Fedora has issued an advisory on June 8: http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082500.html Patched packages uploaded for Mageia 1, Mageia 2, and Cauldron. Advisory: ======================== Updated quagga package fixes security vulnerability: The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering (ORF) capability TLV in an OPEN message (CVE-2012-1820). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1820 http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082500.html ======================== Updated packages in core/updates_testing: ======================== quagga-0.99.18-1.3.mga1 quagga-contrib-0.99.18-1.3.mga1 libquagga0-0.99.18-1.3.mga1 libquagga-devel-0.99.18-1.3.mga1 quagga-0.99.20.1-3.1.mga2 quagga-contrib-0.99.20.1-3.1.mga2 libquagga0-0.99.20.1-3.1.mga2 libquagga-devel-0.99.20.1-3.1.mga2 from SRPMS: quagga-0.99.18-1.3.mga1.src.rpm quagga-0.99.20.1-3.1.mga2.src.rpm
Whiteboard: (none) => MGA2TOO, MGA1TOO
Hardware: i586 => AllVersion: Cauldron => 2Whiteboard: MGA2TOO, MGA1TOO => MGA1TOO
Testing x86_64 Mageia 2 using procedure from bug 5108 Renamed the samples confs in /etc/quagga/ to confs and added enable passwords where needed. zebra.conf needs 'password <password>' adding on a new line. Started the various services, except ospf6d, and last of all started watchquagga #tail /var/log/syslog shows watchquagga[16103]: watchquagga 0.99.20.1 watching [zebra bgpd ospfd ospf6d ripd ripngd], mode [monitor] watchquagga[16095]: Starting watchquagga: [ OK ] watchquagga[16103]: bgpd state -> up : connect succeeded watchquagga[16103]: ospf6d state -> up : connect succeeded watchquagga[16103]: ospfd state -> up : connect succeeded watchquagga[16103]: zebra state -> up : connect succeeded watchquagga[16103]: ripngd state -> up : connect succeeded watchquagga[16103]: ospf6d state -> down : initial connection attempt failed watchquagga[16103]: ripd state -> up : connect succeeded # netstat -tapnl|grep ':26' tcp 0 0 127.0.0.1:2601 0.0.0.0:* LISTEN 15918/zebra tcp 0 0 127.0.0.1:2602 0.0.0.0:* LISTEN 15824/ripd tcp 0 0 127.0.0.1:2604 0.0.0.0:* LISTEN 15758/ospfd tcp 0 0 127.0.0.1:2605 0.0.0.0:* LISTEN 15637/bgpd tcp 0 0 0.0.0.0:2608 0.0.0.0:* LISTEN 15729/isisd tcp 0 0 127.0.0.1:2601 127.0.0.1:48656 TIME_WAIT - tcp 0 0 ::1:2603 :::* LISTEN 15845/ripngd tcp 0 0 ::1:2606 :::* LISTEN 16616/ospf6d Updated quagga and lib64quagga0 and stop/started the services and did the same testing. # telnet localhost 2601 Connected to each of the services, logged in and played with some commands found by typing '?' and 'list'. For the IPv6 services using eg.. # telnet ::1 2606 Testing complete x86_64 Mageia 2
Whiteboard: MGA1TOO => MGA1TOO, mga2-64-OK
ignore ospf6d down above, i hadn't started it when i pasted. started it and stop/started watchquagga afterwards to confirm it was found.
Testing x86_64 Mageia 1
Testing complete x86_64 Mageia 1
Whiteboard: MGA1TOO, mga2-64-OK => MGA1TOO, mga2-64-OK, mga1-64-OK
Testing complete i586 Mageia 1
Whiteboard: MGA1TOO, mga2-64-OK, mga1-64-OK => MGA1TOO, mga2-64-OK, mga1-64-OK mga1-32-OK
Testing on i586 Mageia 2.
CC: (none) => remi
I followed the procedure described by Claire in comment 1. All services start properly and can be reached via telnet, restricted access using a password is working too. I could not check CVE-2012-1820. Testing complete on i586 Mageia 2. Validating update. Advisory and SRPMs: See comment 0. Could a sysadmin push the update from core/updates_testing to core/updates? Thanks in advance.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsWhiteboard: MGA1TOO, mga2-64-OK, mga1-64-OK mga1-32-OK => MGA1TOO, mga2-64-OK, mga1-64-OK, mga1-32-OK, mga2-32-OK
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0133
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED
Testing on x86_64. Had tested it before on another bug. Started a few services. $ sudo watchquagga -d zebra bgpd ospfd ospf6d ripd $ tail -40 /var/log/syslog ................... May 5 10:01:09 vega watchquagga[11287]: watchquagga 0.99.22.4 watching [zebra bgpd ospfd ospf6d ripd], mode [monitor] May 5 10:01:09 vega watchquagga[11287]: ospf6d state -> up : connect succeeded May 5 10:01:09 vega watchquagga[11287]: ripd state -> up : connect succeeded May 5 10:01:09 vega watchquagga[11287]: ospfd state -> up : connect succeeded May 5 10:01:09 vega watchquagga[11287]: zebra state -> up : connect succeeded May 5 10:01:10 vega watchquagga[11287]: bgpd state -> up : connect succeeded Stopped ospf6d and checked syslog. May 5 10:02:45 vega watchquagga[11287]: ospf6d state -> down : read returned EOF $ systemctl status ospf6d â ospf6d.service - OSPF routing daemon for IPv6 Loaded: loaded (/usr/lib/systemd/system/ospf6d.service; enabled) Active: inactive (dead) since Thu 2016-05-05 10:02:45 BST; 16min ago Docs: man:ospfd(8) man:zebra(8) Main PID: 10613 (code=exited, status=0/SUCCESS) $ sudo netstat -tapnl | grep ':260' > quagga.netlog $ cat quagga.netlog tcp 0 0 0.0.0.0:2601 0.0.0.0:* LISTEN 10556/zebra tcp 0 0 0.0.0.0:2602 0.0.0.0:* LISTEN 10590/ripd tcp 0 0 0.0.0.0:2603 0.0.0.0:* LISTEN 10636/ripngd tcp 0 0 0.0.0.0:2604 0.0.0.0:* LISTEN 10659/ospfd tcp 0 0 0.0.0.0:2605 0.0.0.0:* LISTEN 10682/bgpd tcp6 0 0 :::2601 :::* LISTEN 10556/zebra tcp6 0 0 :::2602 :::* LISTEN 10590/ripd tcp6 0 0 :::2603 :::* LISTEN 10636/ripngd tcp6 0 0 :::2604 :::* LISTEN 10659/ospfd tcp6 0 0 :::2605 :::* LISTEN 10682/bgpd [ Logged in to zebra $ telnet localhost 2601 Tried ? and list to show commands Router> show version Quagga 0.99.22.4 (Router). Copyright 1996-2005 Kunihiro Ishiguro, et al. Router> show history list show history show version Router> show ip mroute Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, A - Babel, > - selected route, * - FIB route C>* 127.0.0.0/8 is directly connected, lo C>* 192.168.1.0/24 is directly connected, enp3s0 Tried the ipv6 services: $ telnet ::1 2605 bgpd> who vty[13] connected from ::1. bgpd> exit $ telnet ::1 2604 ospfd> show ip ospf route ============ OSPF network routing table ============ N 192.168.1.0/24 [10] area: 0.0.0.0 directly attached to enp3s0 ospfd> exit Started ospf6d. $ tail -320 /var/log/syslog | grep ospf6 May 5 11:09:23 vega watchquagga[11287]: ospf6d state -> up : connect succeeded $ telnet localhost 2606 ospf6d@plant# show ip access-list OSPF6: Zebra IP access list access4 permit 127.0.0.1/32 ospf6d@plant# show ipv6 ospf6 OSPFv3 Routing Process (0) with Router-ID 255.1.1.1 Running 00:18:38 Number of AS scoped LSAs is 0 Number of areas in this router is 1 Area 0.0.0.0 Number of Area scoped LSAs is 0 Interface attached to this area: fxp0 CGroup: /system.slice/ospf6d.service ââ5878 /usr/sbin/ospf6d -d This all looks fine.
CC: (none) => tarazed25
Darn it. Wrong bug again.