Monday May 08, 2006 Random ramblings
Monday May 08, 2006 Quagga 0.98.6 has been released, addressing 3 security issues in ripd and bgpd. Only one tiny additional change over last friday's pre-release, a small ripngd fix. Follow the link for further details. Corresponding 0.99 release still to follow.
( May 08 2006, 08:42:54 PM IST ) Permalink Comments [0]
Thursday May 04, 2006 Quagga 0.98.6 Release Candidate
A snapshot is available of the Quagga 0.98 stable branch, containing fixes for the recently reported RIPv1 vulnerabilities. This is a "Release Candidate" for 0.98.6, testing would be very much appreciated. All the fixes have been tested on their own and/or soaked in the unstable 0.99 series, however the fixes together in this tarball have not been fully tested - stress testing of OSPF virtual-link functionality in particular would be useful.
Changes in the snapshot:
-
Security:
- [ripd] bugs #261,#262: Fix RIPv1 info-leak and unauthenticated route updates
- [ripd] 0.98 specific command changes, allow no-auth to be set
- [bgpd] Fix infinite loop in community_str2com
- [docs] Update ripd docs on version and authentication, see bugs #261,#262
- [doc] Add text on 0.98 specific RIP authentication changes
- Major bugfixes:
-
Minor bugfixes:
- [ospfd] Fix incorrect byte-order conversion of OSPF_MAX_SEQUENCE_NUMBER
- [ospfd] fix rare leak of struct connected, in an error path.
- [ospfd] Make database exchange for NSSA database work
-
Trivial fixes/enhancements:
- [zebra] zebra_rib.c: Fix rib_delete_ipv6() to match routes in the RIB by
- [0.98] Make "show ip ospf neighbor xxx" commands work.
- [redhat] Update spec file with some changes from Fedora spec file
- [lib] 'show route-map' should print call action seperate from exit policy
- [ospfd] Fix failure of Fletcher checksum with certain compilers
- [ospfd] fix undefined effect expression
Many thanks to the many users involved who have reported bugs, helped diagnose them and tested iterations of proposed fixes.
( May 04 2006, 05:41:19 PM IST ) Permalink Comments [0]
Wednesday May 03, 2006 Konstantin V. Gavrilenko of Arhont reported two vulnerabilities in Quagga's ripd daemon.
- An information leak with RIPv1, where ripd will respond to RIPv1 REQUESTs, even where ripd has been configured to disallow RIPv1, hence allowing remote querying of RIP routing state. See Quagga bug 261.
- unauthenticated route injection, where ripd will allow unauthenticated RIPv1 packets to update its routing state (provided RIPv1 is allowed by version control), even when RIPv2 authentication has been configured. See Quagga bug 262.
Bug 262 has fixes for both issues for both 0.99 and 0.98, along with comment.
( May 03 2006, 07:14:37 PM IST ) Permalink Comments [1]
