Vulnerabilities > Quagga
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-04-12 | CVE-2007-1995 | Improper Input Validation vulnerability in Quagga bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read. | 6.3 |
| 2006-05-10 | CVE-2006-2276 | Resource Management Errors vulnerability in Quagga 0.98.5/0.99.3 bgpd in Quagga 0.98 and 0.99 before 20060504 allows local users to cause a denial of service (CPU consumption) via a certain sh ip bgp command entered in the telnet interface. | 4.9 |
| 2006-05-05 | CVE-2006-2224 | Improper Authentication vulnerability in Quagga Routing Software Suite RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly enforce RIPv2 authentication requirements, which allows remote attackers to modify routing state via RIPv1 RESPONSE packets. | 5.0 |
| 2006-05-05 | CVE-2006-2223 | Improper Input Validation vulnerability in Quagga 0.98.5/0.99.3 RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly implement configurations that (1) disable RIPv1 or (2) require plaintext or MD5 authentication, which allows remote attackers to obtain sensitive information (routing state) via REQUEST packets such as SEND UPDATE. | 5.0 |
| 2003-12-15 | CVE-2003-0859 | The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface. | 4.9 |
| 2003-12-15 | CVE-2003-0858 | Resource Management Errors vulnerability in multiple products Zebra 0.93b and earlier, and quagga before 0.95, allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface. | 2.1 |
| 2003-12-15 | CVE-2003-0795 | Improper Input Validation vulnerability in multiple products The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference. | 5.0 |