安全研究
安全漏洞
Quagga bgpd空指针引用拒绝服务漏洞
发布日期:2010-08-24
更新日期:2010-09-02
受影响系统:
Quagga Quagga Routing Software Suite < 0.99.17不受影响系统:
Quagga Quagga Routing Software Suite 0.99.17描述:
BUGTRAQ ID: 42642
CVE(CAN) ID: CVE-2010-2949
Quagga是一个路由软件套件,可在Unix平台上实现多种路由协议。
Quagga的bgpd守护程序在解析AS的路径时存在空指针引用漏洞,配置的BGP对等端可以发送带有未知AS类型的BGP更新请求导致守护程序崩溃。
<*来源:Chris Hall
链接:http://secunia.com/advisories/41038/
https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=626795
http://permalink.gmane.org/gmane.comp.security.oss.general/3347
http://www.debian.org/security/2010/dsa-2104
*>
建议:
厂商补丁:
Debian
------
Debian已经为此发布了一个安全公告(DSA-2104-1)以及相应补丁:
DSA-2104-1:New quagga packages fix denial of service
链接:http://www.debian.org/security/2010/dsa-2104
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10.orig.tar.gz
Size/MD5 checksum: 2424191 c7a2d92e1c42214afef9b2e1cd4b5d06
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3.diff.gz
Size/MD5 checksum: 42826 100dbb936b3b0f0d4fb4947bf384d369
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3.dsc
Size/MD5 checksum: 1651 f5b9c26538e9d32008ad0256fe4ad0ed
Architecture independent packages:
http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.99.10-1lenny3_all.deb
Size/MD5 checksum: 661354 f843c6f765a48f7e071a52d3c7834d2f
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_alpha.deb
Size/MD5 checksum: 1902990 0f85c30d5f719f9c104f5a8977a5d1a0
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_amd64.deb
Size/MD5 checksum: 1749952 89a53689c4daf3f0695ea2c21aa93254
arm architecture (ARM)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_arm.deb
Size/MD5 checksum: 1449792 3c53e06e4d27ef8cf391533824668b19
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_armel.deb
Size/MD5 checksum: 1457202 e52ae364e20ff137c5e0e5f75bfc1ec1
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_hppa.deb
Size/MD5 checksum: 1683924 c8172ed22b010569949977f407c282b6
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_i386.deb
Size/MD5 checksum: 1608678 e7b5fbd36e4466cdecaca46f1f96642b
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_ia64.deb
Size/MD5 checksum: 2256144 75ebe4e12a3e22ef79e5e3dab2d457bf
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_mips.deb
Size/MD5 checksum: 1605990 f33ef3d9b31f0da900aba6a20bdd188d
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_mipsel.deb
Size/MD5 checksum: 1601240 68ff751ff9c022cc06db8d0d66895a6e
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_powerpc.deb
Size/MD5 checksum: 1717802 931505a31bdcc1a7732a9a2e9f295a01
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_s390.deb
Size/MD5 checksum: 1794990 7d52667f3f37553256e87b77450dc309
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_sparc.deb
Size/MD5 checksum: 1671232 3706818c39b51bb45c58a0cf8fdba202
补丁安装方法:
1. 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
# apt-get update
然后,使用下面的命令安装更新软件包:
# apt-get upgrade
Quagga
------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://www.quagga.net/news2.php?y=2010&m=8&d=19#id1282241100
浏览次数:2788
严重程度:0(网友投票)
绿盟科技给您安全的保障