Security Update: Muli-Router Looking Glass (MRLG) version 5.5.0 released

John Fraizer john at op-sec.us
Sun Sep 28 03:06:57 UTC 2014


I was contacted by Luca Bruno a couple of months ago regarding the
fastping.c utility that has been included with MRLG for the past 14 years.
It seems that fastping.c is vulnerable to a crafted attack that can cause
remote memory overwrite/corruption.

The fastping.c utility was only used by MRLG in the outside chance that the
"router" in question was Zebra/Quagga.  Based on Google results, this is a
very minuscule minority of installations that utilize MRLG.

I was OCONUS with limited connectivity when Luca contacted me, in addition
to being up to my eyeballs dealing with a Southeast Asia network redesign.

Last night, I had some downtime and was able to put together a (superior?)
replacement for fastping.c that utilizes the existing ping utility on the
MRLG host system while emulating the Cisco IOS ping facility.

I have released MRLG 5.5.0 as of Sat Sep 27 03:16:28 UTC 2014.  It is a
(nearly) drop-in replacement for all previous versions of MRLG that
addresses the issue that Luca Bruno and Mariano Graziano brought to light
in CVE-2014-3931. See: http://www.s3.eurecom.fr/cve/CVE-2014-3931.txt

The latest MRLG (5.5.0) is available at http://mrlg.op-sec.us/

I know that the details of this CVE was published at:
http://mailman.nanog.org/pipermail/nanog/2014-July/068014.html and
http://www.s3.eurecom.fr/lg/defcon_looking-glass.pdf
http://vrt-blog.snort.org/2014/09/looking-glasses-with-bacon.html
http://tools.cisco.com/security/center/viewAlert.x?alertId=35693
https://www.defcon.org/images/defcon-22/dc-22-presentations/Bruno-Graziano/DEFCON-22-Luca-Bruno-Mariano-Graziano-looking-glass-Updated.pdf
https://www.usenix.org/system/files/conference/woot14/woot14-bruno.pdf

There are likely many other locations at which CVE-2014-3931 is detailed.

I ask that the NANOG community make it known - via whatever channels - that
this vulnerability has been addressed and mitigated and that you please
point folks to http://mrlg.op-sec.us/ for the latest code.

Many thanks!

--
John Fraizer
ΥΣΜΧ



More information about the NANOG mailing list