Security Update: Muli-Router Looking Glass (MRLG) version 5.5.0 released
john at op-sec.us
Sun Sep 28 03:06:57 UTC 2014
I was contacted by Luca Bruno a couple of months ago regarding the
fastping.c utility that has been included with MRLG for the past 14 years.
It seems that fastping.c is vulnerable to a crafted attack that can cause
remote memory overwrite/corruption.
The fastping.c utility was only used by MRLG in the outside chance that the
"router" in question was Zebra/Quagga. Based on Google results, this is a
very minuscule minority of installations that utilize MRLG.
I was OCONUS with limited connectivity when Luca contacted me, in addition
to being up to my eyeballs dealing with a Southeast Asia network redesign.
Last night, I had some downtime and was able to put together a (superior?)
replacement for fastping.c that utilizes the existing ping utility on the
MRLG host system while emulating the Cisco IOS ping facility.
I have released MRLG 5.5.0 as of Sat Sep 27 03:16:28 UTC 2014. It is a
(nearly) drop-in replacement for all previous versions of MRLG that
addresses the issue that Luca Bruno and Mariano Graziano brought to light
in CVE-2014-3931. See: http://www.s3.eurecom.fr/cve/CVE-2014-3931.txt
The latest MRLG (5.5.0) is available at http://mrlg.op-sec.us/
I know that the details of this CVE was published at:
There are likely many other locations at which CVE-2014-3931 is detailed.
I ask that the NANOG community make it known - via whatever channels - that
this vulnerability has been addressed and mitigated and that you please
point folks to http://mrlg.op-sec.us/ for the latest code.
More information about the NANOG