Candidate: CVE-2017-3224
PublicDate: 2018-07-24 15:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3224
 http://www.kb.cert.org/vuls/id/793496
Description:
 Open Shortest Path First (OSPF) protocol implementations may improperly
 determine Link State Advertisement (LSA) recency for LSAs with
 MaxSequenceNumber. According to RFC 2328 section 13.1, for two instances of
 the same LSA, recency is determined by first comparing sequence numbers,
 then checksums, and finally MaxAge. In a case where the sequence numbers
 are the same, the LSA with the larger checksum is considered more recent,
 and will not be flushed from the Link State Database (LSDB). Since the RFC
 does not explicitly state that the values of links carried by a LSA must be
 the same when prematurely aging a self-originating LSA with
 MaxSequenceNumber, it is possible in vulnerable OSPF implementations for an
 attacker to craft a LSA with MaxSequenceNumber and invalid links that will
 result in a larger checksum and thus a 'newer' LSA that will not be flushed
 from the LSDB. Propagation of the crafted LSA can result in the erasure or
 alteration of the routing tables of routers within the routing domain,
 creating a denial of service condition or the re-routing of traffic on the
 network. CVE-2017-3224 has been reserved for Quagga and downstream
 implementations (SUSE, openSUSE, and Red Hat packages).
Ubuntu-Description:
Notes:
 mdeslaur> no upstream fix as of 2018-02-19
 mdeslaur> while upstream do not have a fix as of 2021-11-22, we can
 mdeslaur> possibly use the fix from frr
Bugs:
 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871617
Priority: low
Discovered-by: Adi Sosnovich, Orna Grumberg, and Gabi Nakibly
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H [8.2 HIGH]

Patches_quagga:
 other: https://github.com/FRRouting/frr/commit/7791d3deab8f4bbee2ccdd98ea596617536bc681
upstream_quagga: needed
precise/esm_quagga: DNE
trusty_quagga: ignored (reached end-of-life)
trusty/esm_quagga: DNE (trusty was deferred [2018-02-19])
vivid/ubuntu-core_quagga: DNE
xenial_quagga: ignored (end of standard support, was deferred [2018-02-19])
esm-infra/xenial_quagga: needed
zesty_quagga: ignored (reached end-of-life)
artful_quagga: ignored (reached end-of-life)
bionic_quagga: needed
cosmic_quagga: ignored (reached end-of-life)
disco_quagga: ignored (reached end-of-life)
eoan_quagga: ignored (reached end-of-life)
focal_quagga: needed
groovy_quagga: ignored (reached end-of-life)
hirsute_quagga: ignored (reached end-of-life)
impish_quagga: needed
jammy_quagga: DNE
devel_quagga: DNE