Debian-LTS has issued an advisory today (October 18): http://lwn.net/Alerts/703856/ Upstream announced this issue today: https://lists.quagga.net/pipermail/quagga-users/2016-October/014478.html A commit to fix the issue is linked in the message above. Mageia 5 is also affected.
Whiteboard: (none) => MGA5TOO
Assigning to all packagers collectively, since there is no registered maintainer for this package.
CC: (none) => cjw, jani.valimaa, marja11, olavAssignee: bugsquad => pkg-bugs
Patched packages uploaded for Mageia 5 and Cauldron by Jani. Testing procedure: https://bugs.mageia.org/show_bug.cgi?id=6512#c1 Advisory: ======================== Updated quagga packages fix security vulnerability: It was discovered that the zebra daemon in the Quagga routing suite suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages (CVE-2016-1245). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1245 https://lists.quagga.net/pipermail/quagga-users/2016-October/014478.html https://www.debian.org/security/2016/dsa-3695 ======================== Updated packages in core/updates_testing: ======================== quagga-0.99.22.4-4.3.mga5 quagga-contrib-0.99.22.4-4.3.mga5 libquagga0-0.99.22.4-4.3.mga5 libquagga-devel-0.99.22.4-4.3.mga5 from quagga-0.99.22.4-4.3.mga5.src.rpm
Version: Cauldron => 5Assignee: pkg-bugs => qa-bugsWhiteboard: MGA5TOO => has_procedure
Running this on x86_64 hardware. Unlikely to find a way to test the vulnerability so this will be a functionality test only.
CC: (none) => tarazed25
Installed the updates and followed Dave and Claire's instructions. # systemctl start zebra.service # systemctl start babeld.service Failed to start babeld.service: Unit babeld.service failed to load: No such file or directory. # systemctl start bgpd # systemctl start ospfd # systemctl start ripngd # systemctl start ripd Start watchquagga in daemon mode to keep track of the various services. # watchquagga -d zebra bgpd ospfd ripngd ripd ospf6d # tail /var/log/syslog Oct 27 18:38:00 vega watchquagga[6820]: watchquagga 0.99.22.4 watching [zebra bgpd ospfd ripngd ripd ospf6d], mode [monitor] Oct 27 18:38:00 vega watchquagga[6820]: ripngd state -> up : connect succeeded Oct 27 18:38:00 vega watchquagga[6820]: zebra state -> up : connect succeeded Oct 27 18:38:00 vega watchquagga[6820]: ospfd state -> up : connect succeeded Oct 27 18:38:00 vega watchquagga[6820]: ripd state -> up : connect succeeded Oct 27 18:38:01 vega watchquagga[6820]: bgpd state -> up : connect succeeded Oct 27 18:38:01 vega watchquagga[6820]: ospf6d state -> down : initial connection attempt failed # systemctl start ospf6d.service # tail /var/log/syslog Oct 27 18:40:56 vega watchquagga[6820]: ospf6d state -> up : connect succeeded # netstat -tapnl|grep ':26' < expected output > # telnet localhost 2601 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. Hello, this is Quagga (version 0.99.22.4). Copyright 1996-2005 Kunihiro Ishiguro, et al. User Access Verification Password: ..... Router> ? < displayed help /> Router> enable Password: Router# < played with a few commands. Note that the exit and quit commands close the telnet connection. In privileged mode this should revert to normal mode. Looks like a bug or an error in the documentation. /> # telnet localhost 2606 Trying 127.0.0.1... ................... Hello, this is Quagga (version 0.99.22.4). .................. Password: ospf6d@plant# quit Not at all clear how to use these commands properly. # telnet localhost ::1 2606 Usage: telnet [-8] [-E] [-K] [-L] [-G] [-S tos] [-X atype] [-a] [-c] [-d] [-e char] [-k realm] [-l user] [-f/-F] [-n tracefile] [-r] [-x] [host-name [port]] < That used to work, with the earlier version /> I shall continue probing this. Need to find out why telnet is not connecting to a specified service.
Trying individual ports in succession: $ telnet localhost 2602 .......... ripd> quit $ telnet localhost 2603 Trying 127.0.0.1... ............... ripngd> quit $ telnet localhost 2604 Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Connection refused $ netstat -tapnl|grep ':26' (Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.) tcp 0 0 0.0.0.0:2601 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:2602 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:2603 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:2605 0.0.0.0:* LISTEN - tcp6 0 0 :::2601 :::* LISTEN - tcp6 0 0 :::2602 :::* LISTEN - tcp6 0 0 :::2603 :::* LISTEN - tcp6 0 0 :::2605 :::* LISTEN - $ telnet localhost 2605 ........................ bgpd> quit The man pages for telnet do not say anything specific about ipv6 or tcp6 and nothing about the ::1 form used in previous tests.
Of course, the telnet sysntax was wrong - this succeeded in accessing the ipv6 ports: # telnet ::1 2602 Trying ::1... Connected to ::1. Escape character is '^]'. Hello, this is Quagga (version 0.99.22.4). Copyright 1996-2005 Kunihiro Ishiguro, et al. User Access Verification ...... ripd> show ip access-list % [RIP] Unknown command: show ip access-list ripd> enable ripd# show ip access-list RIP: ripd# show memory all System allocator statistics: Total heap allocated: 528 KiB Holding block headers: 0 bytes Used small blocks: 0 bytes Used ordinary blocks: 420 KiB Free small blocks: 32 bytes Free ordinary blocks: 108 KiB Ordinary blocks: 3 Small blocks: 1 Holding blocks: 0 (see system documentation for 'mallinfo' for meaning) ----------------------------- Temporary memory : 1 String vector : 4145 Vector : 2161 Vector index : 2161 Link List : 8 ....... ripd# exit Connection closed by foreign host. Logged in to zebra: # telnet localhost 2601 ...... Router> show ip mroute Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, A - Babel, > - selected route, * - FIB route C>* 127.0.0.0/8 is directly connected, lo C>* 192.168.1.0/24 is directly connected, enp3s0 C>* 192.168.122.0/24 is directly connected, virbr0 # netstat -tapnl | grep ':260' > quagga.netlog # cat quagga.netlog # cat quagga.netlog tcp 0 0 0.0.0.0:2601 0.0.0.0:* LISTEN 13529/zebra tcp 0 0 0.0.0.0:2602 0.0.0.0:* LISTEN 13595/ripd tcp 0 0 0.0.0.0:2603 0.0.0.0:* LISTEN 13594/ripngd tcp 0 0 0.0.0.0:2604 0.0.0.0:* LISTEN 13118/ospfd tcp 0 0 0.0.0.0:2605 0.0.0.0:* LISTEN 13622/bgpd tcp 0 0 127.0.0.1:2601 127.0.0.1:39520 TIME_WAIT - tcp6 0 0 :::2601 :::* LISTEN 13529/zebra tcp6 0 0 :::2602 :::* LISTEN 13595/ripd tcp6 0 0 :::2603 :::* LISTEN 13594/ripngd tcp6 0 0 :::2604 :::* LISTEN 13118/ospfd tcp6 0 0 :::2605 :::* LISTEN 13622/bgpd Stopped a couple of services and: # watchquagga -d zebra bgpd ospfd ripngd ripd ospf6d # tail /var/log/syslog Nov 2 18:47:36 vega watchquagga[20682]: watchquagga 0.99.22.4 watching [zebra bgpd ospfd ripngd ripd ospf6d], mode [monitor] Nov 2 18:47:36 vega watchquagga[20682]: bgpd state -> up : connect succeeded Nov 2 18:47:36 vega watchquagga[20682]: zebra state -> up : connect succeeded Nov 2 18:47:36 vega watchquagga[20682]: ospf6d state -> down : initial connection attempt failed Nov 2 18:47:36 vega watchquagga[20682]: ripngd state -> down : initial connection attempt failed Nov 2 18:47:37 vega watchquagga[20682]: ripd state -> up : connect succeeded Nov 2 18:47:37 vega watchquagga[20682]: ospfd state -> up : connect succeeded As far as I can tell this is all healthy. Giving it the OK.
Whiteboard: has_procedure => has_procedure MGA5-64-OK
Thanks yet again Len for non-trivial testing. Advisory uploaded.
CC: (none) => lewyssmithWhiteboard: has_procedure MGA5-64-OK => has_procedure MGA5-64-OK advisory
i586 vbox tests coming up later.
i586 vbox Installed the latest packages from core updates and gave quagga a run. Started zebra and a couple of quagga services then watchquagga on the command line. The first problem was no syslog. There did not seem to be a syslog daemon but MCC -> system -> services showed that there was a service called rsyslog doing nothing. After starting that /var/log/syslog appeared. syslog reported that it could not make connections to the subsidiary services but zebra was OK. This is unexpected. Proceeding with the update to see if things improve. Ran the update and tried again. No improvement. Going to try this on the 32bit install of mga5 on a 64bit laptop.
Things did not improve but I noted in the service status reports references to missing conf files and checking back on Claire's procedure discovered that there is some preliminary configuration needed in /etc, something which had been done months ago on the updates testing machine but not in any other system. Had completely forgotten about that so shall restart the tests tomorrow. Sorry about that. I should have repeated the preconfiguration steps in my earlier report. (wilcal nods his head knowingly)
Right. Post-update tests now work as they should but there is a complication. There is a shell associated with quagga, which is new to me but may have been part of the package all along. It manifested itself on an attempt to access zebra via localhost. # telnet localhost 2601 Trying 127.0.0.1... Connected to localhost (127.0.0.1). Escape character is '^]'. Vty password is not set. Connection closed by foreign host. I found some documentation here: https://openmaniak.com/quagga_tutorial.php#vtysh which is Debian oriented. There is a hint that vtysh can be enabled/disabled but somehow it has been enabled by default in our latest round. It can be used to issue general commands like those listed for the various quagga services; e.g. # vtysh -c "show ip route" Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, A - Babel, > - selected route, * - FIB route K>* 0.0.0.0/0 via 192.168.1.1, enp3s0 C>* 127.0.0.0/8 is directly connected, lo C>* 192.168.1.0/24 is directly connected, enp3s0 /etc/quagga contains vtysh.conf and a sample config. It is necessary to copy the sample into vtysh.conf and uncomment the two lines: !hostname quagga-router !username root nopassword # telnet localhost 2601 Trying 127.0.0.1... Connected to localhost (127.0.0.1). Escape character is '^]'. Hello, this is Quagga (version 0.99.22.4). Copyright 1996-2005 Kunihiro Ishiguro, et al. User Access Verification Password: localhost> .... localhost> exit # telnet ::1 2606 Trying ::1... Connected to localhost (::1). ................. User Access Verification Password: ospf6d@plant# .... The password in these cases is the one set for the zebra service (aka quagga). The 32bit update is now ready for validation. The procedure documentation needs to be tidied up a bit. Shall work on that in the background.
Keywords: (none) => validated_updateWhiteboard: has_procedure MGA5-64-OK advisory => has_procedure MGA5-64-OK advisory MGA5-32-OKCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0374.html
Status: NEW => RESOLVEDResolution: (none) => FIXED