Ubuntu 14.04 LTS / 16.04 LTS / 17.04 / 17.10 : quagga vulnerabilities (USN-3471-1)
High Nessus Plugin ID 104323
SynopsisThe remote Ubuntu host is missing one or more security-related patches.
DescriptionAndreas Jaggi discovered that Quagga incorrectly handled certain BGP UPDATE messages. A remote attacker could possibly use this issue to cause Quagga to crash, resulting in a denial of service.
Quentin Young discovered that Quagga incorrectly handled memory in the telnet vty CLI. An attacker able to connect to the telnet interface could possibly use this issue to cause Quagga to consume memory, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-5495).
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected quagga and / or quagga-bgpd packages.