Debian Bug report logs - #366980
CVE-2006-2276: bgpd denial of service in bgpd telnet interface

version graph

Package: quagga; Maintainer for quagga is Christian Hammers <ch@debian.org>; Source for quagga is src:quagga.

Reported by: Stefan Fritsch <sf@sfritsch.de>

Date: Fri, 12 May 2006 16:18:11 UTC

Severity: important

Tags: fixed, security

Fixed in version quagga/0.99.4-1

Done: Christian Hammers <ch@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Christian Hammers <ch@debian.org>:
Bug#366980; Package quagga. Full text and rfc822 format available.

Acknowledgement sent to Stefan Fritsch <sf@sfritsch.de>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Christian Hammers <ch@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Stefan Fritsch <sf@sfritsch.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2006-2276: bgpd denial of service in bgpd telnet interface
Date: Fri, 12 May 2006 18:03:35 +0200
Package: quagga
Severity: important
Tags: security

CVE-2006-2276:
bgpd in Quagga 0.98 and 0.99 before 20060504 allows local users to
cause a denial of service (CPU consumption) via a certain sh ip bgp
command entered in the telnet interface.

See
http://www.quagga.net/news2.php?y=2006&m=5&d=4#id1146764580



Reply sent to Christian Hammers <ch@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Stefan Fritsch <sf@sfritsch.de>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #10 received at 366980-close@bugs.debian.org (full text, mbox):

From: Christian Hammers <ch@debian.org>
To: 366980-close@bugs.debian.org
Subject: Bug#366980: fixed in quagga 0.99.4-1
Date: Sat, 13 May 2006 14:34:02 -0700
Source: quagga
Source-Version: 0.99.4-1

We believe that the bug you reported is fixed in the latest version of
quagga, which is due to be installed in the Debian FTP archive:

quagga-doc_0.99.4-1_all.deb
  to pool/main/q/quagga/quagga-doc_0.99.4-1_all.deb
quagga_0.99.4-1.diff.gz
  to pool/main/q/quagga/quagga_0.99.4-1.diff.gz
quagga_0.99.4-1.dsc
  to pool/main/q/quagga/quagga_0.99.4-1.dsc
quagga_0.99.4-1_amd64.deb
  to pool/main/q/quagga/quagga_0.99.4-1_amd64.deb
quagga_0.99.4.orig.tar.gz
  to pool/main/q/quagga/quagga_0.99.4.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 366980@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christian Hammers <ch@debian.org> (supplier of updated quagga package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat, 13 May 2006 19:54:40 +0200
Source: quagga
Binary: quagga quagga-doc
Architecture: source amd64 all
Version: 0.99.4-1
Distribution: unstable
Urgency: low
Maintainer: Christian Hammers <ch@debian.org>
Changed-By: Christian Hammers <ch@debian.org>
Description: 
 quagga     - unoff. successor of the Zebra BGP/OSPF/RIP routing daemon
 quagga-doc - documentation files for quagga
Closes: 366980
Changes: 
 quagga (0.99.4-1) unstable; urgency=low
 .
   * New upstream release to fix a security problem in the telnet interface
     of the BGP daemon which could be used for DoS attacks (CVE-2006-2276).
     Closes: 366980
Files: 
 a09089020497056069bad7b893732131 752 net optional quagga_0.99.4-1.dsc
 a75d3f5ed0b3354274c28d195e3f6479 2207774 net optional quagga_0.99.4.orig.tar.gz
 9699db4e06a58a7fc6f930363b8857c3 27252 net optional quagga_0.99.4-1.diff.gz
 dc614819d075ac71c2df2c8c429301e8 524832 net optional quagga-doc_0.99.4-1_all.deb
 6d959a54974636421aec36168f3dcb0c 1410394 net optional quagga_0.99.4-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iEYEARECAAYFAkRmTPIACgkQkR9K5oahGObhPQCgylx7gSH4WRFUmTNfDHupndJN
PWUAn1CtQ1FSj5v0HWUUUPQUMOXWmtnf
=roSo
-----END PGP SIGNATURE-----




Tags added: fixed Request was from Martin Schulze <joey@infodrom.org> to control@bugs.debian.org. Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 26 Jun 2007 18:05:26 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 16 11:55:52 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.