| Summary: | quagga new security issue CVE-2017-5495 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | davidwhodgins, sysadmin-bugs, tarazed25 |
| Version: | 5 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://lwn.net/Vulnerabilities/714262/ | ||
| Whiteboard: | has_procedure advisory MGA5-64-OK MGA5-32-OK | ||
| Source RPM: | quagga-0.99.22.4-4.3.mga5.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2017-02-12 16:38:05 CET
David Walser
2017-02-12 16:38:29 CET
Whiteboard:
(none) =>
has_procedure
Dave Hodgins
2017-02-13 21:20:00 CET
CC:
(none) =>
davidwhodgins x86_64 real hardware
Installed the updates and followed the indicated procedure.
# systemctl start zebra
# systemctl start bgpd.service
# systemctl start ospfd
# systemctl start ripd
# systemctl start isisd
# systemctl start ripngd
# watchquagga zebra bgpd ospfd ospf6d ripd isisd ripngd
2017/02/18 21:43:56 NONE: watchquagga 0.99.22.4 watching [zebra bgpd ospfd ospf6d ripd isisd ripngd], mode [monitor]
2017/02/18 21:43:56 NONE: bgpd state -> up : connect succeeded
2017/02/18 21:43:56 NONE: ospf6d state -> down : initial connection attempt failed
2017/02/18 21:43:56 NONE: ospfd state -> up : connect succeeded
2017/02/18 21:43:56 NONE: isisd state -> up : connect succeeded
2017/02/18 21:43:56 NONE: zebra state -> up : connect succeeded
2017/02/18 21:43:56 NONE: ripd state -> up : connect succeeded
2017/02/18 21:43:57 NONE: ripngd state -> up : connect succeeded
$ sudo systemctl start ospf6d
watchquagga output:
2017/02/18 21:45:17 NONE: ospf6d state -> up : connect succeeded
# netstat -tapnl | grep ':26'
tcp 0 0 0.0.0.0:2601 0.0.0.0:* LISTEN 28358/zebra
tcp 0 0 0.0.0.0:2602 0.0.0.0:* LISTEN 28552/ripd
tcp 0 0 0.0.0.0:2603 0.0.0.0:* LISTEN 28653/ripngd
tcp 0 0 0.0.0.0:2604 0.0.0.0:* LISTEN 28516/ospfd
tcp 0 0 0.0.0.0:2605 0.0.0.0:* LISTEN 28415/bgpd
tcp 0 0 0.0.0.0:2606 0.0.0.0:* LISTEN 29360/ospf6d
tcp 0 0 0.0.0.0:2608 0.0.0.0:* LISTEN 28597/isisd
tcp6 0 0 :::2601 :::* LISTEN 28358/zebra
tcp6 0 0 :::2602 :::* LISTEN 28552/ripd
tcp6 0 0 :::2603 :::* LISTEN 28653/ripngd
tcp6 0 0 :::2604 :::* LISTEN 28516/ospfd
tcp6 0 0 :::2605 :::* LISTEN 28415/bgpd
tcp6 0 0 :::2606 :::* LISTEN 29360/ospf6d
tcp6 0 0 :::2608 :::* LISTEN 28597/isisd
Used telnet to access some of the services via their TCP ports and logged in and looked at help and ran some safe commands. Passwords are set in the configuration files.
# telnet localhost 2601
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Hello, this is Quagga (version 0.99.22.4).
Copyright 1996-2005 Kunihiro Ishiguro, et al.
User Access Verification
Password:
Router> ?
echo Echo a message back to the vty
enable Turn on privileged mode command
exit Exit current mode and down to previous mode
etc.
And in a similar fashion for IPv6 services.
# telnet ::1 2604
Trying ::1...
Connected to ::1.
Escape character is '^]'.
Hello, this is Quagga (version 0.99.22.4).
Copyright 1996-2005 Kunihiro Ishiguro, et al.
User Access Verification
Password:
ospfd> show ?
history Display the session command history
ip IP information
ipv6 IPv6 information
logging Show current logging configuration
memory Memory statistics
mpls-te MPLS-TE information
thread Thread information
version Displays zebra version
work-queues Work Queue information
ospfd> show ip ospf
OSPF Routing Process, Router ID: 192.168.122.1
Supports only single TOS (TOS0) routes
This implementation conforms to RFC2328
RFC1583Compatibility flag is disabled
OpaqueCapability flag is disabled
Initial SPF scheduling delay 200 millisec(s)
and more information than we need at this stage.....
# systemctl stop zebra.service
# systemctl start zebra.service
watchquagga output:
2017/02/18 22:06:47 NONE: isisd state -> down : read returned EOF
2017/02/18 22:06:47 NONE: ripngd state -> down : read returned EOF
2017/02/18 22:06:47 NONE: ospfd state -> down : read returned EOF
2017/02/18 22:06:47 NONE: ripd state -> down : read returned EOF
2017/02/18 22:06:47 NONE: ospf6d state -> down : read returned EOF
2017/02/18 22:06:47 NONE: bgpd state -> down : read returned EOF
2017/02/18 22:06:47 NONE: zebra state -> down : read returned EOF
2017/02/18 22:07:32 NONE: zebra state -> up : connect succeeded
Individual services need to be restarted as needed.
Back into the router:
Router> show ip mroute
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, A - Babel,
> - selected route, * - FIB route
C>* 127.0.0.0/8 is directly connected, lo
C>* 192.168.1.0/24 is directly connected, enp3s0
C>* 192.168.122.0/24 is directly connected, virbr0
# telnet ::1 2606
.....................
ospf6d@plant#
It was possible to reach ::1 2603 ( == ripngd )
Restarted ripd and telnet to ::1 2602 worked.
This all looks good enough for an OK.CC:
(none) =>
tarazed25
Len Lawrence
2017-02-18 23:48:06 CET
Whiteboard:
has_procedure advisory =>
has_procedure advisory MGA5-64-OK
Len Lawrence
2017-03-02 19:39:29 CET
Keywords:
(none) =>
validated_update i586 on virtualbox Installed the quagga packages, edited the /etc/quagga conf files and checked that everything worked as before. Updated the packages and ran a battery of tests similar to those inthe 64bit test and saw the same kind of output. Services could be stopped and restarted cleanly. telnet logins worked on the ip ports and also the ipv6 ports. Tried out help and show commands. Used watchquagga to see services coming up and going down. netstat provided information on the TCP ports, showing assignments for individual services. With the 32-bit OK this can be validated. An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0071.html Status:
NEW =>
RESOLVED |