Bug 1542972 – CVE-2018-5378 quagga: bgpd does not properly bounds check the data sent with a NOTIFY allowing leak of sensitive data or crash

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1542972 - (CVE-2018-5378) CVE-2018-5378 quagga: bgpd does not properly bounds check the data sent with a NOTIFY allowing leak of sensitive data or crash

Summary:	CVE-2018-5378 quagga: bgpd does not properly bounds check the data sent with ...

Status:	NEW

Aliases:	CVE-2018-5378

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	impact=moderate,public=20180215,repor...
Keywords:	Security

Depends On:	1546010 1546009
Blocks:	1543001
	Show dependency tree / graph

Reported:	2018-02-07 08:41 EST by Adam Mariš
Modified:	2018-02-18 19:00 EST (History)
CC List:	7 users (show)

See Also:
Fixed In Version:	quagga 1.2.3
Doc Type:	If docs needed, set a value
Doc Text:	An out-of-bounds read vulnerability was discovered in Quagga. A BGP peer could send a specially crafted message which would cause Quagga to read out of bounds, potentially causing a crash or disclosure of up to 64KB process memory to the peer.
Story Points:	---
Clone Of:
Environment:
Last Closed:
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Upstream patch (2.77 KB, patch) 2018-02-07 09:24 EST, Adam Mariš	no flags	Details \| Diff
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Adam Mariš 2018-02-07 08:41:14 EST

The Quagga BGP daemon, bgpd, does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or it may crash.

Affected versions: 1.1.0, 1.1.1, 1.2.0, 1.2.1, 1.2.2

Comment 1 Adam Mariš 2018-02-07 08:41:17 EST

Acknowledgments:

Name: the Quagga project

Comment 2 Adam Mariš 2018-02-07 09:24 EST

Created attachment 1392686 [details]
Upstream patch

Comment 3 Doran Moppert 2018-02-12 23:15:39 EST

External References:

https://www.quagga.net/security/Quagga-2018-0543.txt

Comment 4 Doran Moppert 2018-02-12 23:53:38 EST

Statement:

This vulnerability affects Quagga versions after 1.1.0. Versions 0.99.x, included with Red Hat Enterprise Linux, are not affected by this issue.

Comment 5 Doran Moppert 2018-02-15 23:37:20 EST

Created quagga tracking bugs for this issue:

Affects: fedora-all [bug 1546009]

Note You need to log in before you can comment on or make changes to this bug.