2236", "CVE-2013-6051"); script_bugtraq_id(60955); script_xref(name:"DSA", value:"2803"); script_name(english:"Debian DSA-2803-1 : quagga - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Multiple vulnerabilities were discovered in Quagga, a BGP/OSPF/RIP routing daemon : - CVE-2013-2236 A buffer overflow was found in the OSPF API-server (exporting the LSDB and allowing announcement of Opaque-LSAs). - CVE-2013-6051 bgpd could be crashed through BGP updates. This only affects Wheezy/stable." ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730513" ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726724" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2013-2236" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2013-6051" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/squeeze/quagga" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/wheezy/quagga" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2013/dsa-2803" ); script_set_attribute( attribute:"solution", value: "Upgrade the quagga packages. For the oldstable distribution (squeeze), these problems have been fixed in version 0.99.20.1-0+squeeze5. For the stable distribution (wheezy), these problems have been fixed in version 0.99.22.4-1+wheezy1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:quagga"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0"); script_set_attribute(attribute:"patch_publication_date", value:"2013/11/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/11/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"6.0", prefix:"quagga", reference:"0.99.20.1-0+squeeze5")) flag++; if (deb_check(release:"6.0", prefix:"quagga-dbg", reference:"0.99.20.1-0+squeeze5")) flag++; if (deb_check(release:"6.0", prefix:"quagga-doc", reference:"0.99.20.1-0+squeeze5")) flag++; if (deb_check(release:"7.0", prefix:"quagga", reference:"0.99.22.4-1+wheezy1")) flag++; if (deb_check(release:"7.0", prefix:"quagga-dbg", reference:"0.99.22.4-1+wheezy1")) flag++; if (deb_check(release:"7.0", prefix:"quagga-doc", reference:"0.99.22.4-1+wheezy1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Misc. NASL id QUAGGA_0_99_22.NASL description According to its self-reported version number, the installation of Quagga last seen 2020-06-01 modified 2020-06-02 plugin id 71536 published 2013-12-19 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/71536 title Quagga 0.99.21 bgp_attr.c BGP Update DoS code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(71536); script_version("1.6"); script_cvs_date("Date: 2019/11/27"); script_cve_id("CVE-2013-6051"); script_bugtraq_id(63937); script_name(english:"Quagga 0.99.21 bgp_attr.c BGP Update DoS"); script_summary(english:"Checks the version of Quagga"); script_set_attribute(attribute:"synopsis", value: "The remote service may be affected by a denial of service vulnerability."); script_set_attribute(attribute:"description", value: "According to its self-reported version number, the installation of Quagga's BGP daemon listening on the remote host is affected by a denial of service vulnerability. This issue exists due to a failure to properly initialize the packet's total size variable in the 'bgp_attr.c' source file. Normal, valid BGP update messages can trigger this issue."); script_set_attribute(attribute:"see_also", value:"https://savannah.nongnu.org/forum/forum.php?forum_id=7501"); # http://savannah.spinellicreations.com//quagga/quagga-0.99.22.changelog.txt script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?11e41901"); # http://git.savannah.gnu.org/gitweb/?p=quagga.git;a=commitdiff;h=8794e8d229dc9fe29ea31424883433d4880ef408 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d4828438"); script_set_attribute(attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730513"); script_set_attribute(attribute:"solution", value: "Upgrade to version 0.99.22 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-6051"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/11/26"); script_set_attribute(attribute:"patch_publication_date", value:"2012/02/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/19"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:quagga:quagga"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("quagga_zebra_detect.nasl"); script_require_keys("Quagga/Installed", "Settings/ParanoidReport"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); app = "Quagga Zebra"; kb = "Quagga/"; port = get_kb_item_or_exit(kb + "Installed"); kb += port + "/"; banner = get_kb_item_or_exit(kb + "Banner"); ver = get_kb_item_or_exit(kb + "Version"); if (ver !~ "^\d+(\.\d+)*$") audit(AUDIT_NONNUMERIC_VER, app, port, ver); if (report_paranoia < 2) audit(AUDIT_PARANOID); if (ver == "0.99.21") { fix = "0.99.22"; if (report_verbosity > 0) { report = '\n Version source : ' + banner + '\n Installed version : ' + ver + '\n Fixed version : ' + fix + '\n'; security_warning(port:port, extra:report); } else security_warning(port); } else audit(AUDIT_LISTEN_NOT_VULN, app, port, ver);