Security Update: Muli-Router Looking Glass (MRLG) version 5.5.0 released
I was contacted by Luca Bruno a couple of months ago regarding the fastping.c utility that has been included with MRLG for the past 14 years. It seems that fastping.c is vulnerable to a crafted attack that can cause remote memory overwrite/corruption. The fastping.c utility was only used by MRLG in the outside chance that the "router" in question was Zebra/Quagga. Based on Google results, this is a very minuscule minority of installations that utilize MRLG. I was OCONUS with limited connectivity when Luca contacted me, in addition to being up to my eyeballs dealing with a Southeast Asia network redesign. Last night, I had some downtime and was able to put together a (superior?) replacement for fastping.c that utilizes the existing ping utility on the MRLG host system while emulating the Cisco IOS ping facility. I have released MRLG 5.5.0 as of Sat Sep 27 03:16:28 UTC 2014. It is a (nearly) drop-in replacement for all previous versions of MRLG that addresses the issue that Luca Bruno and Mariano Graziano brought to light in CVE-2014-3931. See: http://www.s3.eurecom.fr/cve/CVE-2014-3931.txt The latest MRLG (5.5.0) is available at http://mrlg.op-sec.us/ I know that the details of this CVE was published at: http://mailman.nanog.org/pipermail/nanog/2014-July/068014.html and http://www.s3.eurecom.fr/lg/defcon_looking-glass.pdf http://vrt-blog.snort.org/2014/09/looking-glasses-with-bacon.html http://tools.cisco.com/security/center/viewAlert.x?alertId=35693 https://www.defcon.org/images/defcon-22/dc-22-presentations/Bruno-Graziano/D... https://www.usenix.org/system/files/conference/woot14/woot14-bruno.pdf There are likely many other locations at which CVE-2014-3931 is detailed. I ask that the NANOG community make it known - via whatever channels - that this vulnerability has been addressed and mitigated and that you please point folks to http://mrlg.op-sec.us/ for the latest code. Many thanks! -- John Fraizer ΥΣΜΧ
participants (1)
-
John Fraizer