All the vulnerabilites related to quagga - quagga
var-201103-0200
Vulnerability from variot
The extended-community parser in bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed Extended Communities attribute. Quagga is prone to a remote denial-of-service vulnerability caused by a NULL-pointer dereference in the Border Gateway Protocol daemon (bgpd). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201202-02
http://security.gentoo.org/
Severity: High Title: Quagga: Multiple vulnerabilities Date: February 21, 2012 Bugs: #334303, #359903, #384651 ID: 201202-02
Synopsis
Multiple vulnerabilities were found in Quagga, the worst of which leading to remote execution of arbitrary code.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/quagga < 0.99.20 >= 0.99.20
Description
Multiple vulnerabilities have been discovered in Quagga. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All Quagga users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/quagga-0.99.20 "
References
[ 1 ] CVE-2010-1674 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1674 [ 2 ] CVE-2010-1675 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1675 [ 3 ] CVE-2010-2948 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2948 [ 4 ] CVE-2010-2949 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2949 [ 5 ] CVE-2011-3323 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3323 [ 6 ] CVE-2011-3324 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3324 [ 7 ] CVE-2011-3325 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3325 [ 8 ] CVE-2011-3326 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3326 [ 9 ] CVE-2011-3327 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3327
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201202-02.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . =========================================================== Ubuntu Security Notice USN-1095-1 March 29, 2011 quagga vulnerabilities CVE-2010-1674, CVE-2010-1675 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 9.10 Ubuntu 10.04 LTS Ubuntu 10.10
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 6.06 LTS: quagga 0.99.2-1ubuntu3.8
Ubuntu 8.04 LTS: quagga 0.99.9-2ubuntu1.5
Ubuntu 9.10: quagga 0.99.13-1ubuntu0.2
Ubuntu 10.04 LTS: quagga 0.99.15-1ubuntu0.2
Ubuntu 10.10: quagga 0.99.17-1ubuntu0.1
In general, a standard system update will make all the necessary changes.
Details follow:
It was discovered that Quagga incorrectly parsed certain malformed extended communities. A remote attacker could use this flaw to disrupt BGP sessions, resulting in a denial of service. This issue only affected Ubuntu 8.04 LTS, 9.10, 10.04 LTS and 10.10. (CVE-2010-1675)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.8.diff.gz
Size/MD5: 36113 1eb66fc5a3782ce0589f2b282e696be2
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.8.dsc
Size/MD5: 1411 87fd7a9171f7c4a4783ad4dc0805f1e1
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2.orig.tar.gz
Size/MD5: 2185137 88087d90697fcf5fe192352634f340b3
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.2-1ubuntu3.8_all.deb
Size/MD5: 664436 d8113a629e9b671fc0bb82464673039d
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.8_amd64.deb
Size/MD5: 1401410 014fe0299907e363b1ffb42c75c89ee1
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.8_i386.deb
Size/MD5: 1199776 21c7bb4881d3ba04dfc33e862571307f
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.8_powerpc.deb
Size/MD5: 1351840 38aed9b6353cb4726cede9f8ec9316b0
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.8_sparc.deb
Size/MD5: 1322762 acb31557865b45c8f66cec902472f18f
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.5.diff.gz
Size/MD5: 39262 3c6096477f97056af0838c3408b04f35
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.5.dsc
Size/MD5: 1620 80f65b3b497f46ec444fa32c2162bbc4
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9.orig.tar.gz
Size/MD5: 2341067 4dbdaf91bf6609803819d97d5fccc4c9
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.9-2ubuntu1.5_all.deb
Size/MD5: 662098 1c1e9e6549bb08f0a35b67f0d3912b9d
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.5_amd64.deb
Size/MD5: 1620432 1951c3240090d233607c5e89bd1225db
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.5_i386.deb
Size/MD5: 1463056 15eddb43ab310e96ef948547469e72a5
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.5_lpia.deb
Size/MD5: 1462096 ed77eba019eb94648d3fa9511f5a66b1
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.5_powerpc.deb
Size/MD5: 1659220 0b0d9f9d494bd351004c24deba1486e5
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.5_sparc.deb
Size/MD5: 1521800 69d72391cb794ea1aff05a3c027d1d0b
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.2.diff.gz
Size/MD5: 36744 ca2b7bc99044a0cd3a9dca3074092d7e
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.2.dsc
Size/MD5: 2062 f56ce9074d4b944d1ac402917751c8d2
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.13.orig.tar.gz
Size/MD5: 2172551 55a7d2dcf016580a7c7412b3518cd942
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.13-1ubuntu0.2_all.deb
Size/MD5: 661830 d317a74df29d0d9d2b29d8125901fbdc
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.2_amd64.deb
Size/MD5: 1704898 517cf7575403cc3d8dfad3919cc94222
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.2_i386.deb
Size/MD5: 1565536 2b55c6c86db3e7975532beb621cdf2d1
armel architecture (ARM Architecture):
http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.2_armel.deb
Size/MD5: 1494646 8e7bb17883bb8b330631ce1940ca1325
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.2_lpia.deb
Size/MD5: 1550538 90aecebc5d3e040b4f39cde032254e4e
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.2_powerpc.deb
Size/MD5: 1646082 0dbfc717390f284b00b373eb9c8eddc1
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.2_sparc.deb
Size/MD5: 1624232 0ad27739f04adebb1041175ba59ac9db
Updated packages for Ubuntu 10.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.2.diff.gz
Size/MD5: 38186 c160867f187579266c7e9e2530901c46
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.2.dsc
Size/MD5: 2043 2782c599e61e924024bac7c91bf625dc
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.15.orig.tar.gz
Size/MD5: 2191159 8975414c76a295f4855a417af0b5ddce
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.15-1ubuntu0.2_all.deb
Size/MD5: 764192 21b1009ec5cfa212cfb67b510de43195
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.2_amd64.deb
Size/MD5: 1713668 9437d1d013562e9d5d1f63f13e793076
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.2_i386.deb
Size/MD5: 1570952 c5d82ca896668c53ef9677f0fee9eaa5
armel architecture (ARM Architecture):
http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.2_armel.deb
Size/MD5: 1514696 16e37adb96dc8598618197de47acd024
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.2_powerpc.deb
Size/MD5: 1653666 6003dce9a240f5fa898c3998d427bb25
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.2_sparc.deb
Size/MD5: 1669528 9b6a52df93c0b1df44b96c3d3bf0981b
Updated packages for Ubuntu 10.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.17-1ubuntu0.1.diff.gz
Size/MD5: 36082 0ea8c4782b542282bc7df2802f946901
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.17-1ubuntu0.1.dsc
Size/MD5: 2052 472f8f02bc416bf043867b062434dba1
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.17.orig.tar.gz
Size/MD5: 2202151 37b9022adca04b03863d2d79787e643f
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.17-1ubuntu0.1_all.deb
Size/MD5: 608746 60d0be23780e4b79af1e9eece53ddb89
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.17-1ubuntu0.1_amd64.deb
Size/MD5: 1693118 512b7d6309cfaee4beb2196bf47c56be
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.17-1ubuntu0.1_i386.deb
Size/MD5: 1546418 e6a2d015781c42db6ce07c5a17f0bfea
armel architecture (ARM Architecture):
http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.17-1ubuntu0.1_armel.deb
Size/MD5: 1580728 7aa4098e017a8c5e721e91712d13d7b2
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.17-1ubuntu0.1_powerpc.deb
Size/MD5: 1626462 21bd8343d8d5753b08b581b93e158f93
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: quagga security update Advisory ID: RHSA-2012:1258-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1258.html Issue date: 2012-09-12 CVE Names: CVE-2010-1674 CVE-2011-3323 CVE-2011-3324 CVE-2011-3325 CVE-2011-3326 CVE-2011-3327 CVE-2012-0249 CVE-2012-0250 =====================================================================
- Summary:
Updated quagga packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
- Description:
Quagga is a TCP/IP based routing software suite. The Quagga ospfd and ospf6d daemons implement the OSPF (Open Shortest Path First) routing protocol.
A heap-based buffer overflow flaw was found in the way the bgpd daemon processed malformed Extended Communities path attributes. An attacker could send a specially-crafted BGP message, causing bgpd on a target system to crash or, possibly, execute arbitrary code with the privileges of the user running bgpd. The UPDATE message would have to arrive from an explicitly configured BGP peer, but could have originated elsewhere in the BGP network. A configured BGP peer could crash bgpd on a target system via a specially-crafted BGP message. (CVE-2010-1674)
A stack-based buffer overflow flaw was found in the way the ospf6d daemon processed malformed Link State Update packets. An OSPF router could use this flaw to crash ospf6d on an adjacent router. (CVE-2011-3323)
A flaw was found in the way the ospf6d daemon processed malformed link state advertisements. An OSPF neighbor could use this flaw to crash ospf6d on a target system. (CVE-2011-3324)
A flaw was found in the way the ospfd daemon processed malformed Hello packets. An OSPF neighbor could use this flaw to crash ospfd on a target system. (CVE-2011-3325)
A flaw was found in the way the ospfd daemon processed malformed link state advertisements. An OSPF router in the autonomous system could use this flaw to crash ospfd on a target system. (CVE-2011-3326)
An assertion failure was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to cause ospfd on an adjacent router to abort. (CVE-2012-0249)
A buffer overflow flaw was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to crash ospfd on an adjacent router. (CVE-2012-0250)
Red Hat would like to thank CERT-FI for reporting CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326; and the CERT/CC for reporting CVE-2012-0249 and CVE-2012-0250. CERT-FI acknowledges Riku Hietamäki, Tuomo Untinen and Jukka Taimisto of the Codenomicon CROSS project as the original reporters of CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326. The CERT/CC acknowledges Martin Winter at OpenSourceRouting.org as the original reporter of CVE-2012-0249 and CVE-2012-0250.
Users of quagga should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the bgpd, ospfd, and ospf6d daemons will be restarted automatically.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258
- Bugs fixed (http://bugzilla.redhat.com/):
654603 - CVE-2010-1674 quagga: DoS (crash) by processing malformed extended community attribute in a route 738393 - CVE-2011-3323 Quagga (ospf6d): Stack-based buffer overflow while decoding Link State Update packet with malformed Inter Area Prefix LSA 738394 - CVE-2011-3324 Quagga (ospf6d): Denial of service by decoding malformed Database Description packet headers 738396 - CVE-2011-3325 Quagga (ospfd): Denial of service by decoding too short Hello packet or Hello packet with invalid OSPFv2 header type 738398 - CVE-2011-3326 Quagga (ospfd): Denial of service by decoding Link State Update LSAs of unknown type 738400 - CVE-2011-3327 Quagga (bgpd): Heap-based buffer overflow by decoding BGP UPDATE message with unknown AS_PATH attributes 802827 - CVE-2012-0249 quagga (ospfd): Assertion failure due improper length check for a received LS-Update OSPF packet 802829 - CVE-2012-0250 quagga (ospfd): Crash by processing LS-Update OSPF packet due improper length check of the Network-LSA structures
- Package List:
Red Hat Enterprise Linux Desktop (v. 5 client):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/quagga-0.98.6-7.el5_8.1.src.rpm
i386: quagga-contrib-0.98.6-7.el5_8.1.i386.rpm quagga-debuginfo-0.98.6-7.el5_8.1.i386.rpm
x86_64: quagga-contrib-0.98.6-7.el5_8.1.x86_64.rpm quagga-debuginfo-0.98.6-7.el5_8.1.x86_64.rpm
RHEL Desktop Workstation (v. 5 client):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/quagga-0.98.6-7.el5_8.1.src.rpm
i386: quagga-0.98.6-7.el5_8.1.i386.rpm quagga-debuginfo-0.98.6-7.el5_8.1.i386.rpm quagga-devel-0.98.6-7.el5_8.1.i386.rpm
x86_64: quagga-0.98.6-7.el5_8.1.x86_64.rpm quagga-debuginfo-0.98.6-7.el5_8.1.i386.rpm quagga-debuginfo-0.98.6-7.el5_8.1.x86_64.rpm quagga-devel-0.98.6-7.el5_8.1.i386.rpm quagga-devel-0.98.6-7.el5_8.1.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/quagga-0.98.6-7.el5_8.1.src.rpm
i386: quagga-0.98.6-7.el5_8.1.i386.rpm quagga-contrib-0.98.6-7.el5_8.1.i386.rpm quagga-debuginfo-0.98.6-7.el5_8.1.i386.rpm quagga-devel-0.98.6-7.el5_8.1.i386.rpm
ia64: quagga-0.98.6-7.el5_8.1.ia64.rpm quagga-contrib-0.98.6-7.el5_8.1.ia64.rpm quagga-debuginfo-0.98.6-7.el5_8.1.ia64.rpm quagga-devel-0.98.6-7.el5_8.1.ia64.rpm
ppc: quagga-0.98.6-7.el5_8.1.ppc.rpm quagga-contrib-0.98.6-7.el5_8.1.ppc.rpm quagga-debuginfo-0.98.6-7.el5_8.1.ppc.rpm quagga-debuginfo-0.98.6-7.el5_8.1.ppc64.rpm quagga-devel-0.98.6-7.el5_8.1.ppc.rpm quagga-devel-0.98.6-7.el5_8.1.ppc64.rpm
s390x: quagga-0.98.6-7.el5_8.1.s390x.rpm quagga-contrib-0.98.6-7.el5_8.1.s390x.rpm quagga-debuginfo-0.98.6-7.el5_8.1.s390.rpm quagga-debuginfo-0.98.6-7.el5_8.1.s390x.rpm quagga-devel-0.98.6-7.el5_8.1.s390.rpm quagga-devel-0.98.6-7.el5_8.1.s390x.rpm
x86_64: quagga-0.98.6-7.el5_8.1.x86_64.rpm quagga-contrib-0.98.6-7.el5_8.1.x86_64.rpm quagga-debuginfo-0.98.6-7.el5_8.1.i386.rpm quagga-debuginfo-0.98.6-7.el5_8.1.x86_64.rpm quagga-devel-0.98.6-7.el5_8.1.i386.rpm quagga-devel-0.98.6-7.el5_8.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2010-1674.html https://www.redhat.com/security/data/cve/CVE-2011-3323.html https://www.redhat.com/security/data/cve/CVE-2011-3324.html https://www.redhat.com/security/data/cve/CVE-2011-3325.html https://www.redhat.com/security/data/cve/CVE-2011-3326.html https://www.redhat.com/security/data/cve/CVE-2011-3327.html https://www.redhat.com/security/data/cve/CVE-2012-0249.html https://www.redhat.com/security/data/cve/CVE-2012-0250.html https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFQUOwgXlSAg2UNWIIRAnpmAKCmR0UYneuYqhGXzZc7Wol864tlKACeIGwA EBCd27eTiT5JPHMgOGBqNSI= =Q9Tw -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. The crafted attributes are not propagated by the Internet core, so only explicitly configured direct peers are able to exploit this vulnerability in typical configurations.
CVE-2010-1675 The BGP daemon resets BGP sessions when it encounters malformed AS_PATHLIMIT attributes, introducing a distributed BGP session reset vulnerability which disrupts packet forwarding. Such malformed attributes are propagated by the Internet core, and exploitation of this vulnerability is not restricted to directly configured BGP peers.
This security update removes AS_PATHLIMIT processing from the BGP implementation, preserving the configuration statements for backwards compatibility. (Standardization of this BGP extension was abandoned long ago.)
For the oldstable distribution (lenny), these problems have been fixed in version 0.99.10-1lenny5.
For the stable distribution (squeeze), these problems have been fixed in version 0.99.17-2+squeeze2.
For the testing distribution (wheezy) and the unstable distribution (sid), these problems will fixed soon. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201103-0200",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quagga",
"scope": "eq",
"trust": 1.9,
"vendor": "quagga",
"version": "0.99.15"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.9,
"vendor": "quagga",
"version": "0.99.14"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.9,
"vendor": "quagga",
"version": "0.99.13"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.9,
"vendor": "quagga",
"version": "0.99.12"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.9,
"vendor": "quagga",
"version": "0.99.6"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.9,
"vendor": "quagga",
"version": "0.99.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.9,
"vendor": "quagga",
"version": "0.99.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.9,
"vendor": "quagga",
"version": "0.99.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.9,
"vendor": "quagga",
"version": "0.99.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.9,
"vendor": "quagga",
"version": "0.99.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.3,
"vendor": "quagga",
"version": "0.99.16"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.3,
"vendor": "quagga",
"version": "0.99.11"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.3,
"vendor": "quagga",
"version": "0.99.10"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.3,
"vendor": "quagga",
"version": "0.99.9"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.3,
"vendor": "quagga",
"version": "0.99.8"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.3,
"vendor": "quagga",
"version": "0.99.7"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.3,
"vendor": "quagga",
"version": "0.98.6"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.3,
"vendor": "quagga",
"version": "0.98.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.3,
"vendor": "quagga",
"version": "0.98.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.3,
"vendor": "quagga",
"version": "0.98.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.3,
"vendor": "quagga",
"version": "0.98.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.3,
"vendor": "quagga",
"version": "0.97.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.3,
"vendor": "quagga",
"version": "0.97.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.3,
"vendor": "quagga",
"version": "0.97.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.3,
"vendor": "quagga",
"version": "0.97.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.3,
"vendor": "quagga",
"version": "0.96.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.3,
"vendor": "quagga",
"version": "0.96.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.3,
"vendor": "quagga",
"version": "0.96.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.3,
"vendor": "quagga",
"version": "0.98.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.3,
"vendor": "quagga",
"version": "0.97.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.3,
"vendor": "quagga",
"version": "0.96.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.3,
"vendor": "quagga",
"version": "0.96.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.3,
"vendor": "quagga",
"version": "0.96"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.3,
"vendor": "quagga",
"version": "0.95"
},
{
"model": "quagga",
"scope": "lte",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.17"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.0"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.0"
},
{
"model": "quagga",
"scope": "lt",
"trust": 0.8,
"vendor": "quagga",
"version": "0.99.18"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux enterprise server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11.4"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11.3"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.2"
},
{
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "hat enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "hat enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "hat enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "hat enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.17"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.16"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.15"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.11"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.9"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.8"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.7"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.6"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.5"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.4"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.3"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.2"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.1"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.6"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.5"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.3"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.97.3"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.4"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.3"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.17"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.97"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5"
},
{
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
}
],
"sources": [
{
"db": "BID",
"id": "46942"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001443"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-332"
},
{
"db": "NVD",
"id": "CVE-2010-1674"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "0.99.17",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.95:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2010-1674"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Debian",
"sources": [
{
"db": "BID",
"id": "46942"
},
{
"db": "PACKETSTORM",
"id": "99562"
}
],
"trust": 0.4
},
"cve": "CVE-2010-1674",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/severity#"
},
"@id": "https://www.variotdbs.pl/ref/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2010-1674",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.8,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2010-1674",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201103-332",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-001443"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-332"
},
{
"db": "NVD",
"id": "CVE-2010-1674"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The extended-community parser in bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed Extended Communities attribute. Quagga is prone to a remote denial-of-service vulnerability caused by a NULL-pointer dereference in the Border Gateway Protocol daemon (bgpd). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201202-02\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Quagga: Multiple vulnerabilities\n Date: February 21, 2012\n Bugs: #334303, #359903, #384651\n ID: 201202-02\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities were found in Quagga, the worst of which\nleading to remote execution of arbitrary code. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/quagga \u003c 0.99.20 \u003e= 0.99.20\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Quagga. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Quagga users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/quagga-0.99.20 \"\n\nReferences\n==========\n\n[ 1 ] CVE-2010-1674\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1674\n[ 2 ] CVE-2010-1675\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1675\n[ 3 ] CVE-2010-2948\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2948\n[ 4 ] CVE-2010-2949\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2949\n[ 5 ] CVE-2011-3323\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3323\n[ 6 ] CVE-2011-3324\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3324\n[ 7 ] CVE-2011-3325\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3325\n[ 8 ] CVE-2011-3326\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3326\n[ 9 ] CVE-2011-3327\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3327\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201202-02.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ===========================================================\nUbuntu Security Notice USN-1095-1 March 29, 2011\nquagga vulnerabilities\nCVE-2010-1674, CVE-2010-1675\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 6.06 LTS\nUbuntu 8.04 LTS\nUbuntu 9.10\nUbuntu 10.04 LTS\nUbuntu 10.10\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 6.06 LTS:\n quagga 0.99.2-1ubuntu3.8\n\nUbuntu 8.04 LTS:\n quagga 0.99.9-2ubuntu1.5\n\nUbuntu 9.10:\n quagga 0.99.13-1ubuntu0.2\n\nUbuntu 10.04 LTS:\n quagga 0.99.15-1ubuntu0.2\n\nUbuntu 10.10:\n quagga 0.99.17-1ubuntu0.1\n\nIn general, a standard system update will make all the necessary changes. \n\nDetails follow:\n\nIt was discovered that Quagga incorrectly parsed certain malformed extended\ncommunities. A remote attacker could use this flaw to\ndisrupt BGP sessions, resulting in a denial of service. This issue only affected Ubuntu 8.04 LTS,\n9.10, 10.04 LTS and 10.10. (CVE-2010-1675)\n\n\nUpdated packages for Ubuntu 6.06 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.8.diff.gz\n Size/MD5: 36113 1eb66fc5a3782ce0589f2b282e696be2\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.8.dsc\n Size/MD5: 1411 87fd7a9171f7c4a4783ad4dc0805f1e1\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2.orig.tar.gz\n Size/MD5: 2185137 88087d90697fcf5fe192352634f340b3\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.2-1ubuntu3.8_all.deb\n Size/MD5: 664436 d8113a629e9b671fc0bb82464673039d\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.8_amd64.deb\n Size/MD5: 1401410 014fe0299907e363b1ffb42c75c89ee1\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.8_i386.deb\n Size/MD5: 1199776 21c7bb4881d3ba04dfc33e862571307f\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.8_powerpc.deb\n Size/MD5: 1351840 38aed9b6353cb4726cede9f8ec9316b0\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.8_sparc.deb\n Size/MD5: 1322762 acb31557865b45c8f66cec902472f18f\n\nUpdated packages for Ubuntu 8.04 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.5.diff.gz\n Size/MD5: 39262 3c6096477f97056af0838c3408b04f35\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.5.dsc\n Size/MD5: 1620 80f65b3b497f46ec444fa32c2162bbc4\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9.orig.tar.gz\n Size/MD5: 2341067 4dbdaf91bf6609803819d97d5fccc4c9\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.9-2ubuntu1.5_all.deb\n Size/MD5: 662098 1c1e9e6549bb08f0a35b67f0d3912b9d\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.5_amd64.deb\n Size/MD5: 1620432 1951c3240090d233607c5e89bd1225db\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.5_i386.deb\n Size/MD5: 1463056 15eddb43ab310e96ef948547469e72a5\n\n lpia architecture (Low Power Intel Architecture):\n\n http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.5_lpia.deb\n Size/MD5: 1462096 ed77eba019eb94648d3fa9511f5a66b1\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.5_powerpc.deb\n Size/MD5: 1659220 0b0d9f9d494bd351004c24deba1486e5\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.5_sparc.deb\n Size/MD5: 1521800 69d72391cb794ea1aff05a3c027d1d0b\n\nUpdated packages for Ubuntu 9.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.2.diff.gz\n Size/MD5: 36744 ca2b7bc99044a0cd3a9dca3074092d7e\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.2.dsc\n Size/MD5: 2062 f56ce9074d4b944d1ac402917751c8d2\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.13.orig.tar.gz\n Size/MD5: 2172551 55a7d2dcf016580a7c7412b3518cd942\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.13-1ubuntu0.2_all.deb\n Size/MD5: 661830 d317a74df29d0d9d2b29d8125901fbdc\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.2_amd64.deb\n Size/MD5: 1704898 517cf7575403cc3d8dfad3919cc94222\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.2_i386.deb\n Size/MD5: 1565536 2b55c6c86db3e7975532beb621cdf2d1\n\n armel architecture (ARM Architecture):\n\n http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.2_armel.deb\n Size/MD5: 1494646 8e7bb17883bb8b330631ce1940ca1325\n\n lpia architecture (Low Power Intel Architecture):\n\n http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.2_lpia.deb\n Size/MD5: 1550538 90aecebc5d3e040b4f39cde032254e4e\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.2_powerpc.deb\n Size/MD5: 1646082 0dbfc717390f284b00b373eb9c8eddc1\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.2_sparc.deb\n Size/MD5: 1624232 0ad27739f04adebb1041175ba59ac9db\n\nUpdated packages for Ubuntu 10.04 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.2.diff.gz\n Size/MD5: 38186 c160867f187579266c7e9e2530901c46\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.2.dsc\n Size/MD5: 2043 2782c599e61e924024bac7c91bf625dc\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.15.orig.tar.gz\n Size/MD5: 2191159 8975414c76a295f4855a417af0b5ddce\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.15-1ubuntu0.2_all.deb\n Size/MD5: 764192 21b1009ec5cfa212cfb67b510de43195\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.2_amd64.deb\n Size/MD5: 1713668 9437d1d013562e9d5d1f63f13e793076\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.2_i386.deb\n Size/MD5: 1570952 c5d82ca896668c53ef9677f0fee9eaa5\n\n armel architecture (ARM Architecture):\n\n http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.2_armel.deb\n Size/MD5: 1514696 16e37adb96dc8598618197de47acd024\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.2_powerpc.deb\n Size/MD5: 1653666 6003dce9a240f5fa898c3998d427bb25\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.2_sparc.deb\n Size/MD5: 1669528 9b6a52df93c0b1df44b96c3d3bf0981b\n\nUpdated packages for Ubuntu 10.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.17-1ubuntu0.1.diff.gz\n Size/MD5: 36082 0ea8c4782b542282bc7df2802f946901\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.17-1ubuntu0.1.dsc\n Size/MD5: 2052 472f8f02bc416bf043867b062434dba1\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.17.orig.tar.gz\n Size/MD5: 2202151 37b9022adca04b03863d2d79787e643f\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.17-1ubuntu0.1_all.deb\n Size/MD5: 608746 60d0be23780e4b79af1e9eece53ddb89\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.17-1ubuntu0.1_amd64.deb\n Size/MD5: 1693118 512b7d6309cfaee4beb2196bf47c56be\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.17-1ubuntu0.1_i386.deb\n Size/MD5: 1546418 e6a2d015781c42db6ce07c5a17f0bfea\n\n armel architecture (ARM Architecture):\n\n http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.17-1ubuntu0.1_armel.deb\n Size/MD5: 1580728 7aa4098e017a8c5e721e91712d13d7b2\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.17-1ubuntu0.1_powerpc.deb\n Size/MD5: 1626462 21bd8343d8d5753b08b581b93e158f93\n\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: quagga security update\nAdvisory ID: RHSA-2012:1258-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2012-1258.html\nIssue date: 2012-09-12\nCVE Names: CVE-2010-1674 CVE-2011-3323 CVE-2011-3324 \n CVE-2011-3325 CVE-2011-3326 CVE-2011-3327 \n CVE-2012-0249 CVE-2012-0250 \n=====================================================================\n\n1. Summary:\n\nUpdated quagga packages that fix multiple security issues are now available\nfor Red Hat Enterprise Linux 5. \n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRHEL Desktop Workstation (v. 5 client) - i386, x86_64\nRed Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64\nRed Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64\n\n3. Description:\n\nQuagga is a TCP/IP based routing software suite. The Quagga\nospfd and ospf6d daemons implement the OSPF (Open Shortest Path First)\nrouting protocol. \n\nA heap-based buffer overflow flaw was found in the way the bgpd daemon\nprocessed malformed Extended Communities path attributes. An attacker could\nsend a specially-crafted BGP message, causing bgpd on a target system to\ncrash or, possibly, execute arbitrary code with the privileges of the user\nrunning bgpd. The UPDATE message would have to arrive from an explicitly\nconfigured BGP peer, but could have originated elsewhere in the BGP\nnetwork. A configured\nBGP peer could crash bgpd on a target system via a specially-crafted BGP\nmessage. (CVE-2010-1674)\n\nA stack-based buffer overflow flaw was found in the way the ospf6d daemon\nprocessed malformed Link State Update packets. An OSPF router could use\nthis flaw to crash ospf6d on an adjacent router. (CVE-2011-3323)\n\nA flaw was found in the way the ospf6d daemon processed malformed link\nstate advertisements. An OSPF neighbor could use this flaw to crash\nospf6d on a target system. (CVE-2011-3324)\n\nA flaw was found in the way the ospfd daemon processed malformed Hello\npackets. An OSPF neighbor could use this flaw to crash ospfd on a\ntarget system. (CVE-2011-3325)\n\nA flaw was found in the way the ospfd daemon processed malformed link state\nadvertisements. An OSPF router in the autonomous system could use this flaw\nto crash ospfd on a target system. (CVE-2011-3326)\n\nAn assertion failure was found in the way the ospfd daemon processed\ncertain Link State Update packets. An OSPF router could use this flaw to\ncause ospfd on an adjacent router to abort. (CVE-2012-0249)\n\nA buffer overflow flaw was found in the way the ospfd daemon processed\ncertain Link State Update packets. An OSPF router could use this flaw to\ncrash ospfd on an adjacent router. (CVE-2012-0250)\n\nRed Hat would like to thank CERT-FI for reporting CVE-2011-3327,\nCVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326; and the\nCERT/CC for reporting CVE-2012-0249 and CVE-2012-0250. CERT-FI acknowledges\nRiku Hietam\u00e4ki, Tuomo Untinen and Jukka Taimisto of the Codenomicon CROSS\nproject as the original reporters of CVE-2011-3327, CVE-2011-3323,\nCVE-2011-3324, CVE-2011-3325, and CVE-2011-3326. The CERT/CC acknowledges\nMartin Winter at OpenSourceRouting.org as the original reporter of\nCVE-2012-0249 and CVE-2012-0250. \n\nUsers of quagga should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, the bgpd, ospfd, and ospf6d daemons will be restarted\nautomatically. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n654603 - CVE-2010-1674 quagga: DoS (crash) by processing malformed extended community attribute in a route\n738393 - CVE-2011-3323 Quagga (ospf6d): Stack-based buffer overflow while decoding Link State Update packet with malformed Inter Area Prefix LSA\n738394 - CVE-2011-3324 Quagga (ospf6d): Denial of service by decoding malformed Database Description packet headers\n738396 - CVE-2011-3325 Quagga (ospfd): Denial of service by decoding too short Hello packet or Hello packet with invalid OSPFv2 header type\n738398 - CVE-2011-3326 Quagga (ospfd): Denial of service by decoding Link State Update LSAs of unknown type\n738400 - CVE-2011-3327 Quagga (bgpd): Heap-based buffer overflow by decoding BGP UPDATE message with unknown AS_PATH attributes\n802827 - CVE-2012-0249 quagga (ospfd): Assertion failure due improper length check for a received LS-Update OSPF packet\n802829 - CVE-2012-0250 quagga (ospfd): Crash by processing LS-Update OSPF packet due improper length check of the Network-LSA structures\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 5 client):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/quagga-0.98.6-7.el5_8.1.src.rpm\n\ni386:\nquagga-contrib-0.98.6-7.el5_8.1.i386.rpm\nquagga-debuginfo-0.98.6-7.el5_8.1.i386.rpm\n\nx86_64:\nquagga-contrib-0.98.6-7.el5_8.1.x86_64.rpm\nquagga-debuginfo-0.98.6-7.el5_8.1.x86_64.rpm\n\nRHEL Desktop Workstation (v. 5 client):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/quagga-0.98.6-7.el5_8.1.src.rpm\n\ni386:\nquagga-0.98.6-7.el5_8.1.i386.rpm\nquagga-debuginfo-0.98.6-7.el5_8.1.i386.rpm\nquagga-devel-0.98.6-7.el5_8.1.i386.rpm\n\nx86_64:\nquagga-0.98.6-7.el5_8.1.x86_64.rpm\nquagga-debuginfo-0.98.6-7.el5_8.1.i386.rpm\nquagga-debuginfo-0.98.6-7.el5_8.1.x86_64.rpm\nquagga-devel-0.98.6-7.el5_8.1.i386.rpm\nquagga-devel-0.98.6-7.el5_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux (v. 5 server):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/quagga-0.98.6-7.el5_8.1.src.rpm\n\ni386:\nquagga-0.98.6-7.el5_8.1.i386.rpm\nquagga-contrib-0.98.6-7.el5_8.1.i386.rpm\nquagga-debuginfo-0.98.6-7.el5_8.1.i386.rpm\nquagga-devel-0.98.6-7.el5_8.1.i386.rpm\n\nia64:\nquagga-0.98.6-7.el5_8.1.ia64.rpm\nquagga-contrib-0.98.6-7.el5_8.1.ia64.rpm\nquagga-debuginfo-0.98.6-7.el5_8.1.ia64.rpm\nquagga-devel-0.98.6-7.el5_8.1.ia64.rpm\n\nppc:\nquagga-0.98.6-7.el5_8.1.ppc.rpm\nquagga-contrib-0.98.6-7.el5_8.1.ppc.rpm\nquagga-debuginfo-0.98.6-7.el5_8.1.ppc.rpm\nquagga-debuginfo-0.98.6-7.el5_8.1.ppc64.rpm\nquagga-devel-0.98.6-7.el5_8.1.ppc.rpm\nquagga-devel-0.98.6-7.el5_8.1.ppc64.rpm\n\ns390x:\nquagga-0.98.6-7.el5_8.1.s390x.rpm\nquagga-contrib-0.98.6-7.el5_8.1.s390x.rpm\nquagga-debuginfo-0.98.6-7.el5_8.1.s390.rpm\nquagga-debuginfo-0.98.6-7.el5_8.1.s390x.rpm\nquagga-devel-0.98.6-7.el5_8.1.s390.rpm\nquagga-devel-0.98.6-7.el5_8.1.s390x.rpm\n\nx86_64:\nquagga-0.98.6-7.el5_8.1.x86_64.rpm\nquagga-contrib-0.98.6-7.el5_8.1.x86_64.rpm\nquagga-debuginfo-0.98.6-7.el5_8.1.i386.rpm\nquagga-debuginfo-0.98.6-7.el5_8.1.x86_64.rpm\nquagga-devel-0.98.6-7.el5_8.1.i386.rpm\nquagga-devel-0.98.6-7.el5_8.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2010-1674.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3323.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3324.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3325.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3326.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3327.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0249.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0250.html\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2012 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFQUOwgXlSAg2UNWIIRAnpmAKCmR0UYneuYqhGXzZc7Wol864tlKACeIGwA\nEBCd27eTiT5JPHMgOGBqNSI=\n=Q9Tw\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. \n\tThe crafted attributes are not propagated by the Internet\n\tcore, so only explicitly configured direct peers are able\n\tto exploit this vulnerability in typical configurations. \n\nCVE-2010-1675\n\tThe BGP daemon resets BGP sessions when it encounters\n\tmalformed AS_PATHLIMIT attributes, introducing a distributed\n\tBGP session reset vulnerability which disrupts packet\n\tforwarding. Such malformed attributes are propagated by the\n\tInternet core, and exploitation of this vulnerability is not\n\trestricted to directly configured BGP peers. \n\nThis security update removes AS_PATHLIMIT processing from the BGP\nimplementation, preserving the configuration statements for backwards\ncompatibility. (Standardization of this BGP extension was abandoned\nlong ago.)\n\nFor the oldstable distribution (lenny), these problems have been fixed\nin version 0.99.10-1lenny5. \n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 0.99.17-2+squeeze2. \n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), these problems will fixed soon. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-1674"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001443"
},
{
"db": "BID",
"id": "46942"
},
{
"db": "PACKETSTORM",
"id": "110033"
},
{
"db": "PACKETSTORM",
"id": "99844"
},
{
"db": "PACKETSTORM",
"id": "116468"
},
{
"db": "PACKETSTORM",
"id": "99955"
},
{
"db": "PACKETSTORM",
"id": "99562"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-1674",
"trust": 3.2
},
{
"db": "BID",
"id": "46942",
"trust": 2.7
},
{
"db": "VUPEN",
"id": "ADV-2011-0711",
"trust": 2.4
},
{
"db": "SECUNIA",
"id": "43770",
"trust": 2.4
},
{
"db": "OSVDB",
"id": "71259",
"trust": 2.4
},
{
"db": "SECUNIA",
"id": "43499",
"trust": 1.6
},
{
"db": "XF",
"id": "66211",
"trust": 1.4
},
{
"db": "SECUNIA",
"id": "48106",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001443",
"trust": 0.8
},
{
"db": "DEBIAN",
"id": "DSA-2197",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "16656",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201103-332",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "110033",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "99844",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "116468",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "99955",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "99562",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "46942"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001443"
},
{
"db": "PACKETSTORM",
"id": "110033"
},
{
"db": "PACKETSTORM",
"id": "99844"
},
{
"db": "PACKETSTORM",
"id": "116468"
},
{
"db": "PACKETSTORM",
"id": "99955"
},
{
"db": "PACKETSTORM",
"id": "99562"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-332"
},
{
"db": "NVD",
"id": "CVE-2010-1674"
}
]
},
"id": "VAR-201103-0200",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.1590909
},
"last_update_date": "2022-05-29T18:59:49.964000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Index of /releases/quagga",
"trust": 0.8,
"url": "http://download.savannah.gnu.org/releases/quagga/"
},
{
"title": "RHSA-2011:0406",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2011-0406.html"
},
{
"title": "Multiple Denial of Service vulnerabilities in Quagga",
"trust": 0.8,
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_denial_of_service_vulnerabilities4"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-001443"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-001443"
},
{
"db": "NVD",
"id": "CVE-2010-1674"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://secunia.com/advisories/43770"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/46942"
},
{
"trust": 2.4,
"url": "http://www.vupen.com/english/advisories/2011/0711"
},
{
"trust": 1.6,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=654603"
},
{
"trust": 1.6,
"url": "http://www.quagga.net/news2.php?y=2011\u0026m=3\u0026d=21#id1300723200"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/71259"
},
{
"trust": 1.6,
"url": "http://www.debian.org/security/2011/dsa-2197"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/43499"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/66211"
},
{
"trust": 1.1,
"url": "http://security.gentoo.org/glsa/glsa-201202-02.xml"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2012-1258.html"
},
{
"trust": 1.0,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2011:058"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66211"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/48106"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1674"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1674"
},
{
"trust": 0.8,
"url": "http://osvdb.org/71259"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/16656"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1674"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1675"
},
{
"trust": 0.3,
"url": "http://www.quagga.net/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3323"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3326"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3325"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3324"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3327"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1674"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2949"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3325"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3324"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1675"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2948"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3326"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3327"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3323"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2948"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2949"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.13-1ubuntu0.2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.2.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.17-1ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.15-1ubuntu0.2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.8_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.13.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.2_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.8.diff.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.17-1ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.2_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.17-1ubuntu0.1_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.2.dsc"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.17.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.5.diff.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.2_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.8_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.17-1ubuntu0.1.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.8.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.5.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.17-1ubuntu0.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.2.diff.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.2.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.17-1ubuntu0.1.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.2-1ubuntu3.8_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.8_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.8_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.9-2ubuntu1.5_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.17-1ubuntu0.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.15.orig.tar.gz"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3323.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0250"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3325.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3324.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0249"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2010-1674.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0249.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0250.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/knowledge/articles/11258"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3326.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3327.html"
},
{
"trust": 0.1,
"url": "http://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1675"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
}
],
"sources": [
{
"db": "BID",
"id": "46942"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001443"
},
{
"db": "PACKETSTORM",
"id": "110033"
},
{
"db": "PACKETSTORM",
"id": "99844"
},
{
"db": "PACKETSTORM",
"id": "116468"
},
{
"db": "PACKETSTORM",
"id": "99955"
},
{
"db": "PACKETSTORM",
"id": "99562"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-332"
},
{
"db": "NVD",
"id": "CVE-2010-1674"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "46942"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001443"
},
{
"db": "PACKETSTORM",
"id": "110033"
},
{
"db": "PACKETSTORM",
"id": "99844"
},
{
"db": "PACKETSTORM",
"id": "116468"
},
{
"db": "PACKETSTORM",
"id": "99955"
},
{
"db": "PACKETSTORM",
"id": "99562"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-332"
},
{
"db": "NVD",
"id": "CVE-2010-1674"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-03-21T00:00:00",
"db": "BID",
"id": "46942"
},
{
"date": "2011-04-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001443"
},
{
"date": "2012-02-22T02:10:03",
"db": "PACKETSTORM",
"id": "110033"
},
{
"date": "2011-03-29T20:28:13",
"db": "PACKETSTORM",
"id": "99844"
},
{
"date": "2012-09-12T23:06:05",
"db": "PACKETSTORM",
"id": "116468"
},
{
"date": "2011-04-01T20:57:12",
"db": "PACKETSTORM",
"id": "99955"
},
{
"date": "2011-03-21T19:39:00",
"db": "PACKETSTORM",
"id": "99562"
},
{
"date": "2011-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201103-332"
},
{
"date": "2011-03-29T18:55:00",
"db": "NVD",
"id": "CVE-2010-1674"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-13T20:24:00",
"db": "BID",
"id": "46942"
},
{
"date": "2012-04-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001443"
},
{
"date": "2011-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201103-332"
},
{
"date": "2018-01-06T02:29:00",
"db": "NVD",
"id": "CVE-2010-1674"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "110033"
},
{
"db": "PACKETSTORM",
"id": "99844"
},
{
"db": "PACKETSTORM",
"id": "99955"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-332"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Quagga of bgpd Service disruption in Null Pointer dereference and application crash vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-001443"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201103-332"
}
],
"trust": 0.6
}
}
var-200605-0496
Vulnerability from variot
RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly implement configurations that (1) disable RIPv1 or (2) require plaintext or MD5 authentication, which allows remote attackers to obtain sensitive information (routing state) via REQUEST packets such as SEND UPDATE. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ Quagga , GNU Zebra Is TCP/IP A collection of daemons that support base routing related protocols. Out of them RIP , BGP As a daemon that handles the protocol RIPd , bgpd Is included. Quagga , GNU Zebra Has several security issues: 1) RIPd The daemon RIPv2 Even if the setting is valid only, regardless of the presence or absence of authentication RIPv1 There is a problem that responds to the request. 2) RIPd The daemon RIPv2 Despite being enabled for authentication, RIPv1 There is a problem of accepting packets without authentication. (CVE-2006-2224) If exploited by a remote attacker, RIPv1 of RESPONSE By using packet RIP The routing table may be modified incorrectly. 3) bgpd Daemon community_str2com() There are deficiencies in the function, Telnet From the management interface show ip bgp If you execute the command, you will end up in an infinite loop CPU There is a problem that consumes resources. (CVE-2006-2276) If exploited by a local attacker, the target system can eventually become unserviceable.Please refer to the “Overview” for the impact of this vulnerability. Quagga is susceptible to remote information-disclosure and route-injection vulnerabilities. The application fails to properly ensure that required authentication and protocol configuration options are enforced. These issues allow remote attackers to gain access to potentially sensitive network-routing configuration information and to inject arbitrary routes into the RIP routing table. This may aid malicious users in further attacks against targeted networks. Quagga versions 0.98.5 and 0.99.3 are vulnerable to these issues; other versions may also be affected. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Debian Security Advisory DSA 1059-1 security@debian.org http://www.debian.org/security/ Martin Schulze May 19th, 2006 http://www.debian.org/security/faq
Package : quagga Vulnerability : several Problem type : remote Debian-specific: no CVE IDs : CVE-2006-2223 CVE-2006-2224 CVE-2006-2276 BugTraq ID : 17808 Debian Bugs : 365940 366980
Konstantin Gavrilenko discovered several vulnerabilities in quagga, the BGP/OSPF/RIP routing daemon.
CVE-2006-2276
Fredrik Widell discovered that local users are can cause a denial
of service ia a certain sh ip bgp command entered in the telnet
interface.
The old stable distribution (woody) does not contain quagga packages.
For the stable distribution (sarge) these problems have been fixed in version 0.98.3-7.2.
For the unstable distribution (sid) these problems have been fixed in version 0.99.4-1.
We recommend that you upgrade your quagga package.
Upgrade Instructions
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2.dsc
Size/MD5 checksum: 725 e985734e8ee31a87ff96f9c9b7291fa5
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2.diff.gz
Size/MD5 checksum: 43801 fe5b28230c268fe7ab141453a82c473c
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3.orig.tar.gz
Size/MD5 checksum: 2118348 68be5e911e4d604c0f5959338263356e
Architecture independent components:
http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.98.3-7.2_all.deb
Size/MD5 checksum: 488700 c79865480dfe140b106d39111b5379ba
Alpha architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_alpha.deb
Size/MD5 checksum: 1611704 c44bc78a27990ca9d77fe4529c04e42a
AMD64 architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_amd64.deb
Size/MD5 checksum: 1412990 7ab17ec568d3f0e2122677e81db5a2e2
ARM architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_arm.deb
Size/MD5 checksum: 1290442 9a5d285ffe43d8b05c470147c48357d5
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_i386.deb
Size/MD5 checksum: 1191426 a0438042e1935582b66a44f17e62b40b
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_ia64.deb
Size/MD5 checksum: 1829114 9e6e40afc51734c572de0f4e6e2d6519
HP Precision architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_hppa.deb
Size/MD5 checksum: 1447726 4f6d058646cd78f86994eee61359df22
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_m68k.deb
Size/MD5 checksum: 1159670 1438a6da0f5c0672075438df92e82695
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_mips.deb
Size/MD5 checksum: 1352522 567e463657f21ec64870c1a243012b49
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_mipsel.deb
Size/MD5 checksum: 1355460 3dec77ae54b897882091bb5501b349c7
PowerPC architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_powerpc.deb
Size/MD5 checksum: 1316776 adaa0828d830d7145236ee2f216fe46d
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_s390.deb
Size/MD5 checksum: 1401616 41b91f2eb90d26b1482696681552d9cb
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_sparc.deb
Size/MD5 checksum: 1287378 3b1624ec028e9f7944edd3fc396b0778
These files will probably be moved into the stable distribution on its next update.
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFEbehrW5ql+IAeqTIRAu1bAJ0YQwvwCvugopyXVBCit2SwrYl+SACdF09d ELcxVZUFQP8s43SsJQ3mlqo= =Niwk -----END PGP SIGNATURE-----
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200605-15
http://security.gentoo.org/
Severity: Normal Title: Quagga Routing Suite: Multiple vulnerabilities Date: May 21, 2006 Bugs: #132353 ID: 200605-15
Synopsis
Quagga's RIP daemon allows the injection of routes and the disclosure of routing information. The BGP daemon is vulnerable to a Denial of Service.
Background
The Quagga Routing Suite implements three major routing protocols: RIP (v1/v2/v3), OSPF (v2/v3) and BGP4.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/quagga < 0.98.6-r1 >= 0.98.6-r1
Description
Konstantin V. Gavrilenko discovered two flaws in the Routing Information Protocol (RIP) daemon that allow the processing of RIP v1 packets (carrying no authentication) even when the daemon is configured to use MD5 authentication or, in another case, even if RIP v1 is completely disabled.
Workaround
There is no known workaround at this time.
Resolution
All Quagga users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/quagga-0.98.6-r1"
References
[ 1 ] CVE-2006-2223 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2223 [ 2 ] CVE-2006-2224 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2224 [ 3 ] CVE-2006-2276 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2276 [ 4 ] Official release information http://www.quagga.net/news2.php?y=2006&m=5&d=8#id1147115280
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200605-15.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200605-0496",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.98.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.3"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "4.0"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "4.0 (x86-64)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (ws)"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "5.10"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "5.10"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "5.10"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "5.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "5.04"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "5.04"
},
{
"model": "secure linux",
"scope": "eq",
"trust": 0.3,
"vendor": "trustix",
"version": "3.0"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "9"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "propack sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "3.0"
},
{
"model": "unitedlinux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "1.0"
},
{
"model": "suse linux standard server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "8.0"
},
{
"model": "suse linux school server for i386",
"scope": null,
"trust": 0.3,
"vendor": "s u s e",
"version": null
},
{
"model": "suse linux retail solution",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "8.0"
},
{
"model": "suse linux openexchange server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "4.0"
},
{
"model": "suse linux open-xchange",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "4.1"
},
{
"model": "open-enterprise-server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"model": "open-enterprise-server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "1"
},
{
"model": "office server",
"scope": null,
"trust": 0.3,
"vendor": "s u s e",
"version": null
},
{
"model": "novell linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"model": "novell linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "1.0"
},
{
"model": "linux professional oss",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0"
},
{
"model": "linux professional",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0"
},
{
"model": "linux professional x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.3"
},
{
"model": "linux professional",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.3"
},
{
"model": "linux professional x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.2"
},
{
"model": "linux professional",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.2"
},
{
"model": "linux professional x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.1"
},
{
"model": "linux professional",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.1"
},
{
"model": "linux professional",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.1"
},
{
"model": "linux personal oss",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0"
},
{
"model": "linux personal x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.3"
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.3"
},
{
"model": "linux personal x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.2"
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.2"
},
{
"model": "linux personal x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.1"
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.1"
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.1"
},
{
"model": "linux enterprise server for s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"model": "linux enterprise server for s/390",
"scope": null,
"trust": 0.3,
"vendor": "s u s e",
"version": null
},
{
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4.0"
},
{
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3.0"
},
{
"model": "advanced workstation for the itanium processor ia64",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"model": "advanced workstation for the itanium processor",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"model": "hat enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "4"
},
{
"model": "hat enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "3"
},
{
"model": "hat enterprise linux as ia64",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "2.1"
},
{
"model": "hat enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "2.1"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.3"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.5"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.97.3"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "linux ppc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
}
],
"sources": [
{
"db": "BID",
"id": "17808"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000259"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-100"
},
{
"db": "NVD",
"id": "CVE-2006-2223"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-2223"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Konstantin V. Gavrilenko discovered these vulnerabilities.",
"sources": [
{
"db": "BID",
"id": "17808"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-100"
}
],
"trust": 0.9
},
"cve": "CVE-2006-2223",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/severity#"
},
"@id": "https://www.variotdbs.pl/ref/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2006-2223",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.8,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2006-2223",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200605-100",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-000259"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-100"
},
{
"db": "NVD",
"id": "CVE-2006-2223"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly implement configurations that (1) disable RIPv1 or (2) require plaintext or MD5 authentication, which allows remote attackers to obtain sensitive information (routing state) via REQUEST packets such as SEND UPDATE. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ Quagga , GNU Zebra Is TCP/IP A collection of daemons that support base routing related protocols. Out of them RIP , BGP As a daemon that handles the protocol RIPd , bgpd Is included. Quagga , GNU Zebra Has several security issues: 1) RIPd The daemon RIPv2 Even if the setting is valid only, regardless of the presence or absence of authentication RIPv1 There is a problem that responds to the request. 2) RIPd The daemon RIPv2 Despite being enabled for authentication, RIPv1 There is a problem of accepting packets without authentication. (CVE-2006-2224) If exploited by a remote attacker, RIPv1 of RESPONSE By using packet RIP The routing table may be modified incorrectly. 3) bgpd Daemon community_str2com() There are deficiencies in the function, Telnet From the management interface show ip bgp If you execute the command, you will end up in an infinite loop CPU There is a problem that consumes resources. (CVE-2006-2276) If exploited by a local attacker, the target system can eventually become unserviceable.Please refer to the \u201cOverview\u201d for the impact of this vulnerability. Quagga is susceptible to remote information-disclosure and route-injection vulnerabilities. The application fails to properly ensure that required authentication and protocol configuration options are enforced. \nThese issues allow remote attackers to gain access to potentially sensitive network-routing configuration information and to inject arbitrary routes into the RIP routing table. This may aid malicious users in further attacks against targeted networks. \nQuagga versions 0.98.5 and 0.99.3 are vulnerable to these issues; other versions may also be affected. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1059-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nMay 19th, 2006 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : quagga\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE IDs : CVE-2006-2223 CVE-2006-2224 CVE-2006-2276\nBugTraq ID : 17808\nDebian Bugs : 365940 366980\n\nKonstantin Gavrilenko discovered several vulnerabilities in quagga,\nthe BGP/OSPF/RIP routing daemon. \n\nCVE-2006-2276\n\n Fredrik Widell discovered that local users are can cause a denial\n of service ia a certain sh ip bgp command entered in the telnet\n interface. \n\nThe old stable distribution (woody) does not contain quagga packages. \n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 0.98.3-7.2. \n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 0.99.4-1. \n\nWe recommend that you upgrade your quagga package. \n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file. \n\nIf you are using the apt-get package manager, use the line for\nsources.list as given at the end of this advisory:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration. \n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2.dsc\n Size/MD5 checksum: 725 e985734e8ee31a87ff96f9c9b7291fa5\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2.diff.gz\n Size/MD5 checksum: 43801 fe5b28230c268fe7ab141453a82c473c\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3.orig.tar.gz\n Size/MD5 checksum: 2118348 68be5e911e4d604c0f5959338263356e\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.98.3-7.2_all.deb\n Size/MD5 checksum: 488700 c79865480dfe140b106d39111b5379ba\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_alpha.deb\n Size/MD5 checksum: 1611704 c44bc78a27990ca9d77fe4529c04e42a\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_amd64.deb\n Size/MD5 checksum: 1412990 7ab17ec568d3f0e2122677e81db5a2e2\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_arm.deb\n Size/MD5 checksum: 1290442 9a5d285ffe43d8b05c470147c48357d5\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_i386.deb\n Size/MD5 checksum: 1191426 a0438042e1935582b66a44f17e62b40b\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_ia64.deb\n Size/MD5 checksum: 1829114 9e6e40afc51734c572de0f4e6e2d6519\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_hppa.deb\n Size/MD5 checksum: 1447726 4f6d058646cd78f86994eee61359df22\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_m68k.deb\n Size/MD5 checksum: 1159670 1438a6da0f5c0672075438df92e82695\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_mips.deb\n Size/MD5 checksum: 1352522 567e463657f21ec64870c1a243012b49\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_mipsel.deb\n Size/MD5 checksum: 1355460 3dec77ae54b897882091bb5501b349c7\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_powerpc.deb\n Size/MD5 checksum: 1316776 adaa0828d830d7145236ee2f216fe46d\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_s390.deb\n Size/MD5 checksum: 1401616 41b91f2eb90d26b1482696681552d9cb\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_sparc.deb\n Size/MD5 checksum: 1287378 3b1624ec028e9f7944edd3fc396b0778\n\n\n These files will probably be moved into the stable distribution on\n its next update. \n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show \u003cpkg\u003e\u0027 and http://packages.debian.org/\u003cpkg\u003e\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.3 (GNU/Linux)\n\niD8DBQFEbehrW5ql+IAeqTIRAu1bAJ0YQwvwCvugopyXVBCit2SwrYl+SACdF09d\nELcxVZUFQP8s43SsJQ3mlqo=\n=Niwk\n-----END PGP SIGNATURE-----\n\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 200605-15\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Quagga Routing Suite: Multiple vulnerabilities\n Date: May 21, 2006\n Bugs: #132353\n ID: 200605-15\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nQuagga\u0027s RIP daemon allows the injection of routes and the disclosure\nof routing information. The BGP daemon is vulnerable to a Denial of\nService. \n\nBackground\n==========\n\nThe Quagga Routing Suite implements three major routing protocols: RIP\n(v1/v2/v3), OSPF (v2/v3) and BGP4. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/quagga \u003c 0.98.6-r1 \u003e= 0.98.6-r1\n\nDescription\n===========\n\nKonstantin V. Gavrilenko discovered two flaws in the Routing\nInformation Protocol (RIP) daemon that allow the processing of RIP v1\npackets (carrying no authentication) even when the daemon is configured\nto use MD5 authentication or, in another case, even if RIP v1 is\ncompletely disabled. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Quagga users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/quagga-0.98.6-r1\"\n\nReferences\n==========\n\n [ 1 ] CVE-2006-2223\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2223\n [ 2 ] CVE-2006-2224\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2224\n [ 3 ] CVE-2006-2276\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2276\n [ 4 ] Official release information\n http://www.quagga.net/news2.php?y=2006\u0026m=5\u0026d=8#id1147115280\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-200605-15.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2006 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-2223"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000259"
},
{
"db": "BID",
"id": "17808"
},
{
"db": "PACKETSTORM",
"id": "46498"
},
{
"db": "PACKETSTORM",
"id": "46526"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-2223",
"trust": 2.9
},
{
"db": "BID",
"id": "17808",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "19910",
"trust": 2.4
},
{
"db": "SECTRACK",
"id": "1016204",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "20221",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "20137",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "21159",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "20421",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "20782",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "20138",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "20420",
"trust": 1.6
},
{
"db": "OSVDB",
"id": "25224",
"trust": 1.6
},
{
"db": "BID",
"id": "17979",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "20116",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000259",
"trust": 0.8
},
{
"db": "UBUNTU",
"id": "USN-284-1",
"trust": 0.6
},
{
"db": "SUSE",
"id": "SUSE-SR:2006:017",
"trust": 0.6
},
{
"db": "XF",
"id": "1",
"trust": 0.6
},
{
"db": "XF",
"id": "26243",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20060503 QUAGGA RIPD UNAUTHENTICATED ROUTE TABLE BROADCAST",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20060503 RE: QUAGGA RIPD UNAUTHENTICATED ROUTE INJECTION",
"trust": 0.6
},
{
"db": "GENTOO",
"id": "GLSA-200605-15",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2006:0525",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2006:0533",
"trust": 0.6
},
{
"db": "DEBIAN",
"id": "DSA-1059",
"trust": 0.6
},
{
"db": "SGI",
"id": "20060602-01-U",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200605-100",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "46498",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "46526",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "17808"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000259"
},
{
"db": "PACKETSTORM",
"id": "46498"
},
{
"db": "PACKETSTORM",
"id": "46526"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-100"
},
{
"db": "NVD",
"id": "CVE-2006-2223"
}
]
},
"id": "VAR-200605-0496",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.1590909
},
"last_update_date": "2022-05-29T19:28:37.789000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "quagga",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/update/list.php?errata_id=396"
},
{
"title": "RHSA-2006:0533",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2006-0533.html"
},
{
"title": "RHSA-2006:0525",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2006-0525.html"
},
{
"title": "RHSA-2006:0533",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2006-0533j.html"
},
{
"title": "RHSA-2006:0525",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2006-0525j.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-000259"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-2223"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/17808"
},
{
"trust": 1.9,
"url": "http://bugzilla.quagga.net/show_bug.cgi?id=261"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/19910"
},
{
"trust": 1.6,
"url": "http://www.redhat.com/support/errata/rhsa-2006-0533.html"
},
{
"trust": 1.6,
"url": "http://www.redhat.com/support/errata/rhsa-2006-0525.html"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/25224"
},
{
"trust": 1.6,
"url": "http://www.novell.com/linux/security/advisories/2006_17_sr.html"
},
{
"trust": 1.6,
"url": "http://www.gentoo.org/security/en/glsa/glsa-200605-15.xml"
},
{
"trust": 1.6,
"url": "http://www.debian.org/security/2006/dsa-1059"
},
{
"trust": 1.6,
"url": "http://securitytracker.com/id?1016204"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/21159"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/20782"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/20421"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/20420"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/20221"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/20138"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/20137"
},
{
"trust": 1.6,
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060602-01-u.asc"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26243"
},
{
"trust": 1.0,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a9985"
},
{
"trust": 1.0,
"url": "https://usn.ubuntu.com/284-1/"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/432823/100/0/threaded"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/432822/100/0/threaded"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2223"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2006-2223"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/20116/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/19910/"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/17979"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/432823/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/432822/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/26243"
},
{
"trust": 0.6,
"url": "http://www.ubuntulinux.org/support/documentation/usn/usn-284-1"
},
{
"trust": 0.3,
"url": "http://bugzilla.quagga.net/show_bug.cgi?id=262"
},
{
"trust": 0.3,
"url": "http://www.quagga.net/"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2006-0525.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2006-0533.html"
},
{
"trust": 0.3,
"url": "/archive/1/432856"
},
{
"trust": 0.3,
"url": "/archive/1/432822"
},
{
"trust": 0.3,
"url": "/archive/1/432823"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2.dsc"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-2224"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.98.3-7.2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_amd64.deb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-2223"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_mipsel.deb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-2276"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_alpha.deb"
},
{
"trust": 0.1,
"url": "http://packages.debian.org/\u003cpkg\u003e"
},
{
"trust": 0.1,
"url": "http://security.debian.org/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_m68k.deb"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-200605-15.xml"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://www.quagga.net/news2.php?y=2006\u0026m=5\u0026d=8#id1147115280"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2276"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2224"
}
],
"sources": [
{
"db": "BID",
"id": "17808"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000259"
},
{
"db": "PACKETSTORM",
"id": "46498"
},
{
"db": "PACKETSTORM",
"id": "46526"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-100"
},
{
"db": "NVD",
"id": "CVE-2006-2223"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "17808"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000259"
},
{
"db": "PACKETSTORM",
"id": "46498"
},
{
"db": "PACKETSTORM",
"id": "46526"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-100"
},
{
"db": "NVD",
"id": "CVE-2006-2223"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-05-03T00:00:00",
"db": "BID",
"id": "17808"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-000259"
},
{
"date": "2006-05-22T06:20:21",
"db": "PACKETSTORM",
"id": "46498"
},
{
"date": "2006-05-22T07:26:25",
"db": "PACKETSTORM",
"id": "46526"
},
{
"date": "2006-05-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200605-100"
},
{
"date": "2006-05-05T19:02:00",
"db": "NVD",
"id": "CVE-2006-2223"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-19T09:41:00",
"db": "BID",
"id": "17808"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-000259"
},
{
"date": "2006-05-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200605-100"
},
{
"date": "2018-10-18T16:38:00",
"db": "NVD",
"id": "CVE-2006-2223"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200605-100"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Quagga of RIPd Vulnerabilities in which routing information leaks",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-000259"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200605-100"
}
],
"trust": 0.6
}
}
var-201110-0443
Vulnerability from variot
The ospf_flood function in ospf_flood.c in ospfd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) via an invalid Link State Advertisement (LSA) type in an IPv4 Link State Update message. Quagga contains five remote component vulnerabilities due to issues when handling BGP, OSPF, and OSPFv3 packets. A buffer overflow vulnerability 2. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All Quagga users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/quagga-0.99.20 "
References
[ 1 ] CVE-2010-1674 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1674 [ 2 ] CVE-2010-1675 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1675 [ 3 ] CVE-2010-2948 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2948 [ 4 ] CVE-2010-2949 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2949 [ 5 ] CVE-2011-3323 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3323 [ 6 ] CVE-2011-3324 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3324 [ 7 ] CVE-2011-3325 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3325 [ 8 ] CVE-2011-3326 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3326 [ 9 ] CVE-2011-3327 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3327
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201202-02.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-1261-1 November 14, 2011
quagga vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
Summary:
Quagga could be made to crash or run programs if it received specially crafted network traffic. (CVE-2011-3323)
Riku Hietamäki, Tuomo Untinen and Jukka Taimisto discovered that Quagga incorrectly handled certain IPv6 Database Description messages. (CVE-2011-3324)
Riku Hietamäki, Tuomo Untinen and Jukka Taimisto discovered that Quagga incorrectly handled certain IPv4 packets. (CVE-2011-3327)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 11.10: quagga 0.99.18-2ubuntu0.1
Ubuntu 11.04: quagga 0.99.17-4ubuntu1.1
Ubuntu 10.10: quagga 0.99.17-1ubuntu0.2
Ubuntu 10.04 LTS: quagga 0.99.15-1ubuntu0.3
In general, a standard system update will make all the necessary changes. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: SUSE update for quagga
SECUNIA ADVISORY ID: SA46214
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46214/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46214
RELEASE DATE: 2011-09-29
DISCUSS ADVISORY: http://secunia.com/advisories/46214/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46214/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46214
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: SUSE has issued an update for quagga.
ORIGINAL ADVISORY: SUSE-SU-2011:1075-1: http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00027.html
openSUSE-SU-2011:1155-1: http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00007.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
.
CVE-2011-3324 The ospf6d process can crash while processing a Database Description packet with a crafted Link-State-Advertisement.
CVE-2011-3325 The ospfd process can crash while processing a crafted Hello packet.
CVE-2011-3326 The ospfd process crashes while processing Link-State-Advertisements of a type not known to Quagga.
The OSPF-related vulnerabilities require that potential attackers send packets to a vulnerable Quagga router; the packets are not distributed over OSPF.
For the oldstable distribution (lenny), these problems have been fixed in version 0.99.10-1lenny6.
For the stable distribution (squeeze), these problems have been fixed in version 0.99.17-2+squeeze3.
For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 0.99.19-1. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: quagga security update Advisory ID: RHSA-2012:1259-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1259.html Issue date: 2012-09-12 CVE Names: CVE-2011-3323 CVE-2011-3324 CVE-2011-3325 CVE-2011-3326 CVE-2011-3327 CVE-2012-0249 CVE-2012-0250 CVE-2012-0255 CVE-2012-1820 =====================================================================
- Summary:
Updated quagga packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
- Description:
Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP (Border Gateway Protocol) routing protocol. The Quagga ospfd and ospf6d daemons implement the OSPF (Open Shortest Path First) routing protocol.
A heap-based buffer overflow flaw was found in the way the bgpd daemon processed malformed Extended Communities path attributes. An attacker could send a specially-crafted BGP message, causing bgpd on a target system to crash or, possibly, execute arbitrary code with the privileges of the user running bgpd. The UPDATE message would have to arrive from an explicitly configured BGP peer, but could have originated elsewhere in the BGP network. (CVE-2011-3327)
A stack-based buffer overflow flaw was found in the way the ospf6d daemon processed malformed Link State Update packets. An OSPF router could use this flaw to crash ospf6d on an adjacent router. (CVE-2011-3323)
A flaw was found in the way the ospf6d daemon processed malformed link state advertisements. An OSPF neighbor could use this flaw to crash ospf6d on a target system. (CVE-2011-3324)
A flaw was found in the way the ospfd daemon processed malformed Hello packets. An OSPF neighbor could use this flaw to crash ospfd on a target system. (CVE-2011-3325)
A flaw was found in the way the ospfd daemon processed malformed link state advertisements. An OSPF router in the autonomous system could use this flaw to crash ospfd on a target system. (CVE-2011-3326)
An assertion failure was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to cause ospfd on an adjacent router to abort. (CVE-2012-0249)
A buffer overflow flaw was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to crash ospfd on an adjacent router. (CVE-2012-0250)
Two flaws were found in the way the bgpd daemon processed certain BGP OPEN messages. A configured BGP peer could cause bgpd on a target system to abort via a specially-crafted BGP OPEN message. (CVE-2012-0255, CVE-2012-1820)
Red Hat would like to thank CERT-FI for reporting CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326; and the CERT/CC for reporting CVE-2012-0249, CVE-2012-0250, CVE-2012-0255, and CVE-2012-1820. CERT-FI acknowledges Riku Hietamäki, Tuomo Untinen and Jukka Taimisto of the Codenomicon CROSS project as the original reporters of CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326. The CERT/CC acknowledges Martin Winter at OpenSourceRouting.org as the original reporter of CVE-2012-0249, CVE-2012-0250, and CVE-2012-0255, and Denis Ovsienko as the original reporter of CVE-2012-1820.
Users of quagga should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the bgpd, ospfd, and ospf6d daemons will be restarted automatically.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258
- Bugs fixed (http://bugzilla.redhat.com/):
738393 - CVE-2011-3323 Quagga (ospf6d): Stack-based buffer overflow while decoding Link State Update packet with malformed Inter Area Prefix LSA 738394 - CVE-2011-3324 Quagga (ospf6d): Denial of service by decoding malformed Database Description packet headers 738396 - CVE-2011-3325 Quagga (ospfd): Denial of service by decoding too short Hello packet or Hello packet with invalid OSPFv2 header type 738398 - CVE-2011-3326 Quagga (ospfd): Denial of service by decoding Link State Update LSAs of unknown type 738400 - CVE-2011-3327 Quagga (bgpd): Heap-based buffer overflow by decoding BGP UPDATE message with unknown AS_PATH attributes 802781 - CVE-2012-0255 quagga (bgpd): Assertion failure by processing malformed AS4 capability in BGP OPEN message 802827 - CVE-2012-0249 quagga (ospfd): Assertion failure due improper length check for a received LS-Update OSPF packet 802829 - CVE-2012-0250 quagga (ospfd): Crash by processing LS-Update OSPF packet due improper length check of the Network-LSA structures 817580 - CVE-2012-1820 quagga (bgpd): Assertion failure by processing BGP OPEN message with malformed ORF capability TLV (VU#962587)
- Package List:
Red Hat Enterprise Linux Server (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm
i386: quagga-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm
ppc64: quagga-0.99.15-7.el6_3.2.ppc64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.ppc64.rpm
s390x: quagga-0.99.15-7.el6_3.2.s390x.rpm quagga-debuginfo-0.99.15-7.el6_3.2.s390x.rpm
x86_64: quagga-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm
i386: quagga-contrib-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm
ppc64: quagga-contrib-0.99.15-7.el6_3.2.ppc64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.ppc.rpm quagga-debuginfo-0.99.15-7.el6_3.2.ppc64.rpm quagga-devel-0.99.15-7.el6_3.2.ppc.rpm quagga-devel-0.99.15-7.el6_3.2.ppc64.rpm
s390x: quagga-contrib-0.99.15-7.el6_3.2.s390x.rpm quagga-debuginfo-0.99.15-7.el6_3.2.s390.rpm quagga-debuginfo-0.99.15-7.el6_3.2.s390x.rpm quagga-devel-0.99.15-7.el6_3.2.s390.rpm quagga-devel-0.99.15-7.el6_3.2.s390x.rpm
x86_64: quagga-contrib-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm
i386: quagga-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm
x86_64: quagga-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm
i386: quagga-contrib-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm
x86_64: quagga-contrib-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2011-3323.html https://www.redhat.com/security/data/cve/CVE-2011-3324.html https://www.redhat.com/security/data/cve/CVE-2011-3325.html https://www.redhat.com/security/data/cve/CVE-2011-3326.html https://www.redhat.com/security/data/cve/CVE-2011-3327.html https://www.redhat.com/security/data/cve/CVE-2012-0249.html https://www.redhat.com/security/data/cve/CVE-2012-0250.html https://www.redhat.com/security/data/cve/CVE-2012-0255.html https://www.redhat.com/security/data/cve/CVE-2012-1820.html https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFQUOxMXlSAg2UNWIIRAspnAKDCd5umtQIWFZYD8vyRPpCkAlgiwwCglw+g P4VSjxs4xRnVCtT/IOkBkKQ= =VtuC -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201110-0443",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.15"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.11"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.16"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.13"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.14"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.9"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.10"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.17"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.12"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.6"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.8"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.7"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.0"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.6"
},
{
"model": "quagga",
"scope": "lte",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.18"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.0"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.95"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.2"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian gnu linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "quagga",
"scope": "lt",
"trust": 0.8,
"vendor": "quagga",
"version": "0.99.19"
},
{
"model": "seil/b1",
"scope": "lt",
"trust": 0.8,
"vendor": "internet initiative",
"version": "1.00 from 3.41"
},
{
"model": "seil/neu 2fe plus",
"scope": "lt",
"trust": 0.8,
"vendor": "internet initiative",
"version": "1.00 from 2.13"
},
{
"model": "seil/turbo",
"scope": "lt",
"trust": 0.8,
"vendor": "internet initiative",
"version": "1.00 from 2.13"
},
{
"model": "seil/x1",
"scope": "lt",
"trust": 0.8,
"vendor": "internet initiative",
"version": "1.00 from 3.41"
},
{
"model": "seil/x2",
"scope": "lt",
"trust": 0.8,
"vendor": "internet initiative",
"version": "1.00 from 3.41"
},
{
"model": "seil/x86",
"scope": "lt",
"trust": 0.8,
"vendor": "internet initiative",
"version": "1.70 from 1.91"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.6,
"vendor": "quagga",
"version": "0.99.18"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.10"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.10"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux enterprise server for vmware sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise sdk sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise sdk sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise sdk sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11.4"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11.3"
},
{
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "hat enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "hat enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.17"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.16"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.15"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.11"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.9"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.8"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.7"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.6"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.5"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.4"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.3"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.2"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.1"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.6"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.5"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.3"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.97.3"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.4"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.3"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.2"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "routing software suite",
"scope": "ne",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.19"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#668534"
},
{
"db": "BID",
"id": "49784"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002372"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-586"
},
{
"db": "NVD",
"id": "CVE-2011-3326"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.95:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "0.99.18",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3326"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Riku Hietam\u0026amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;auml;ki, Tuomo Untinen and Jukka Taimisto of the Codenomicon CROSS project",
"sources": [
{
"db": "BID",
"id": "49784"
}
],
"trust": 0.3
},
"cve": "CVE-2011-3326",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2011-3326",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-3326",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#668534",
"trust": 0.8,
"value": "15.69"
},
{
"author": "CNNVD",
"id": "CNNVD-201109-586",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#668534"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002372"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-586"
},
{
"db": "NVD",
"id": "CVE-2011-3326"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The ospf_flood function in ospf_flood.c in ospfd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) via an invalid Link State Advertisement (LSA) type in an IPv4 Link State Update message. Quagga contains five remote component vulnerabilities due to issues when handling BGP, OSPF, and OSPFv3 packets. A buffer overflow vulnerability\n2. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Quagga users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/quagga-0.99.20 \"\n\nReferences\n==========\n\n[ 1 ] CVE-2010-1674\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1674\n[ 2 ] CVE-2010-1675\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1675\n[ 3 ] CVE-2010-2948\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2948\n[ 4 ] CVE-2010-2949\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2949\n[ 5 ] CVE-2011-3323\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3323\n[ 6 ] CVE-2011-3324\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3324\n[ 7 ] CVE-2011-3325\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3325\n[ 8 ] CVE-2011-3326\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3326\n[ 9 ] CVE-2011-3327\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3327\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201202-02.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ==========================================================================\nUbuntu Security Notice USN-1261-1\nNovember 14, 2011\n\nquagga vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 11.10\n- Ubuntu 11.04\n- Ubuntu 10.10\n- Ubuntu 10.04 LTS\n\nSummary:\n\nQuagga could be made to crash or run programs if it received specially\ncrafted network traffic. (CVE-2011-3323)\n\nRiku Hietam\u00e4ki, Tuomo Untinen and Jukka Taimisto discovered that Quagga\nincorrectly handled certain IPv6 Database Description messages. (CVE-2011-3324)\n\nRiku Hietam\u00e4ki, Tuomo Untinen and Jukka Taimisto discovered that Quagga\nincorrectly handled certain IPv4 packets. (CVE-2011-3327)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 11.10:\n quagga 0.99.18-2ubuntu0.1\n\nUbuntu 11.04:\n quagga 0.99.17-4ubuntu1.1\n\nUbuntu 10.10:\n quagga 0.99.17-1ubuntu0.2\n\nUbuntu 10.04 LTS:\n quagga 0.99.15-1ubuntu0.3\n\nIn general, a standard system update will make all the necessary changes. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nSUSE update for quagga\n\nSECUNIA ADVISORY ID:\nSA46214\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46214/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46214\n\nRELEASE DATE:\n2011-09-29\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46214/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46214/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46214\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nSUSE has issued an update for quagga. \n\nORIGINAL ADVISORY:\nSUSE-SU-2011:1075-1:\nhttp://lists.opensuse.org/opensuse-security-announce/2011-09/msg00027.html\n\nopenSUSE-SU-2011:1155-1:\nhttp://lists.opensuse.org/opensuse-security-announce/2011-10/msg00007.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\nCVE-2011-3324\n\tThe ospf6d process can crash while processing a Database\n\tDescription packet with a crafted Link-State-Advertisement. \n\nCVE-2011-3325\n\tThe ospfd process can crash while processing a crafted Hello\n\tpacket. \n\nCVE-2011-3326\n\tThe ospfd process crashes while processing\n\tLink-State-Advertisements of a type not known to Quagga. \n\nThe OSPF-related vulnerabilities require that potential attackers send\npackets to a vulnerable Quagga router; the packets are not distributed\nover OSPF. \n\nFor the oldstable distribution (lenny), these problems have been fixed\nin version 0.99.10-1lenny6. \n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 0.99.17-2+squeeze3. \n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 0.99.19-1. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: quagga security update\nAdvisory ID: RHSA-2012:1259-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2012-1259.html\nIssue date: 2012-09-12\nCVE Names: CVE-2011-3323 CVE-2011-3324 CVE-2011-3325 \n CVE-2011-3326 CVE-2011-3327 CVE-2012-0249 \n CVE-2012-0250 CVE-2012-0255 CVE-2012-1820 \n=====================================================================\n\n1. Summary:\n\nUpdated quagga packages that fix multiple security issues are now available\nfor Red Hat Enterprise Linux 6. \n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. Description:\n\nQuagga is a TCP/IP based routing software suite. The Quagga bgpd daemon\nimplements the BGP (Border Gateway Protocol) routing protocol. The Quagga\nospfd and ospf6d daemons implement the OSPF (Open Shortest Path First)\nrouting protocol. \n\nA heap-based buffer overflow flaw was found in the way the bgpd daemon\nprocessed malformed Extended Communities path attributes. An attacker could\nsend a specially-crafted BGP message, causing bgpd on a target system to\ncrash or, possibly, execute arbitrary code with the privileges of the user\nrunning bgpd. The UPDATE message would have to arrive from an explicitly\nconfigured BGP peer, but could have originated elsewhere in the BGP\nnetwork. (CVE-2011-3327)\n\nA stack-based buffer overflow flaw was found in the way the ospf6d daemon\nprocessed malformed Link State Update packets. An OSPF router could use\nthis flaw to crash ospf6d on an adjacent router. (CVE-2011-3323)\n\nA flaw was found in the way the ospf6d daemon processed malformed link\nstate advertisements. An OSPF neighbor could use this flaw to crash\nospf6d on a target system. (CVE-2011-3324)\n\nA flaw was found in the way the ospfd daemon processed malformed Hello\npackets. An OSPF neighbor could use this flaw to crash ospfd on a\ntarget system. (CVE-2011-3325)\n\nA flaw was found in the way the ospfd daemon processed malformed link state\nadvertisements. An OSPF router in the autonomous system could use this flaw\nto crash ospfd on a target system. (CVE-2011-3326)\n\nAn assertion failure was found in the way the ospfd daemon processed\ncertain Link State Update packets. An OSPF router could use this flaw to\ncause ospfd on an adjacent router to abort. (CVE-2012-0249)\n\nA buffer overflow flaw was found in the way the ospfd daemon processed\ncertain Link State Update packets. An OSPF router could use this flaw to\ncrash ospfd on an adjacent router. (CVE-2012-0250)\n\nTwo flaws were found in the way the bgpd daemon processed certain BGP OPEN\nmessages. A configured BGP peer could cause bgpd on a target system to\nabort via a specially-crafted BGP OPEN message. (CVE-2012-0255,\nCVE-2012-1820)\n\nRed Hat would like to thank CERT-FI for reporting CVE-2011-3327,\nCVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326; and the\nCERT/CC for reporting CVE-2012-0249, CVE-2012-0250, CVE-2012-0255, and\nCVE-2012-1820. CERT-FI acknowledges Riku Hietam\u00e4ki, Tuomo Untinen and Jukka\nTaimisto of the Codenomicon CROSS project as the original reporters of\nCVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and\nCVE-2011-3326. The CERT/CC acknowledges Martin Winter at\nOpenSourceRouting.org as the original reporter of CVE-2012-0249,\nCVE-2012-0250, and CVE-2012-0255, and Denis Ovsienko as the original\nreporter of CVE-2012-1820. \n\nUsers of quagga should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, the bgpd, ospfd, and ospf6d daemons will be restarted\nautomatically. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n738393 - CVE-2011-3323 Quagga (ospf6d): Stack-based buffer overflow while decoding Link State Update packet with malformed Inter Area Prefix LSA\n738394 - CVE-2011-3324 Quagga (ospf6d): Denial of service by decoding malformed Database Description packet headers\n738396 - CVE-2011-3325 Quagga (ospfd): Denial of service by decoding too short Hello packet or Hello packet with invalid OSPFv2 header type\n738398 - CVE-2011-3326 Quagga (ospfd): Denial of service by decoding Link State Update LSAs of unknown type\n738400 - CVE-2011-3327 Quagga (bgpd): Heap-based buffer overflow by decoding BGP UPDATE message with unknown AS_PATH attributes\n802781 - CVE-2012-0255 quagga (bgpd): Assertion failure by processing malformed AS4 capability in BGP OPEN message\n802827 - CVE-2012-0249 quagga (ospfd): Assertion failure due improper length check for a received LS-Update OSPF packet\n802829 - CVE-2012-0250 quagga (ospfd): Crash by processing LS-Update OSPF packet due improper length check of the Network-LSA structures\n817580 - CVE-2012-1820 quagga (bgpd): Assertion failure by processing BGP OPEN message with malformed ORF capability TLV (VU#962587)\n\n6. Package List:\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm\n\ni386:\nquagga-0.99.15-7.el6_3.2.i686.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm\n\nppc64:\nquagga-0.99.15-7.el6_3.2.ppc64.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.ppc64.rpm\n\ns390x:\nquagga-0.99.15-7.el6_3.2.s390x.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.s390x.rpm\n\nx86_64:\nquagga-0.99.15-7.el6_3.2.x86_64.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm\n\ni386:\nquagga-contrib-0.99.15-7.el6_3.2.i686.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm\nquagga-devel-0.99.15-7.el6_3.2.i686.rpm\n\nppc64:\nquagga-contrib-0.99.15-7.el6_3.2.ppc64.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.ppc.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.ppc64.rpm\nquagga-devel-0.99.15-7.el6_3.2.ppc.rpm\nquagga-devel-0.99.15-7.el6_3.2.ppc64.rpm\n\ns390x:\nquagga-contrib-0.99.15-7.el6_3.2.s390x.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.s390.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.s390x.rpm\nquagga-devel-0.99.15-7.el6_3.2.s390.rpm\nquagga-devel-0.99.15-7.el6_3.2.s390x.rpm\n\nx86_64:\nquagga-contrib-0.99.15-7.el6_3.2.x86_64.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm\nquagga-devel-0.99.15-7.el6_3.2.i686.rpm\nquagga-devel-0.99.15-7.el6_3.2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm\n\ni386:\nquagga-0.99.15-7.el6_3.2.i686.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm\n\nx86_64:\nquagga-0.99.15-7.el6_3.2.x86_64.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm\n\ni386:\nquagga-contrib-0.99.15-7.el6_3.2.i686.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm\nquagga-devel-0.99.15-7.el6_3.2.i686.rpm\n\nx86_64:\nquagga-contrib-0.99.15-7.el6_3.2.x86_64.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm\nquagga-devel-0.99.15-7.el6_3.2.i686.rpm\nquagga-devel-0.99.15-7.el6_3.2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-3323.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3324.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3325.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3326.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3327.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0249.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0250.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0255.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-1820.html\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2012 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFQUOxMXlSAg2UNWIIRAspnAKDCd5umtQIWFZYD8vyRPpCkAlgiwwCglw+g\nP4VSjxs4xRnVCtT/IOkBkKQ=\n=VtuC\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3326"
},
{
"db": "CERT/CC",
"id": "VU#668534"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002372"
},
{
"db": "BID",
"id": "49784"
},
{
"db": "PACKETSTORM",
"id": "110033"
},
{
"db": "PACKETSTORM",
"id": "107001"
},
{
"db": "PACKETSTORM",
"id": "106488"
},
{
"db": "PACKETSTORM",
"id": "105571"
},
{
"db": "PACKETSTORM",
"id": "116468"
},
{
"db": "PACKETSTORM",
"id": "116469"
}
],
"trust": 3.15
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#668534",
"trust": 3.5
},
{
"db": "NVD",
"id": "CVE-2011-3326",
"trust": 3.2
},
{
"db": "SECUNIA",
"id": "46139",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "48106",
"trust": 1.0
},
{
"db": "SECUNIA",
"id": "46274",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002372",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "46214",
"trust": 0.7
},
{
"db": "SECUNIA",
"id": "46244",
"trust": 0.6
},
{
"db": "DEBIAN",
"id": "DSA-2316",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201109-586",
"trust": 0.6
},
{
"db": "BID",
"id": "49784",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "110033",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "107001",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "106488",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "105571",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "116468",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "116469",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#668534"
},
{
"db": "BID",
"id": "49784"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002372"
},
{
"db": "PACKETSTORM",
"id": "110033"
},
{
"db": "PACKETSTORM",
"id": "107001"
},
{
"db": "PACKETSTORM",
"id": "106488"
},
{
"db": "PACKETSTORM",
"id": "105571"
},
{
"db": "PACKETSTORM",
"id": "116468"
},
{
"db": "PACKETSTORM",
"id": "116469"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-586"
},
{
"db": "NVD",
"id": "CVE-2011-3326"
}
]
},
"id": "VAR-201110-0443",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.25897437
},
"last_update_date": "2024-07-23T21:56:49.016000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.quagga.net"
},
{
"title": "ospfd: CVE-2011-3326",
"trust": 0.8,
"url": "http://code.quagga.net/?p=quagga.git;a=commit;h=6b161fc12a15aba8824c84d1eb38e529aaf70769"
},
{
"title": "quagga-0.99.19.changelog",
"trust": 0.8,
"url": "http://www.quagga.net/download/quagga-0.99.19.changelog.txt"
},
{
"title": "RHSA-2012:1259",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2012-1259.html"
},
{
"title": "Multiple Denial of Service vulnerabilities in Quagga",
"trust": 0.8,
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_denial_of_service_vulnerabilities5"
},
{
"title": "\u507d\u88c5\u3055\u308c\u305fOSPF\uff08v2,v3\uff09\u30d1\u30b1\u30c3\u30c8\u306b\u5bfe\u3059\u308b\u53d7\u4fe1\u51e6\u7406\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "http://www.seil.jp/support/security/a01141.html"
},
{
"title": "quagga-0.99.19",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=40714"
},
{
"title": "quagga-master-513254",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=40715"
},
{
"title": "quagga.git-94431dbc753171b48b5c6806af97fd690813b00a",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=40713"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002372"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-586"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002372"
},
{
"db": "NVD",
"id": "CVE-2011-3326"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://www.cert.fi/en/reports/2011/vulnerability539178.html"
},
{
"trust": 2.7,
"url": "http://www.kb.cert.org/vuls/id/668534"
},
{
"trust": 1.6,
"url": "http://www.quagga.net/download/quagga-0.99.19.changelog.txt"
},
{
"trust": 1.6,
"url": "http://www.debian.org/security/2011/dsa-2316"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/46139"
},
{
"trust": 1.4,
"url": "http://rhn.redhat.com/errata/rhsa-2012-1258.html"
},
{
"trust": 1.4,
"url": "http://rhn.redhat.com/errata/rhsa-2012-1259.html"
},
{
"trust": 1.1,
"url": "http://security.gentoo.org/glsa/glsa-201202-02.xml"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00027.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00007.html"
},
{
"trust": 1.0,
"url": "http://code.quagga.net/?p=quagga.git%3ba=commit%3bh=6b161fc12a15aba8824c84d1eb38e529aaf70769"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00010.html"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/46274"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/48106"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2011-3327"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3326"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu668534"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3326"
},
{
"trust": 0.6,
"url": "http://code.quagga.net/?p=quagga.git;a=commit;h=6b161fc12a15aba8824c84d1eb38e529aaf70769"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/46214"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/46244"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3323"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3326"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3325"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3324"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3327"
},
{
"trust": 0.3,
"url": "http://www.quagga.net/news2.php?y=2011\u0026m=9\u0026d=26#id1285509600"
},
{
"trust": 0.3,
"url": "http://www.quagga.net/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1674"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3323.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0250"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3325.html"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3324.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0249"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0249.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0250.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/knowledge/articles/11258"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3326.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3327.html"
},
{
"trust": 0.2,
"url": "http://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1674"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2949"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3325"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3324"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1675"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2948"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3326"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3327"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3323"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2948"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2949"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1675"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/quagga/0.99.17-4ubuntu1.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/quagga/0.99.15-1ubuntu0.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/quagga/0.99.18-2ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/quagga/0.99.17-1ubuntu0.2"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-1261-1"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46214/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46214"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/vim/ovum_2011_request/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46214/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2010-1674.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0255.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0255"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-1820.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1820"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#668534"
},
{
"db": "BID",
"id": "49784"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002372"
},
{
"db": "PACKETSTORM",
"id": "110033"
},
{
"db": "PACKETSTORM",
"id": "107001"
},
{
"db": "PACKETSTORM",
"id": "106488"
},
{
"db": "PACKETSTORM",
"id": "105571"
},
{
"db": "PACKETSTORM",
"id": "116468"
},
{
"db": "PACKETSTORM",
"id": "116469"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-586"
},
{
"db": "NVD",
"id": "CVE-2011-3326"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#668534"
},
{
"db": "BID",
"id": "49784"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002372"
},
{
"db": "PACKETSTORM",
"id": "110033"
},
{
"db": "PACKETSTORM",
"id": "107001"
},
{
"db": "PACKETSTORM",
"id": "106488"
},
{
"db": "PACKETSTORM",
"id": "105571"
},
{
"db": "PACKETSTORM",
"id": "116468"
},
{
"db": "PACKETSTORM",
"id": "116469"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-586"
},
{
"db": "NVD",
"id": "CVE-2011-3326"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-09-26T00:00:00",
"db": "CERT/CC",
"id": "VU#668534"
},
{
"date": "2011-09-26T00:00:00",
"db": "BID",
"id": "49784"
},
{
"date": "2011-10-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002372"
},
{
"date": "2012-02-22T02:10:03",
"db": "PACKETSTORM",
"id": "110033"
},
{
"date": "2011-11-15T15:35:22",
"db": "PACKETSTORM",
"id": "107001"
},
{
"date": "2011-11-01T04:06:08",
"db": "PACKETSTORM",
"id": "106488"
},
{
"date": "2011-10-05T23:00:08",
"db": "PACKETSTORM",
"id": "105571"
},
{
"date": "2012-09-12T23:06:05",
"db": "PACKETSTORM",
"id": "116468"
},
{
"date": "2012-09-12T23:06:22",
"db": "PACKETSTORM",
"id": "116469"
},
{
"date": "2011-09-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-586"
},
{
"date": "2011-10-10T10:55:06.613000",
"db": "NVD",
"id": "CVE-2011-3326"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-10-06T00:00:00",
"db": "CERT/CC",
"id": "VU#668534"
},
{
"date": "2015-04-13T21:15:00",
"db": "BID",
"id": "49784"
},
{
"date": "2012-11-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002372"
},
{
"date": "2011-10-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-586"
},
{
"date": "2023-11-07T02:08:29.177000",
"db": "NVD",
"id": "CVE-2011-3326"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "110033"
},
{
"db": "PACKETSTORM",
"id": "107001"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-586"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple Quagga remote component vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#668534"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201109-586"
}
],
"trust": 0.6
}
}
var-200704-0182
Vulnerability from variot
bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read. (DoS) There is a vulnerability that becomes a condition.Crafted by a third party UPDATE Service disruption by sending a message (DoS) It may be in a state. Quagga is prone to a remote denial-of-service vulnerability because it fails to handle a malformed multi-protocol message. A remote attacker can exploit this issue by submitting a maliciously crafted message to the application. Successful exploits will cause the Quagga 'bgpd' daemon to abort, denying further service to legitimate users. Quagga 0.99.6 and prior versions (0.99 branch) as well as 0.98.6 and prior versions (0.98 branch) are vulnerable. =========================================================== Ubuntu Security Notice USN-461-1 May 17, 2007 quagga vulnerability CVE-2007-1995 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 6.06 LTS: quagga 0.99.2-1ubuntu3.1
Ubuntu 6.10: quagga 0.99.4-4ubuntu1.1
Ubuntu 7.04: quagga 0.99.6-2ubuntu3.1
In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
It was discovered that Quagga did not correctly verify length information sent from configured peers. Remote malicious peers could send a specially crafted UPDATE message which would cause bgpd to abort, leading to a denial of service.
Updated packages have been patched to correct this issue.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1995
Updated Packages:
Corporate 4.0: becaf6ded7283c9c6021b225cdf4610a corporate/4.0/i586/libquagga0-0.99.3-1.1.20060mlcs4.i586.rpm 71834dab731b65e7a35a9fdd9732a889 corporate/4.0/i586/libquagga0-devel-0.99.3-1.1.20060mlcs4.i586.rpm cfbeb9e74071ffac712e5162f2613ac9 corporate/4.0/i586/quagga-0.99.3-1.1.20060mlcs4.i586.rpm 7cde7b9c156b90b8dcc960bfc1e32cbe corporate/4.0/i586/quagga-contrib-0.99.3-1.1.20060mlcs4.i586.rpm 725cf792adafc90d58a34178e4066771 corporate/4.0/SRPMS/quagga-0.99.3-1.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64: 92d1d28d06eb4eaff483882a41a5d31b corporate/4.0/x86_64/lib64quagga0-0.99.3-1.1.20060mlcs4.x86_64.rpm ccfa5e5665423f19b0c36ff13db53164 corporate/4.0/x86_64/lib64quagga0-devel-0.99.3-1.1.20060mlcs4.x86_64.rpm a9af90e11e1b9f0485718d4762b1f8fd corporate/4.0/x86_64/quagga-0.99.3-1.1.20060mlcs4.x86_64.rpm 596581e4051d2e02ae2b476e3aa83f74 corporate/4.0/x86_64/quagga-contrib-0.99.3-1.1.20060mlcs4.x86_64.rpm 725cf792adafc90d58a34178e4066771 corporate/4.0/SRPMS/quagga-0.99.3-1.1.20060mlcs4.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFGONI7mqjQ0CJFipgRAhmXAKCr1iOp0SaSv1WdD2EsWJjqR3ZF4ACfZ2FP 56VBScMSKds3eiA29koFg5w= =IS+w -----END PGP SIGNATURE-----
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200705-05
http://security.gentoo.org/
Severity: Normal Title: Quagga: Denial of Service Date: May 02, 2007 Bugs: #174206 ID: 200705-05
Synopsis
A vulnerability has been discovered in Quagga allowing for a Denial of Service.
Background
Quagga is a free routing daemon, supporting RIP, OSPF and BGP protocols.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/quagga < 0.98.6-r2 >= 0.98.6-r2
Description
The Quagga development team reported a vulnerability in the BGP routing deamon when processing NLRI attributes inside UPDATE messages.
Impact
A malicious peer inside a BGP area could send a specially crafted packet to a Quagga instance, possibly resulting in a crash of the Quagga daemon.
Workaround
There is no known workaround at this time.
Resolution
All Quagga users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/quagga-0.98.6-r2"
References
[ 1 ] CVE-2007-1995 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1995
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200705-05.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Debian Security Advisory DSA 1293-1 security@debian.org http://www.debian.org/security/ Martin Schulze May 17th, 2007 http://www.debian.org/security/faq
Package : quagga Vulnerability : out of boundary read Problem type : remote Debian-specific: no CVE ID : CVE-2007-1995 BugTraq ID : 23417 Debian Bug : 418323
Paul Jakma discovered that specially crafted UPDATE messages can trigger an out of boundary read that can result in a system crash of quagga, the BGP/OSPF/RIP routing daemon.
For the old stable distribution (sarge) this problem has been fixed in version 0.98.3-7.4.
For the stable distribution (etch) this problem has been fixed in version 0.99.5-5etch2.
For the unstable distribution (sid) this problem has been fixed in version 0.99.6-5.
We recommend that you upgrade your quagga package.
Upgrade Instructions
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4.dsc
Size/MD5 checksum: 1017 668014e3d7bde772eac63fc2809538c8
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4.diff.gz
Size/MD5 checksum: 45503 ce79e6a7a23c57551af673936957b520
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3.orig.tar.gz
Size/MD5 checksum: 2118348 68be5e911e4d604c0f5959338263356e
Architecture independent components:
http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.98.3-7.4_all.deb
Size/MD5 checksum: 488726 9176bb6c2d44c83c6b0235fe2d787c24
Alpha architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_alpha.deb
Size/MD5 checksum: 1613754 754e865cef5379625e6ac77fc03a1175
AMD64 architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_amd64.deb
Size/MD5 checksum: 1413316 5aa1b7a4d2a9a262d89e6ff050b61140
ARM architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_arm.deb
Size/MD5 checksum: 1290700 071171571b6afb1937cfe6d535a571dc
HP Precision architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_hppa.deb
Size/MD5 checksum: 1447856 c4137c1ad75efb58c080a96aa9c0699e
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_i386.deb
Size/MD5 checksum: 1193528 52640ebe894244e34b98b43150028c01
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_ia64.deb
Size/MD5 checksum: 1829130 27191432085ad6ebff2160874aa06826
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_m68k.deb
Size/MD5 checksum: 1160000 c2f78f24982732c9804de4297c4c2672
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_mips.deb
Size/MD5 checksum: 1353040 6ceb137f2908165b4d1420f56b8be65b
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_mipsel.deb
Size/MD5 checksum: 1355964 a1685523eede48afe70b1861a6b38038
PowerPC architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_powerpc.deb
Size/MD5 checksum: 1317034 2d80694cf741a3ed85617dbf4e7b4776
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_s390.deb
Size/MD5 checksum: 1401630 458f1f892e6ed57677971334589ecc45
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_sparc.deb
Size/MD5 checksum: 1287812 e92233bfc759de15910da4241e27ebd1
Debian GNU/Linux 4.0 alias etch
Source archives:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2.dsc
Size/MD5 checksum: 762 667f0d6ae4984aa499d912b12d9146b9
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2.diff.gz
Size/MD5 checksum: 33122 ac7da5cf6b143338aef2b8c6da3b2b3a
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5.orig.tar.gz
Size/MD5 checksum: 2311140 3f9c71aca6faa22a889e2f84ecfd0076
Architecture independent components:
http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.99.5-5etch2_all.deb
Size/MD5 checksum: 719938 01bcc6c571f620c957e1ea2b5cacf9f6
Alpha architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_alpha.deb
Size/MD5 checksum: 1681634 1f05ece668256dce58fe303801eb80b9
AMD64 architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_amd64.deb
Size/MD5 checksum: 1415656 6e88dd4c6f56eba87c752369590cf486
ARM architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_arm.deb
Size/MD5 checksum: 1347388 c33f7ed4aed2e8f846975ace01cee97c
HP Precision architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_hppa.deb
Size/MD5 checksum: 1531224 22ce4a12ec77dae40ab0d064a7caeb9b
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_i386.deb
Size/MD5 checksum: 1246878 d358565ab725d69a366115ff6ef277c3
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_ia64.deb
Size/MD5 checksum: 1955390 9327ea2cf8778b8cca45d1ccea8092f7
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_mips.deb
Size/MD5 checksum: 1455582 a415e82fd838b9ce0f5badcdf4278770
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_mipsel.deb
Size/MD5 checksum: 1460546 af16aa91c13c54fa84769e3e30d521f0
PowerPC architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_powerpc.deb
Size/MD5 checksum: 1379422 e7f92220a37daac49ddb3b0da124b9f7
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_s390.deb
Size/MD5 checksum: 1482556 87509f6d9afef8940e0b35055f590ed8
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_sparc.deb
Size/MD5 checksum: 1347908 db02aaf16c68dfac81a509b8145ca001
These files will probably be moved into the stable distribution on its next update.
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGTA8+W5ql+IAeqTIRApJFAJ0Zzdee8GfPVGWPY4woGKs4K1av8ACdH6xD EQiEXt1eQaZqI//EEe6eEcI= =NJHp -----END PGP SIGNATURE-----
.
References: [0] http://www.quagga.net/ [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1995
Primary Package Name: quagga Primary Package Home: http://openpkg.org/go/package/quagga
Corrected Distribution: Corrected Branch: Corrected Package: OpenPKG Enterprise E1.0-SOLID quagga-0.99.5-E1.0.1 OpenPKG Community CURRENT quagga-0.99.7-20070430
For security reasons, this document was digitally signed with the OpenPGP public key of the OpenPKG GmbH (public key id 61B7AE34) which you can download from http://openpkg.com/openpkg.com.pgp or retrieve from the OpenPGP keyserver at hkp://pgp.openpkg.org/. Follow the instructions at http://openpkg.com/security/signatures/ for more details on how to verify the integrity of this document
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200704-0182",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quagga",
"scope": "lte",
"trust": 1.8,
"vendor": "quagga",
"version": "0.98.6"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.96.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.96.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.95"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.96"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.96.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.96.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.97.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.97.0"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.97.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.96.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.0"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.5"
},
{
"model": "quagga",
"scope": "lte",
"trust": 0.8,
"vendor": "quagga",
"version": "0.99.6"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3 (x86)"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3 (x86-64)"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "4.0"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "4.0 (x86-64)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "10 (sparc)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "10 (x86)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (ws)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (server)"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5.0 (client)"
},
{
"model": "rhel desktop workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (client)"
},
{
"model": "linux ppc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "1.0"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.1x86-64"
},
{
"model": "linux professional x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10.2"
},
{
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.3"
},
{
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "suse linux open-xchange",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "4.1"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.5"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.10"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.2"
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.3"
},
{
"model": "open-enterprise-server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"model": "novell linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9"
},
{
"model": "unitedlinux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "1.0"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.04"
},
{
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.04"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "hat enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.4"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux ppc",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.1"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.10"
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.1x86"
},
{
"model": "linux personal x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.3"
},
{
"model": "linux enterprise server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "9"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.10"
},
{
"model": "office server",
"scope": null,
"trust": 0.3,
"vendor": "s u s e",
"version": null
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.1"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.2"
},
{
"model": "open-enterprise-server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "1"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.10"
},
{
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "e1.0-solid",
"scope": null,
"trust": 0.3,
"vendor": "openpkg",
"version": null
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux professional",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0"
},
{
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "linux professional oss",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9"
},
{
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0x86"
},
{
"model": "linux professional x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.3"
},
{
"model": "secure linux",
"scope": "eq",
"trust": 0.3,
"vendor": "trustix",
"version": "3.0"
},
{
"model": "suse linux retail solution",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "8.0"
},
{
"model": "linux personal oss",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0"
},
{
"model": "linux enterprise desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "enterprise linux desktop version",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux database server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "0"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "suse linux standard server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "8.0"
},
{
"model": "linux openexchange server",
"scope": null,
"trust": 0.3,
"vendor": "s u s e",
"version": null
},
{
"model": "linux professional",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.1"
},
{
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "linux professional",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.2"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.1"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.6"
},
{
"model": "linux professional",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "10"
},
{
"model": "linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10"
},
{
"model": "novell linux pos",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9"
},
{
"model": "open-enterprise-server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "0"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.3"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux office server",
"scope": null,
"trust": 0.3,
"vendor": "s u s e",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0x86-64"
},
{
"model": "propack sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "3.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "novell linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"model": "linux personal x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10.2"
},
{
"model": "suse linux school server for i386",
"scope": null,
"trust": 0.3,
"vendor": "s u s e",
"version": null
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.2"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "novell linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "1.0"
},
{
"model": "solaris 10 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "current",
"scope": null,
"trust": 0.3,
"vendor": "openpkg",
"version": null
},
{
"model": "linux enterprise sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "9"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.6"
},
{
"model": "secure linux",
"scope": "eq",
"trust": 0.3,
"vendor": "trustix",
"version": "3.0.5"
},
{
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux enterprise sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise server 9-sp3",
"scope": null,
"trust": 0.3,
"vendor": "s u s e",
"version": null
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "linux ppc",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.04"
},
{
"model": "suse linux openexchange server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "4.0"
},
{
"model": "interactive response",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "linux connectivity server",
"scope": null,
"trust": 0.3,
"vendor": "s u s e",
"version": null
},
{
"model": "hat enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "4"
},
{
"model": "hat enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "3"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "suse core for",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9x86"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.04"
}
],
"sources": [
{
"db": "BID",
"id": "23417"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000419"
},
{
"db": "CNNVD",
"id": "CNNVD-200704-215"
},
{
"db": "NVD",
"id": "CVE-2007-1995"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.95:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "0.98.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-1995"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Paul Jakma",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200704-215"
}
],
"trust": 0.6
},
"cve": "CVE-2007-1995",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/severity#"
},
"@id": "https://www.variotdbs.pl/ref/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2007-1995",
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.8,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-1995",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200704-215",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-000419"
},
{
"db": "CNNVD",
"id": "CNNVD-200704-215"
},
{
"db": "NVD",
"id": "CVE-2007-1995"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read. (DoS) There is a vulnerability that becomes a condition.Crafted by a third party UPDATE Service disruption by sending a message (DoS) It may be in a state. Quagga is prone to a remote denial-of-service vulnerability because it fails to handle a malformed multi-protocol message. \nA remote attacker can exploit this issue by submitting a maliciously crafted message to the application. \nSuccessful exploits will cause the Quagga \u0027bgpd\u0027 daemon to abort, denying further service to legitimate users. \nQuagga 0.99.6 and prior versions (0.99 branch) as well as 0.98.6 and prior versions (0.98 branch) are vulnerable. =========================================================== \nUbuntu Security Notice USN-461-1 May 17, 2007\nquagga vulnerability\nCVE-2007-1995\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 6.06 LTS\nUbuntu 6.10\nUbuntu 7.04\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 6.06 LTS:\n quagga 0.99.2-1ubuntu3.1\n\nUbuntu 6.10:\n quagga 0.99.4-4ubuntu1.1\n\nUbuntu 7.04:\n quagga 0.99.6-2ubuntu3.1\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes. \n\nDetails follow:\n\nIt was discovered that Quagga did not correctly verify length \ninformation sent from configured peers. Remote malicious peers could \nsend a specially crafted UPDATE message which would cause bgpd to abort, \nleading to a denial of service. \n \n Updated packages have been patched to correct this issue. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1995\n _______________________________________________________________________\n \n Updated Packages:\n \n Corporate 4.0:\n becaf6ded7283c9c6021b225cdf4610a corporate/4.0/i586/libquagga0-0.99.3-1.1.20060mlcs4.i586.rpm\n 71834dab731b65e7a35a9fdd9732a889 corporate/4.0/i586/libquagga0-devel-0.99.3-1.1.20060mlcs4.i586.rpm\n cfbeb9e74071ffac712e5162f2613ac9 corporate/4.0/i586/quagga-0.99.3-1.1.20060mlcs4.i586.rpm\n 7cde7b9c156b90b8dcc960bfc1e32cbe corporate/4.0/i586/quagga-contrib-0.99.3-1.1.20060mlcs4.i586.rpm \n 725cf792adafc90d58a34178e4066771 corporate/4.0/SRPMS/quagga-0.99.3-1.1.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n 92d1d28d06eb4eaff483882a41a5d31b corporate/4.0/x86_64/lib64quagga0-0.99.3-1.1.20060mlcs4.x86_64.rpm\n ccfa5e5665423f19b0c36ff13db53164 corporate/4.0/x86_64/lib64quagga0-devel-0.99.3-1.1.20060mlcs4.x86_64.rpm\n a9af90e11e1b9f0485718d4762b1f8fd corporate/4.0/x86_64/quagga-0.99.3-1.1.20060mlcs4.x86_64.rpm\n 596581e4051d2e02ae2b476e3aa83f74 corporate/4.0/x86_64/quagga-contrib-0.99.3-1.1.20060mlcs4.x86_64.rpm \n 725cf792adafc90d58a34178e4066771 corporate/4.0/SRPMS/quagga-0.99.3-1.1.20060mlcs4.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFGONI7mqjQ0CJFipgRAhmXAKCr1iOp0SaSv1WdD2EsWJjqR3ZF4ACfZ2FP\n56VBScMSKds3eiA29koFg5w=\n=IS+w\n-----END PGP SIGNATURE-----\n\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 200705-05\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Quagga: Denial of Service\n Date: May 02, 2007\n Bugs: #174206\n ID: 200705-05\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nA vulnerability has been discovered in Quagga allowing for a Denial of\nService. \n\nBackground\n==========\n\nQuagga is a free routing daemon, supporting RIP, OSPF and BGP\nprotocols. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/quagga \u003c 0.98.6-r2 \u003e= 0.98.6-r2\n\nDescription\n===========\n\nThe Quagga development team reported a vulnerability in the BGP routing\ndeamon when processing NLRI attributes inside UPDATE messages. \n\nImpact\n======\n\nA malicious peer inside a BGP area could send a specially crafted\npacket to a Quagga instance, possibly resulting in a crash of the\nQuagga daemon. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Quagga users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/quagga-0.98.6-r2\"\n\nReferences\n==========\n\n [ 1 ] CVE-2007-1995\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1995\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-200705-05.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2007 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1293-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nMay 17th, 2007 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : quagga\nVulnerability : out of boundary read\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2007-1995\nBugTraq ID : 23417\nDebian Bug : 418323\n\nPaul Jakma discovered that specially crafted UPDATE messages can\ntrigger an out of boundary read that can result in a system crash of\nquagga, the BGP/OSPF/RIP routing daemon. \n\nFor the old stable distribution (sarge) this problem has been fixed in\nversion 0.98.3-7.4. \n\nFor the stable distribution (etch) this problem has been fixed in\nversion 0.99.5-5etch2. \n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 0.99.6-5. \n\nWe recommend that you upgrade your quagga package. \n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file. \n\nIf you are using the apt-get package manager, use the line for\nsources.list as given at the end of this advisory:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration. \n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4.dsc\n Size/MD5 checksum: 1017 668014e3d7bde772eac63fc2809538c8\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4.diff.gz\n Size/MD5 checksum: 45503 ce79e6a7a23c57551af673936957b520\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3.orig.tar.gz\n Size/MD5 checksum: 2118348 68be5e911e4d604c0f5959338263356e\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.98.3-7.4_all.deb\n Size/MD5 checksum: 488726 9176bb6c2d44c83c6b0235fe2d787c24\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_alpha.deb\n Size/MD5 checksum: 1613754 754e865cef5379625e6ac77fc03a1175\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_amd64.deb\n Size/MD5 checksum: 1413316 5aa1b7a4d2a9a262d89e6ff050b61140\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_arm.deb\n Size/MD5 checksum: 1290700 071171571b6afb1937cfe6d535a571dc\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_hppa.deb\n Size/MD5 checksum: 1447856 c4137c1ad75efb58c080a96aa9c0699e\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_i386.deb\n Size/MD5 checksum: 1193528 52640ebe894244e34b98b43150028c01\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_ia64.deb\n Size/MD5 checksum: 1829130 27191432085ad6ebff2160874aa06826\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_m68k.deb\n Size/MD5 checksum: 1160000 c2f78f24982732c9804de4297c4c2672\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_mips.deb\n Size/MD5 checksum: 1353040 6ceb137f2908165b4d1420f56b8be65b\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_mipsel.deb\n Size/MD5 checksum: 1355964 a1685523eede48afe70b1861a6b38038\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_powerpc.deb\n Size/MD5 checksum: 1317034 2d80694cf741a3ed85617dbf4e7b4776\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_s390.deb\n Size/MD5 checksum: 1401630 458f1f892e6ed57677971334589ecc45\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_sparc.deb\n Size/MD5 checksum: 1287812 e92233bfc759de15910da4241e27ebd1\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2.dsc\n Size/MD5 checksum: 762 667f0d6ae4984aa499d912b12d9146b9\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2.diff.gz\n Size/MD5 checksum: 33122 ac7da5cf6b143338aef2b8c6da3b2b3a\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5.orig.tar.gz\n Size/MD5 checksum: 2311140 3f9c71aca6faa22a889e2f84ecfd0076\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.99.5-5etch2_all.deb\n Size/MD5 checksum: 719938 01bcc6c571f620c957e1ea2b5cacf9f6\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_alpha.deb\n Size/MD5 checksum: 1681634 1f05ece668256dce58fe303801eb80b9\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_amd64.deb\n Size/MD5 checksum: 1415656 6e88dd4c6f56eba87c752369590cf486\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_arm.deb\n Size/MD5 checksum: 1347388 c33f7ed4aed2e8f846975ace01cee97c\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_hppa.deb\n Size/MD5 checksum: 1531224 22ce4a12ec77dae40ab0d064a7caeb9b\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_i386.deb\n Size/MD5 checksum: 1246878 d358565ab725d69a366115ff6ef277c3\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_ia64.deb\n Size/MD5 checksum: 1955390 9327ea2cf8778b8cca45d1ccea8092f7\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_mips.deb\n Size/MD5 checksum: 1455582 a415e82fd838b9ce0f5badcdf4278770\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_mipsel.deb\n Size/MD5 checksum: 1460546 af16aa91c13c54fa84769e3e30d521f0\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_powerpc.deb\n Size/MD5 checksum: 1379422 e7f92220a37daac49ddb3b0da124b9f7\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_s390.deb\n Size/MD5 checksum: 1482556 87509f6d9afef8940e0b35055f590ed8\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_sparc.deb\n Size/MD5 checksum: 1347908 db02aaf16c68dfac81a509b8145ca001\n\n\n These files will probably be moved into the stable distribution on\n its next update. \n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show \u003cpkg\u003e\u0027 and http://packages.debian.org/\u003cpkg\u003e\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.6 (GNU/Linux)\n\niD8DBQFGTA8+W5ql+IAeqTIRApJFAJ0Zzdee8GfPVGWPY4woGKs4K1av8ACdH6xD\nEQiEXt1eQaZqI//EEe6eEcI=\n=NJHp\n-----END PGP SIGNATURE-----\n\n. \n\nReferences:\n [0] http://www.quagga.net/\n [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1995\n____________________________________________________________________________\n\nPrimary Package Name: quagga\nPrimary Package Home: http://openpkg.org/go/package/quagga\n\nCorrected Distribution: Corrected Branch: Corrected Package:\nOpenPKG Enterprise E1.0-SOLID quagga-0.99.5-E1.0.1\nOpenPKG Community CURRENT quagga-0.99.7-20070430\n____________________________________________________________________________\n\nFor security reasons, this document was digitally signed with the\nOpenPGP public key of the OpenPKG GmbH (public key id 61B7AE34)\nwhich you can download from http://openpkg.com/openpkg.com.pgp\nor retrieve from the OpenPGP keyserver at hkp://pgp.openpkg.org/. \nFollow the instructions at http://openpkg.com/security/signatures/\nfor more details on how to verify the integrity of this document",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-1995"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000419"
},
{
"db": "BID",
"id": "23417"
},
{
"db": "PACKETSTORM",
"id": "56853"
},
{
"db": "PACKETSTORM",
"id": "56424"
},
{
"db": "PACKETSTORM",
"id": "56418"
},
{
"db": "PACKETSTORM",
"id": "56818"
},
{
"db": "PACKETSTORM",
"id": "56854"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-1995",
"trust": 3.2
},
{
"db": "BID",
"id": "23417",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "24808",
"trust": 2.4
},
{
"db": "SECUNIA",
"id": "29743",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "25084",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "25428",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "25255",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "25312",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "25119",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "25293",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2008-1195",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2007-1336",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1018142",
"trust": 1.6
},
{
"db": "XF",
"id": "33547",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000419",
"trust": 0.8
},
{
"db": "DEBIAN",
"id": "DSA-1293",
"trust": 0.6
},
{
"db": "TRUSTIX",
"id": "2007-0017",
"trust": 0.6
},
{
"db": "UBUNTU",
"id": "USN-461-1",
"trust": 0.6
},
{
"db": "SUSE",
"id": "SUSE-SR:2007:009",
"trust": 0.6
},
{
"db": "GENTOO",
"id": "GLSA-200705-05",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2007:0389",
"trust": 0.6
},
{
"db": "OPENPKG",
"id": "OPENPKG-SA-2007.015",
"trust": 0.6
},
{
"db": "MANDRIVA",
"id": "MDKSA-2007:096",
"trust": 0.6
},
{
"db": "SUNALERT",
"id": "236141",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200704-215",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "56853",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "56424",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "56418",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "56818",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "56854",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "23417"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000419"
},
{
"db": "PACKETSTORM",
"id": "56853"
},
{
"db": "PACKETSTORM",
"id": "56424"
},
{
"db": "PACKETSTORM",
"id": "56418"
},
{
"db": "PACKETSTORM",
"id": "56818"
},
{
"db": "PACKETSTORM",
"id": "56854"
},
{
"db": "CNNVD",
"id": "CNNVD-200704-215"
},
{
"db": "NVD",
"id": "CVE-2007-1995"
}
]
},
"id": "VAR-200704-0182",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.1590909
},
"last_update_date": "2022-05-29T21:15:25.945000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "quagga-0.98.6-5.1AXS3",
"trust": 0.8,
"url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=277"
},
{
"title": "1030",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/update/list.php?errata_id=1030"
},
{
"title": "2007-04-08",
"trust": 0.8,
"url": "http://www.quagga.net/news2.php?y=2007\u0026m=4\u0026d=8#id1176073740"
},
{
"title": "id354",
"trust": 0.8,
"url": "http://bugzilla.quagga.net/show_bug.cgi?id=354"
},
{
"title": "id355",
"trust": 0.8,
"url": "http://bugzilla.quagga.net/show_bug.cgi?id=355"
},
{
"title": "RHSA-2007:0389",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2007-0389.html"
},
{
"title": "236141",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-236141-1"
},
{
"title": "RHSA-2007:0389",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2007-0389j.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-000419"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-000419"
},
{
"db": "NVD",
"id": "CVE-2007-1995"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://secunia.com/advisories/24808"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/23417"
},
{
"trust": 1.9,
"url": "http://www.quagga.net/news2.php?y=2007\u0026m=4\u0026d=8#id1176073740"
},
{
"trust": 1.7,
"url": "http://security.gentoo.org/glsa/glsa-200705-05.xml"
},
{
"trust": 1.6,
"url": "http://www.ubuntu.com/usn/usn-461-1"
},
{
"trust": 1.6,
"url": "http://www.trustix.org/errata/2007/0017/"
},
{
"trust": 1.6,
"url": "http://www.novell.com/linux/security/advisories/2007_9_sr.html"
},
{
"trust": 1.6,
"url": "http://www.debian.org/security/2007/dsa-1293"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/25312"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/25293"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/25255"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/25119"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/25084"
},
{
"trust": 1.6,
"url": "http://bugzilla.quagga.net/show_bug.cgi?id=355"
},
{
"trust": 1.6,
"url": "http://bugzilla.quagga.net/show_bug.cgi?id=354"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id?1018142"
},
{
"trust": 1.6,
"url": "http://www.redhat.com/support/errata/rhsa-2007-0389.html"
},
{
"trust": 1.6,
"url": "http://www.openpkg.com/security/advisories/openpkg-sa-2007.015.html"
},
{
"trust": 1.6,
"url": "http://www.mandriva.com/security/advisories?name=mdksa-2007:096"
},
{
"trust": 1.6,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-236141-1"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/29743"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/25428"
},
{
"trust": 1.4,
"url": "http://www.frsirt.com/english/advisories/2007/1336"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/33547"
},
{
"trust": 1.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1995"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2008/1195/references"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2007/1336"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33547"
},
{
"trust": 1.0,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11048"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-1995"
},
{
"trust": 0.6,
"url": "http://frontal2.mandriva.com/security/advisories?name=mdksa-2007:096"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2008/1195/references"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-1995"
},
{
"trust": 0.4,
"url": "http://www.quagga.net/"
},
{
"trust": 0.3,
"url": "https://rhn.redhat.com/errata/rhsa-2007-0389.html"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-236141-1"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/elmodocs2/security/asa-2008-176.htm"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6-2ubuntu3.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4-4ubuntu1.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.1.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4-4ubuntu1.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4-4ubuntu1.1.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6-2ubuntu3.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4-4ubuntu1.1.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6-2ubuntu3.1.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6-2ubuntu3.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.2-1ubuntu3.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6-2ubuntu3.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.4-4ubuntu1.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.1.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6-2ubuntu3.1.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4-4ubuntu1.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4-4ubuntu1.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.6-2ubuntu3.1_all.deb"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.1,
"url": "http://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.98.3-7.4_all.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_m68k.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_ia64.deb"
},
{
"trust": 0.1,
"url": "http://packages.debian.org/\u003cpkg\u003e"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.99.5-5etch2_all.deb"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2.diff.gz"
},
{
"trust": 0.1,
"url": "http://openpkg.com/security/signatures/"
},
{
"trust": 0.1,
"url": "http://openpkg.com/\u003e"
},
{
"trust": 0.1,
"url": "http://openpkg.com/go/openpkg-sa-2007.015"
},
{
"trust": 0.1,
"url": "http://openpkg.com/"
},
{
"trust": 0.1,
"url": "http://openpkg.com/go/openpkg-sa"
},
{
"trust": 0.1,
"url": "http://openpkg.org/go/package/quagga"
},
{
"trust": 0.1,
"url": "http://openpkg.com/openpkg.com.pgp"
}
],
"sources": [
{
"db": "BID",
"id": "23417"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000419"
},
{
"db": "PACKETSTORM",
"id": "56853"
},
{
"db": "PACKETSTORM",
"id": "56424"
},
{
"db": "PACKETSTORM",
"id": "56418"
},
{
"db": "PACKETSTORM",
"id": "56818"
},
{
"db": "PACKETSTORM",
"id": "56854"
},
{
"db": "CNNVD",
"id": "CNNVD-200704-215"
},
{
"db": "NVD",
"id": "CVE-2007-1995"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "23417"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000419"
},
{
"db": "PACKETSTORM",
"id": "56853"
},
{
"db": "PACKETSTORM",
"id": "56424"
},
{
"db": "PACKETSTORM",
"id": "56418"
},
{
"db": "PACKETSTORM",
"id": "56818"
},
{
"db": "PACKETSTORM",
"id": "56854"
},
{
"db": "CNNVD",
"id": "CNNVD-200704-215"
},
{
"db": "NVD",
"id": "CVE-2007-1995"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-04-11T00:00:00",
"db": "BID",
"id": "23417"
},
{
"date": "2007-06-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-000419"
},
{
"date": "2007-05-21T03:55:14",
"db": "PACKETSTORM",
"id": "56853"
},
{
"date": "2007-05-03T07:51:36",
"db": "PACKETSTORM",
"id": "56424"
},
{
"date": "2007-05-03T07:27:55",
"db": "PACKETSTORM",
"id": "56418"
},
{
"date": "2007-05-21T02:44:19",
"db": "PACKETSTORM",
"id": "56818"
},
{
"date": "2007-05-21T03:57:45",
"db": "PACKETSTORM",
"id": "56854"
},
{
"date": "2007-04-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200704-215"
},
{
"date": "2007-04-12T10:19:00",
"db": "NVD",
"id": "CVE-2007-1995"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-04-23T16:27:00",
"db": "BID",
"id": "23417"
},
{
"date": "2008-10-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-000419"
},
{
"date": "2007-10-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200704-215"
},
{
"date": "2017-10-11T01:32:00",
"db": "NVD",
"id": "CVE-2007-1995"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "56853"
},
{
"db": "PACKETSTORM",
"id": "56424"
},
{
"db": "CNNVD",
"id": "CNNVD-200704-215"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Quagga BGPD UPDATE Message Remote Denial Of Service Vulnerability",
"sources": [
{
"db": "BID",
"id": "23417"
},
{
"db": "CNNVD",
"id": "CNNVD-200704-215"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200704-215"
}
],
"trust": 0.6
}
}
var-200905-0194
Vulnerability from variot
The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote attackers to cause a denial of service (crash) via an AS path containing ASN elements whose string representation is longer than expected, which triggers an assert error. Quagga is prone to a remote denial-of-service vulnerability. Exploiting this issue allows remote attackers to cause the vulnerable process to crash, denying further service to legitimate users. Quagga 0.99.11 is vulnerable; other versions may also be affected. ----------------------------------------------------------------------
Are you missing:
SECUNIA ADVISORY ID:
Critical:
Impact:
Where:
within the advisory below?
This is now part of the Secunia commercial solutions.
-- Debian GNU/Linux 5.0 alias lenny --
Source archives:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10.orig.tar.gz Size/MD5 checksum: 2424191 c7a2d92e1c42214afef9b2e1cd4b5d06 http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2.diff.gz Size/MD5 checksum: 40070 b72e19ed913b32923cf4ef293c67f71c http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2.dsc Size/MD5 checksum: 1651 a8ef80d57fd5a5a5b08c7ccc70e6a179
Architecture independent packages:
http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.99.10-1lenny2_all.deb Size/MD5 checksum: 661226 720947423143cb35eb5c26a0d420066b
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_alpha.deb Size/MD5 checksum: 1902736 570becd04ecb3dd8a0581010884928df
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_amd64.deb Size/MD5 checksum: 1748838 f3fcd731d119c422463c36bb4f08be1a
arm architecture (ARM)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_arm.deb Size/MD5 checksum: 1449222 6b654e2d4e1a4f00169309ebbbd3dbf9
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_hppa.deb Size/MD5 checksum: 1681872 8894106d57df0a3d92bb84f148150c2d
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_i386.deb Size/MD5 checksum: 1606310 80046937a2da8a949a8167f753a583ce
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_mipsel.deb Size/MD5 checksum: 1600660 716f61415932929c2f668f99faea448e
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_powerpc.deb Size/MD5 checksum: 1715848 995194031d563994b7d77018d8a4ca3e
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_s390.deb Size/MD5 checksum: 1794568 b1b47e8dae153461f73c98a61c653e1e
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_sparc.deb Size/MD5 checksum: 1670342 18f98f0978f510ac18636ca1ccc9dfe7
-- Debian GNU/Linux unstable alias sid --
Fixed in version 0.99.11-2.
Updated packages are available that bring Quagga to version 0.99.12 which provides numerous bugfixes over the previous 0.99.9 version, and also corrects this issue.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1572
Updated Packages:
Corporate 4.0: 48c1d2504e08d2a26ac6ace2bc01124d corporate/4.0/i586/libquagga0-0.99.12-0.1.20060mlcs4.i586.rpm df93a452f47b8926f65a51231dd11f36 corporate/4.0/i586/libquagga0-devel-0.99.12-0.1.20060mlcs4.i586.rpm d2386e488423fbb81e44cb6dda4de9df corporate/4.0/i586/quagga-0.99.12-0.1.20060mlcs4.i586.rpm d4b9c5e2cec03ce49a76adcfe0e4a42e corporate/4.0/i586/quagga-contrib-0.99.12-0.1.20060mlcs4.i586.rpm 15e76c29c25f7730eae72c18da15b772 corporate/4.0/SRPMS/quagga-0.99.12-0.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64: afc986d05e0bde73541f0cfe5b147d2c corporate/4.0/x86_64/lib64quagga0-0.99.12-0.1.20060mlcs4.x86_64.rpm 4cc0bec07f2b919abeac75dc06d7f3c0 corporate/4.0/x86_64/lib64quagga0-devel-0.99.12-0.1.20060mlcs4.x86_64.rpm 3d606fef235993483e9a448665e4e377 corporate/4.0/x86_64/quagga-0.99.12-0.1.20060mlcs4.x86_64.rpm f549ced36115d6609ac835c5aca0863d corporate/4.0/x86_64/quagga-contrib-0.99.12-0.1.20060mlcs4.x86_64.rpm 15e76c29c25f7730eae72c18da15b772 corporate/4.0/SRPMS/quagga-0.99.12-0.1.20060mlcs4.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFKBsjAmqjQ0CJFipgRAkoyAJ4o+uz6I6p3tycZQfB5GbqTsTL5TwCgjJHK lIRHZW4+jB0P4UXMSyVUpxo= =2fxe -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . =========================================================== Ubuntu Security Notice USN-775-1 May 12, 2009 quagga vulnerability CVE-2009-1572 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 6.06 LTS: quagga 0.99.2-1ubuntu3.5
Ubuntu 8.04 LTS: quagga 0.99.9-2ubuntu1.2
Ubuntu 8.10: quagga 0.99.9-6ubuntu0.1
Ubuntu 9.04: quagga 0.99.11-1ubuntu0.1
In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
It was discovered that the BGP service in Quagga did not correctly handle certain AS paths containing 4-byte ASNs. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability intelligence source on the market.
Implement it through Secunia.
For more information visit: http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com
TITLE: SUSE Update for Multiple Packages
SECUNIA ADVISORY ID: SA35685
VERIFY ADVISORY: http://secunia.com/advisories/35685/
DESCRIPTION: SUSE has issued an update for multiple packages. This fixes some vulnerabilities, which can be exploited by malicious users to disclose sensitive information, manipulate certain data, and by malicious people to disclose sensitive information, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
For more information: SA33338 SA33853 SA33884 SA34035 SA34481 SA34746 SA34797 SA35021 SA35128 SA35216 SA35296 SA35344 SA35422
1) A boundary error exists within the "pg_db_putline()" function in perl-DBD-Pg's dbdimp.c. This can be exploited to cause a heap-based buffer overflow if malicious rows are retrieved from the database using the "pg_getline()" or "getline()" function.
2) A memory leak exists within the function "dequote_bytea()" in perl-DBD-Pg's quote.c, which can be exploited to cause a memory exhaustion.
3) Various integer overflow errors exist within the "pdftops" application. This can be exploited to e.g. cause a crash or potentially execute arbitrary code by printing a specially crafted PDF file.
4) A vulnerability is caused due to an assertion error in bgpd when handling an AS path containing multiple 4 byte AS numbers, which can be exploited to crash to the daemon by advertising specially crafted AS paths.
SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server.
ORIGINAL ADVISORY: SUSE-SR:2009:012: http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
OTHER REFERENCES: SA33338: http://secunia.com/advisories/33338/
SA33853: http://secunia.com/advisories/33853/
SA33884: http://secunia.com/advisories/33884/
SA34035: http://secunia.com/advisories/34035/
SA34481: http://secunia.com/advisories/34481/
SA34746: http://secunia.com/advisories/34746/
SA34797: http://secunia.com/advisories/34797/
SA35021: http://secunia.com/advisories/35021/
SA35128: http://secunia.com/advisories/35128/
SA35216: http://secunia.com/advisories/35216/
SA35296: http://secunia.com/advisories/35296/
SA35344: http://secunia.com/advisories/35344/
SA35422: http://secunia.com/advisories/35422/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200905-0194",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quagga",
"scope": "lte",
"trust": 1.8,
"vendor": "quagga",
"version": "0.99.11"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.98.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.9"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.96.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.98.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.7"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.98.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.98.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.10"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.8"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.0"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.0"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.6"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.6"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.95"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.6,
"vendor": "quagga",
"version": "0.99.11"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux enterprise server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "9"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "9"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise desktop sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise desktop sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise sp2 debuginfo",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise sp1 debuginfo",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "suse linux enterprise server rt solution",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "100"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.1"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.0"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.3"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.11"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.9"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.8"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.7"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.6"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.5"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.4"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.3"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.2"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.1"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.6"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.5"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.3"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.97.3"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.4"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.3"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.2"
},
{
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
}
],
"sources": [
{
"db": "BID",
"id": "34817"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002713"
},
{
"db": "CNNVD",
"id": "CNNVD-200905-076"
},
{
"db": "NVD",
"id": "CVE-2009-1572"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "0.99.11",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.95:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1572"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Chris Caputo",
"sources": [
{
"db": "BID",
"id": "34817"
},
{
"db": "CNNVD",
"id": "CNNVD-200905-076"
}
],
"trust": 0.9
},
"cve": "CVE-2009-1572",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2009-1572",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 1.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-1572",
"trust": 1.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200905-076",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002713"
},
{
"db": "CNNVD",
"id": "CNNVD-200905-076"
},
{
"db": "NVD",
"id": "CVE-2009-1572"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote attackers to cause a denial of service (crash) via an AS path containing ASN elements whose string representation is longer than expected, which triggers an assert error. Quagga is prone to a remote denial-of-service vulnerability. \nExploiting this issue allows remote attackers to cause the vulnerable process to crash, denying further service to legitimate users. \nQuagga 0.99.11 is vulnerable; other versions may also be affected. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\n-- Debian GNU/Linux 5.0 alias lenny --\n\nSource archives:\n\nhttp://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10.orig.tar.gz\nSize/MD5 checksum: 2424191 c7a2d92e1c42214afef9b2e1cd4b5d06\nhttp://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2.diff.gz\nSize/MD5 checksum: 40070 b72e19ed913b32923cf4ef293c67f71c\nhttp://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2.dsc\nSize/MD5 checksum: 1651 a8ef80d57fd5a5a5b08c7ccc70e6a179\n\nArchitecture independent packages:\n\nhttp://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.99.10-1lenny2_all.deb\nSize/MD5 checksum: 661226 720947423143cb35eb5c26a0d420066b\n\nalpha architecture (DEC Alpha)\n\nhttp://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_alpha.deb\nSize/MD5 checksum: 1902736 570becd04ecb3dd8a0581010884928df\n\namd64 architecture (AMD x86_64 (AMD64))\n\nhttp://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_amd64.deb\nSize/MD5 checksum: 1748838 f3fcd731d119c422463c36bb4f08be1a\n\narm architecture (ARM)\n\nhttp://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_arm.deb\nSize/MD5 checksum: 1449222 6b654e2d4e1a4f00169309ebbbd3dbf9\n\nhppa architecture (HP PA RISC)\n\nhttp://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_hppa.deb\nSize/MD5 checksum: 1681872 8894106d57df0a3d92bb84f148150c2d\n\ni386 architecture (Intel ia32)\n\nhttp://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_i386.deb\nSize/MD5 checksum: 1606310 80046937a2da8a949a8167f753a583ce\n\nmipsel architecture (MIPS (Little Endian))\n\nhttp://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_mipsel.deb\nSize/MD5 checksum: 1600660 716f61415932929c2f668f99faea448e\n\npowerpc architecture (PowerPC)\n\nhttp://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_powerpc.deb\nSize/MD5 checksum: 1715848 995194031d563994b7d77018d8a4ca3e\n\ns390 architecture (IBM S/390)\n\nhttp://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_s390.deb\nSize/MD5 checksum: 1794568 b1b47e8dae153461f73c98a61c653e1e\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\nhttp://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_sparc.deb\nSize/MD5 checksum: 1670342 18f98f0978f510ac18636ca1ccc9dfe7\n\n-- Debian GNU/Linux unstable alias sid --\n\nFixed in version 0.99.11-2. \n \n Updated packages are available that bring Quagga to version 0.99.12\n which provides numerous bugfixes over the previous 0.99.9 version,\n and also corrects this issue. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1572\n _______________________________________________________________________\n\n Updated Packages:\n\n Corporate 4.0:\n 48c1d2504e08d2a26ac6ace2bc01124d corporate/4.0/i586/libquagga0-0.99.12-0.1.20060mlcs4.i586.rpm\n df93a452f47b8926f65a51231dd11f36 corporate/4.0/i586/libquagga0-devel-0.99.12-0.1.20060mlcs4.i586.rpm\n d2386e488423fbb81e44cb6dda4de9df corporate/4.0/i586/quagga-0.99.12-0.1.20060mlcs4.i586.rpm\n d4b9c5e2cec03ce49a76adcfe0e4a42e corporate/4.0/i586/quagga-contrib-0.99.12-0.1.20060mlcs4.i586.rpm \n 15e76c29c25f7730eae72c18da15b772 corporate/4.0/SRPMS/quagga-0.99.12-0.1.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n afc986d05e0bde73541f0cfe5b147d2c corporate/4.0/x86_64/lib64quagga0-0.99.12-0.1.20060mlcs4.x86_64.rpm\n 4cc0bec07f2b919abeac75dc06d7f3c0 corporate/4.0/x86_64/lib64quagga0-devel-0.99.12-0.1.20060mlcs4.x86_64.rpm\n 3d606fef235993483e9a448665e4e377 corporate/4.0/x86_64/quagga-0.99.12-0.1.20060mlcs4.x86_64.rpm\n f549ced36115d6609ac835c5aca0863d corporate/4.0/x86_64/quagga-contrib-0.99.12-0.1.20060mlcs4.x86_64.rpm \n 15e76c29c25f7730eae72c18da15b772 corporate/4.0/SRPMS/quagga-0.99.12-0.1.20060mlcs4.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFKBsjAmqjQ0CJFipgRAkoyAJ4o+uz6I6p3tycZQfB5GbqTsTL5TwCgjJHK\nlIRHZW4+jB0P4UXMSyVUpxo=\n=2fxe\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. ===========================================================\nUbuntu Security Notice USN-775-1 May 12, 2009\nquagga vulnerability\nCVE-2009-1572\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 6.06 LTS\nUbuntu 8.04 LTS\nUbuntu 8.10\nUbuntu 9.04\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 6.06 LTS:\n quagga 0.99.2-1ubuntu3.5\n\nUbuntu 8.04 LTS:\n quagga 0.99.9-2ubuntu1.2\n\nUbuntu 8.10:\n quagga 0.99.9-6ubuntu0.1\n\nUbuntu 9.04:\n quagga 0.99.11-1ubuntu0.1\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes. \n\nDetails follow:\n\nIt was discovered that the BGP service in Quagga did not correctly\nhandle certain AS paths containing 4-byte ASNs. ----------------------------------------------------------------------\n\nDo you have VARM strategy implemented?\n\n(Vulnerability Assessment Remediation Management) \n\nIf not, then implement it through the most reliable vulnerability\nintelligence source on the market. \n\nImplement it through Secunia. \n\nFor more information visit:\nhttp://secunia.com/advisories/business_solutions/\n\nAlternatively request a call from a Secunia representative today to\ndiscuss how we can help you with our capabilities contact us at:\nsales@secunia.com\n\n----------------------------------------------------------------------\n\nTITLE:\nSUSE Update for Multiple Packages\n\nSECUNIA ADVISORY ID:\nSA35685\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/35685/\n\nDESCRIPTION:\nSUSE has issued an update for multiple packages. This fixes some\nvulnerabilities, which can be exploited by malicious users to\ndisclose sensitive information, manipulate certain data, and by\nmalicious people to disclose sensitive information, cause a DoS\n(Denial of Service), and potentially compromise a vulnerable system. \n\nFor more information:\nSA33338\nSA33853\nSA33884\nSA34035\nSA34481\nSA34746\nSA34797\nSA35021\nSA35128\nSA35216\nSA35296\nSA35344\nSA35422\n\n1) A boundary error exists within the \"pg_db_putline()\" function in\nperl-DBD-Pg\u0027s dbdimp.c. This can be exploited to cause a heap-based\nbuffer overflow if malicious rows are retrieved from the database\nusing the \"pg_getline()\" or \"getline()\" function. \n\n2) A memory leak exists within the function \"dequote_bytea()\" in\nperl-DBD-Pg\u0027s quote.c, which can be exploited to cause a memory\nexhaustion. \n\n3) Various integer overflow errors exist within the \"pdftops\"\napplication. This can be exploited to e.g. cause a crash or\npotentially execute arbitrary code by printing a specially crafted\nPDF file. \n\n4) A vulnerability is caused due to an assertion error in bgpd when\nhandling an AS path containing multiple 4 byte AS numbers, which can\nbe exploited to crash to the daemon by advertising specially crafted\nAS paths. \n\nSOLUTION:\nApply updated packages via YaST Online Update or the SUSE FTP server. \n\nORIGINAL ADVISORY:\nSUSE-SR:2009:012:\nhttp://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html\n\nOTHER REFERENCES:\nSA33338:\nhttp://secunia.com/advisories/33338/\n\nSA33853:\nhttp://secunia.com/advisories/33853/\n\nSA33884:\nhttp://secunia.com/advisories/33884/\n\nSA34035:\nhttp://secunia.com/advisories/34035/\n\nSA34481:\nhttp://secunia.com/advisories/34481/\n\nSA34746:\nhttp://secunia.com/advisories/34746/\n\nSA34797:\nhttp://secunia.com/advisories/34797/\n\nSA35021:\nhttp://secunia.com/advisories/35021/\n\nSA35128:\nhttp://secunia.com/advisories/35128/\n\nSA35216:\nhttp://secunia.com/advisories/35216/\n\nSA35296:\nhttp://secunia.com/advisories/35296/\n\nSA35344:\nhttp://secunia.com/advisories/35344/\n\nSA35422:\nhttp://secunia.com/advisories/35422/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1572"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002713"
},
{
"db": "BID",
"id": "34817"
},
{
"db": "PACKETSTORM",
"id": "77439"
},
{
"db": "PACKETSTORM",
"id": "77275"
},
{
"db": "PACKETSTORM",
"id": "77391"
},
{
"db": "PACKETSTORM",
"id": "77460"
},
{
"db": "PACKETSTORM",
"id": "77750"
},
{
"db": "PACKETSTORM",
"id": "78953"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-1572",
"trust": 2.9
},
{
"db": "BID",
"id": "34817",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "35061",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "34999",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "35203",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "35685",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2009/05/01/2",
"trust": 1.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2009/05/01/1",
"trust": 1.6
},
{
"db": "OSVDB",
"id": "54200",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1022164",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002713",
"trust": 0.8
},
{
"db": "UBUNTU",
"id": "USN-775-1",
"trust": 0.6
},
{
"db": "MLIST",
"id": "[OSS-SECURITY] 20090501 RE: CVE REQUEST (SORT OF): QUAGGA BGP CRASHER",
"trust": 0.6
},
{
"db": "MLIST",
"id": "[OSS-SECURITY] 20090501 CVE REQUEST (SORT OF): QUAGGA BGP CRASHER",
"trust": 0.6
},
{
"db": "MLIST",
"id": "[QUAGGA-DEV] 20090203 [QUAGGA-DEV 6391] [PATCH] BGP 4-BYTE ASN BUG FIXES",
"trust": 0.6
},
{
"db": "DEBIAN",
"id": "DSA-1788",
"trust": 0.6
},
{
"db": "MANDRIVA",
"id": "MDVSA-2009:109",
"trust": 0.6
},
{
"db": "FEDORA",
"id": "FEDORA-2009-5324",
"trust": 0.6
},
{
"db": "FEDORA",
"id": "FEDORA-2009-5284",
"trust": 0.6
},
{
"db": "XF",
"id": "50317",
"trust": 0.6
},
{
"db": "SUSE",
"id": "SUSE-SR:2009:012",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200905-076",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "77439",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77275",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77391",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77460",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "77750",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "78953",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34817"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002713"
},
{
"db": "PACKETSTORM",
"id": "77439"
},
{
"db": "PACKETSTORM",
"id": "77275"
},
{
"db": "PACKETSTORM",
"id": "77391"
},
{
"db": "PACKETSTORM",
"id": "77460"
},
{
"db": "PACKETSTORM",
"id": "77750"
},
{
"db": "PACKETSTORM",
"id": "78953"
},
{
"db": "CNNVD",
"id": "CNNVD-200905-076"
},
{
"db": "NVD",
"id": "CVE-2009-1572"
}
]
},
"id": "VAR-200905-0194",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.1590909
},
"last_update_date": "2022-05-04T07:50:34.944000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Index of /releases/quagga",
"trust": 0.8,
"url": "http://download.savannah.gnu.org/releases/quagga/"
},
{
"title": "Multiple Denial of Service vulnerabilities in Quagga",
"trust": 0.8,
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_denial_of_service_vulnerabilities4"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002713"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002713"
},
{
"db": "NVD",
"id": "CVE-2009-1572"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://marc.info/?l=quagga-dev\u0026m=123364779626078\u0026w=2"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-may/msg01037.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"trust": 1.6,
"url": "http://www.debian.org/security/2009/dsa-1788"
},
{
"trust": 1.6,
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526311"
},
{
"trust": 1.6,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-may/msg01107.html"
},
{
"trust": 1.6,
"url": "http://www.ubuntu.com/usn/usn-775-1"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id?1022164"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/34817"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/54200"
},
{
"trust": 1.6,
"url": "http://www.openwall.com/lists/oss-security/2009/05/01/2"
},
{
"trust": 1.6,
"url": "http://www.openwall.com/lists/oss-security/2009/05/01/1"
},
{
"trust": 1.6,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2009:109"
},
{
"trust": 1.6,
"url": "http://thread.gmane.org/gmane.network.quagga.devel/6513"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/35685"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/35203"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/35061"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/34999"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50317"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1572"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-1572"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/50317"
},
{
"trust": 0.4,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.4,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.4,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.4,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.3,
"url": "http://groups.google.com/group/linux.debian.bugs.dist/browse_thread/thread/c2b15dbcccedc2ea"
},
{
"trust": 0.3,
"url": "http://www.quagga.net/"
},
{
"trust": 0.3,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.5_i386.deb"
},
{
"trust": 0.2,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-6ubuntu0.1_sparc.deb"
},
{
"trust": 0.2,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.11-1ubuntu0.1_sparc.deb"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.9-2ubuntu1.2_all.deb"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.5.dsc"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.2.dsc"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-6ubuntu0.1_i386.deb"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.11-1ubuntu0.1_all.deb"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.5_powerpc.deb"
},
{
"trust": 0.2,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.2_sparc.deb"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.11-1ubuntu0.1_i386.deb"
},
{
"trust": 0.2,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.2_lpia.deb"
},
{
"trust": 0.2,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.2_powerpc.deb"
},
{
"trust": 0.2,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-6ubuntu0.1_lpia.deb"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.5_amd64.deb"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-6ubuntu0.1.dsc"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.2_amd64.deb"
},
{
"trust": 0.2,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.11-1ubuntu0.1_lpia.deb"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-6ubuntu0.1.diff.gz"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2.orig.tar.gz"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9.orig.tar.gz"
},
{
"trust": 0.2,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.11-1ubuntu0.1_powerpc.deb"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.2-1ubuntu3.5_all.deb"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.9-6ubuntu0.1_all.deb"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.11-1ubuntu0.1.dsc"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.5.diff.gz"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.5_sparc.deb"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.2_i386.deb"
},
{
"trust": 0.2,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-6ubuntu0.1_powerpc.deb"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.2.diff.gz"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-6ubuntu0.1_amd64.deb"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.11.orig.tar.gz"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.11-1ubuntu0.1_amd64.deb"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.11-1ubuntu0.1.diff.gz"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1572"
},
{
"trust": 0.1,
"url": "https://lists.ubuntu.com/archives/ubuntu-security-announce/2009-may/000902.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35061/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.99.10-1lenny2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_i386.deb"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/34999/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_s390.deb"
},
{
"trust": 0.1,
"url": "http://lists.debian.org/debian-security-announce/2009/msg00099.html"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_arm.deb"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35203/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/34797/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35296/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/34481/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35422/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/33853/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35216/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35685/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35021/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/34035/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/33884/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35344/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/34746/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/33338/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35128/"
}
],
"sources": [
{
"db": "BID",
"id": "34817"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002713"
},
{
"db": "PACKETSTORM",
"id": "77439"
},
{
"db": "PACKETSTORM",
"id": "77275"
},
{
"db": "PACKETSTORM",
"id": "77391"
},
{
"db": "PACKETSTORM",
"id": "77460"
},
{
"db": "PACKETSTORM",
"id": "77750"
},
{
"db": "PACKETSTORM",
"id": "78953"
},
{
"db": "CNNVD",
"id": "CNNVD-200905-076"
},
{
"db": "NVD",
"id": "CVE-2009-1572"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34817"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002713"
},
{
"db": "PACKETSTORM",
"id": "77439"
},
{
"db": "PACKETSTORM",
"id": "77275"
},
{
"db": "PACKETSTORM",
"id": "77391"
},
{
"db": "PACKETSTORM",
"id": "77460"
},
{
"db": "PACKETSTORM",
"id": "77750"
},
{
"db": "PACKETSTORM",
"id": "78953"
},
{
"db": "CNNVD",
"id": "CNNVD-200905-076"
},
{
"db": "NVD",
"id": "CVE-2009-1572"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-30T00:00:00",
"db": "BID",
"id": "34817"
},
{
"date": "2012-04-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-002713"
},
{
"date": "2009-05-13T07:18:17",
"db": "PACKETSTORM",
"id": "77439"
},
{
"date": "2009-05-05T14:42:57",
"db": "PACKETSTORM",
"id": "77275"
},
{
"date": "2009-05-11T03:05:32",
"db": "PACKETSTORM",
"id": "77391"
},
{
"date": "2009-05-13T16:52:18",
"db": "PACKETSTORM",
"id": "77460"
},
{
"date": "2009-05-24T05:47:14",
"db": "PACKETSTORM",
"id": "77750"
},
{
"date": "2009-07-06T14:42:32",
"db": "PACKETSTORM",
"id": "78953"
},
{
"date": "2009-04-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200905-076"
},
{
"date": "2009-05-06T17:30:00",
"db": "NVD",
"id": "CVE-2009-1572"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-13T21:21:00",
"db": "BID",
"id": "34817"
},
{
"date": "2012-04-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-002713"
},
{
"date": "2009-06-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200905-076"
},
{
"date": "2017-08-17T01:30:00",
"db": "NVD",
"id": "CVE-2009-1572"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "77391"
},
{
"db": "PACKETSTORM",
"id": "77460"
},
{
"db": "CNNVD",
"id": "CNNVD-200905-076"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Quagga of BGP Service disruption in daemon ( crash ) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002713"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200905-076"
}
],
"trust": 0.6
}
}
var-201110-0451
Vulnerability from variot
The ospf6_lsa_is_changed function in ospf6_lsa.c in the OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via trailing zero values in the Link State Advertisement (LSA) header list of an IPv6 Database Description message. Quagga contains five remote component vulnerabilities due to issues when handling BGP, OSPF, and OSPFv3 packets. A buffer overflow vulnerability 2. Multiple denial-of-service vulnerabilities Exploiting these issues allows remote attackers to cause the daemon to crash (denying further service to legitimate users) or allows attackers to execute arbitrary code within the context of the affected application. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All Quagga users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/quagga-0.99.20 "
References
[ 1 ] CVE-2010-1674 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1674 [ 2 ] CVE-2010-1675 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1675 [ 3 ] CVE-2010-2948 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2948 [ 4 ] CVE-2010-2949 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2949 [ 5 ] CVE-2011-3323 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3323 [ 6 ] CVE-2011-3324 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3324 [ 7 ] CVE-2011-3325 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3325 [ 8 ] CVE-2011-3326 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3326 [ 9 ] CVE-2011-3327 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3327
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201202-02.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-1261-1 November 14, 2011
quagga vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
Summary:
Quagga could be made to crash or run programs if it received specially crafted network traffic. (CVE-2011-3323)
Riku Hietamäki, Tuomo Untinen and Jukka Taimisto discovered that Quagga incorrectly handled certain IPv6 Database Description messages. (CVE-2011-3324)
Riku Hietamäki, Tuomo Untinen and Jukka Taimisto discovered that Quagga incorrectly handled certain IPv4 packets. (CVE-2011-3325)
Riku Hietamäki, Tuomo Untinen and Jukka Taimisto discovered that Quagga incorrectly handled invalid Link State Advertisement (LSA) types. (CVE-2011-3327)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 11.10: quagga 0.99.18-2ubuntu0.1
Ubuntu 11.04: quagga 0.99.17-4ubuntu1.1
Ubuntu 10.10: quagga 0.99.17-1ubuntu0.2
Ubuntu 10.04 LTS: quagga 0.99.15-1ubuntu0.3
In general, a standard system update will make all the necessary changes. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: SUSE update for quagga
SECUNIA ADVISORY ID: SA46214
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46214/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46214
RELEASE DATE: 2011-09-29
DISCUSS ADVISORY: http://secunia.com/advisories/46214/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46214/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46214
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: SUSE has issued an update for quagga.
ORIGINAL ADVISORY: SUSE-SU-2011:1075-1: http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00027.html
openSUSE-SU-2011:1155-1: http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00007.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
.
CVE-2011-3324 The ospf6d process can crash while processing a Database Description packet with a crafted Link-State-Advertisement.
CVE-2011-3325 The ospfd process can crash while processing a crafted Hello packet.
CVE-2011-3326 The ospfd process crashes while processing Link-State-Advertisements of a type not known to Quagga.
The OSPF-related vulnerabilities require that potential attackers send packets to a vulnerable Quagga router; the packets are not distributed over OSPF.
For the oldstable distribution (lenny), these problems have been fixed in version 0.99.10-1lenny6.
For the stable distribution (squeeze), these problems have been fixed in version 0.99.17-2+squeeze3.
For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 0.99.19-1. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: quagga security update Advisory ID: RHSA-2012:1259-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1259.html Issue date: 2012-09-12 CVE Names: CVE-2011-3323 CVE-2011-3324 CVE-2011-3325 CVE-2011-3326 CVE-2011-3327 CVE-2012-0249 CVE-2012-0250 CVE-2012-0255 CVE-2012-1820 =====================================================================
- Summary:
Updated quagga packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
- Description:
Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP (Border Gateway Protocol) routing protocol. The Quagga ospfd and ospf6d daemons implement the OSPF (Open Shortest Path First) routing protocol.
A heap-based buffer overflow flaw was found in the way the bgpd daemon processed malformed Extended Communities path attributes. An attacker could send a specially-crafted BGP message, causing bgpd on a target system to crash or, possibly, execute arbitrary code with the privileges of the user running bgpd. The UPDATE message would have to arrive from an explicitly configured BGP peer, but could have originated elsewhere in the BGP network. (CVE-2011-3327)
A stack-based buffer overflow flaw was found in the way the ospf6d daemon processed malformed Link State Update packets. An OSPF router could use this flaw to crash ospf6d on an adjacent router. (CVE-2011-3323)
A flaw was found in the way the ospf6d daemon processed malformed link state advertisements. An OSPF neighbor could use this flaw to crash ospf6d on a target system. (CVE-2011-3324)
A flaw was found in the way the ospfd daemon processed malformed Hello packets. An OSPF neighbor could use this flaw to crash ospfd on a target system. (CVE-2011-3325)
A flaw was found in the way the ospfd daemon processed malformed link state advertisements. An OSPF router in the autonomous system could use this flaw to crash ospfd on a target system. (CVE-2011-3326)
An assertion failure was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to cause ospfd on an adjacent router to abort. (CVE-2012-0249)
A buffer overflow flaw was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to crash ospfd on an adjacent router. (CVE-2012-0250)
Two flaws were found in the way the bgpd daemon processed certain BGP OPEN messages. A configured BGP peer could cause bgpd on a target system to abort via a specially-crafted BGP OPEN message. (CVE-2012-0255, CVE-2012-1820)
Red Hat would like to thank CERT-FI for reporting CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326; and the CERT/CC for reporting CVE-2012-0249, CVE-2012-0250, CVE-2012-0255, and CVE-2012-1820. CERT-FI acknowledges Riku Hietamäki, Tuomo Untinen and Jukka Taimisto of the Codenomicon CROSS project as the original reporters of CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326. The CERT/CC acknowledges Martin Winter at OpenSourceRouting.org as the original reporter of CVE-2012-0249, CVE-2012-0250, and CVE-2012-0255, and Denis Ovsienko as the original reporter of CVE-2012-1820.
Users of quagga should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the bgpd, ospfd, and ospf6d daemons will be restarted automatically.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258
- Package List:
Red Hat Enterprise Linux Server (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm
i386: quagga-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm
ppc64: quagga-0.99.15-7.el6_3.2.ppc64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.ppc64.rpm
s390x: quagga-0.99.15-7.el6_3.2.s390x.rpm quagga-debuginfo-0.99.15-7.el6_3.2.s390x.rpm
x86_64: quagga-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm
i386: quagga-contrib-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm
ppc64: quagga-contrib-0.99.15-7.el6_3.2.ppc64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.ppc.rpm quagga-debuginfo-0.99.15-7.el6_3.2.ppc64.rpm quagga-devel-0.99.15-7.el6_3.2.ppc.rpm quagga-devel-0.99.15-7.el6_3.2.ppc64.rpm
s390x: quagga-contrib-0.99.15-7.el6_3.2.s390x.rpm quagga-debuginfo-0.99.15-7.el6_3.2.s390.rpm quagga-debuginfo-0.99.15-7.el6_3.2.s390x.rpm quagga-devel-0.99.15-7.el6_3.2.s390.rpm quagga-devel-0.99.15-7.el6_3.2.s390x.rpm
x86_64: quagga-contrib-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm
i386: quagga-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm
x86_64: quagga-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm
i386: quagga-contrib-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm
x86_64: quagga-contrib-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2011-3323.html https://www.redhat.com/security/data/cve/CVE-2011-3324.html https://www.redhat.com/security/data/cve/CVE-2011-3325.html https://www.redhat.com/security/data/cve/CVE-2011-3326.html https://www.redhat.com/security/data/cve/CVE-2011-3327.html https://www.redhat.com/security/data/cve/CVE-2012-0249.html https://www.redhat.com/security/data/cve/CVE-2012-0250.html https://www.redhat.com/security/data/cve/CVE-2012-0255.html https://www.redhat.com/security/data/cve/CVE-2012-1820.html https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFQUOxMXlSAg2UNWIIRAspnAKDCd5umtQIWFZYD8vyRPpCkAlgiwwCglw+g P4VSjxs4xRnVCtT/IOkBkKQ= =VtuC -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201110-0451",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.15"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.11"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.16"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.13"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.14"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.9"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.10"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.17"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.12"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.6"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.8"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.7"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.0"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.6"
},
{
"model": "quagga",
"scope": "lte",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.18"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.0"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.95"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.2"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian gnu linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "quagga",
"scope": "lt",
"trust": 0.8,
"vendor": "quagga",
"version": "0.99.19"
},
{
"model": "seil/b1",
"scope": "lt",
"trust": 0.8,
"vendor": "internet initiative",
"version": "1.00 from 3.41"
},
{
"model": "seil/neu 2fe plus",
"scope": "lt",
"trust": 0.8,
"vendor": "internet initiative",
"version": "1.00 from 2.13"
},
{
"model": "seil/turbo",
"scope": "lt",
"trust": 0.8,
"vendor": "internet initiative",
"version": "1.00 from 2.13"
},
{
"model": "seil/x1",
"scope": "lt",
"trust": 0.8,
"vendor": "internet initiative",
"version": "1.00 from 3.41"
},
{
"model": "seil/x2",
"scope": "lt",
"trust": 0.8,
"vendor": "internet initiative",
"version": "1.00 from 3.41"
},
{
"model": "seil/x86",
"scope": "lt",
"trust": 0.8,
"vendor": "internet initiative",
"version": "1.70 from 1.91"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.6,
"vendor": "quagga",
"version": "0.99.18"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.10"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.10"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux enterprise server for vmware sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise sdk sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise sdk sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise sdk sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11.4"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11.3"
},
{
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "hat enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "hat enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.17"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.16"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.15"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.11"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.9"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.8"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.7"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.6"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.5"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.4"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.3"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.2"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.1"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.6"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.5"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.3"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.97.3"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.4"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.3"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.2"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "routing software suite",
"scope": "ne",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.19"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#668534"
},
{
"db": "BID",
"id": "49784"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002369"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-584"
},
{
"db": "NVD",
"id": "CVE-2011-3324"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.95:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "0.99.18",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3324"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Riku Hietam\u0026amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;auml;ki, Tuomo Untinen and Jukka Taimisto of the Codenomicon CROSS project",
"sources": [
{
"db": "BID",
"id": "49784"
}
],
"trust": 0.3
},
"cve": "CVE-2011-3324",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2011-3324",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-3324",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#668534",
"trust": 0.8,
"value": "15.69"
},
{
"author": "CNNVD",
"id": "CNNVD-201109-584",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#668534"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002369"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-584"
},
{
"db": "NVD",
"id": "CVE-2011-3324"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The ospf6_lsa_is_changed function in ospf6_lsa.c in the OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via trailing zero values in the Link State Advertisement (LSA) header list of an IPv6 Database Description message. Quagga contains five remote component vulnerabilities due to issues when handling BGP, OSPF, and OSPFv3 packets. A buffer overflow vulnerability\n2. Multiple denial-of-service vulnerabilities\nExploiting these issues allows remote attackers to cause the daemon to crash (denying further service to legitimate users) or allows attackers to execute arbitrary code within the context of the affected application. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Quagga users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/quagga-0.99.20 \"\n\nReferences\n==========\n\n[ 1 ] CVE-2010-1674\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1674\n[ 2 ] CVE-2010-1675\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1675\n[ 3 ] CVE-2010-2948\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2948\n[ 4 ] CVE-2010-2949\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2949\n[ 5 ] CVE-2011-3323\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3323\n[ 6 ] CVE-2011-3324\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3324\n[ 7 ] CVE-2011-3325\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3325\n[ 8 ] CVE-2011-3326\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3326\n[ 9 ] CVE-2011-3327\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3327\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201202-02.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ==========================================================================\nUbuntu Security Notice USN-1261-1\nNovember 14, 2011\n\nquagga vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 11.10\n- Ubuntu 11.04\n- Ubuntu 10.10\n- Ubuntu 10.04 LTS\n\nSummary:\n\nQuagga could be made to crash or run programs if it received specially\ncrafted network traffic. (CVE-2011-3323)\n\nRiku Hietam\u00e4ki, Tuomo Untinen and Jukka Taimisto discovered that Quagga\nincorrectly handled certain IPv6 Database Description messages. (CVE-2011-3324)\n\nRiku Hietam\u00e4ki, Tuomo Untinen and Jukka Taimisto discovered that Quagga\nincorrectly handled certain IPv4 packets. \n(CVE-2011-3325)\n\nRiku Hietam\u00e4ki, Tuomo Untinen and Jukka Taimisto discovered that Quagga\nincorrectly handled invalid Link State Advertisement (LSA) types. (CVE-2011-3327)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 11.10:\n quagga 0.99.18-2ubuntu0.1\n\nUbuntu 11.04:\n quagga 0.99.17-4ubuntu1.1\n\nUbuntu 10.10:\n quagga 0.99.17-1ubuntu0.2\n\nUbuntu 10.04 LTS:\n quagga 0.99.15-1ubuntu0.3\n\nIn general, a standard system update will make all the necessary changes. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nSUSE update for quagga\n\nSECUNIA ADVISORY ID:\nSA46214\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46214/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46214\n\nRELEASE DATE:\n2011-09-29\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46214/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46214/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46214\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nSUSE has issued an update for quagga. \n\nORIGINAL ADVISORY:\nSUSE-SU-2011:1075-1:\nhttp://lists.opensuse.org/opensuse-security-announce/2011-09/msg00027.html\n\nopenSUSE-SU-2011:1155-1:\nhttp://lists.opensuse.org/opensuse-security-announce/2011-10/msg00007.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\nCVE-2011-3324\n\tThe ospf6d process can crash while processing a Database\n\tDescription packet with a crafted Link-State-Advertisement. \n\nCVE-2011-3325\n\tThe ospfd process can crash while processing a crafted Hello\n\tpacket. \n\nCVE-2011-3326\n\tThe ospfd process crashes while processing\n\tLink-State-Advertisements of a type not known to Quagga. \n\nThe OSPF-related vulnerabilities require that potential attackers send\npackets to a vulnerable Quagga router; the packets are not distributed\nover OSPF. \n\nFor the oldstable distribution (lenny), these problems have been fixed\nin version 0.99.10-1lenny6. \n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 0.99.17-2+squeeze3. \n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 0.99.19-1. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: quagga security update\nAdvisory ID: RHSA-2012:1259-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2012-1259.html\nIssue date: 2012-09-12\nCVE Names: CVE-2011-3323 CVE-2011-3324 CVE-2011-3325 \n CVE-2011-3326 CVE-2011-3327 CVE-2012-0249 \n CVE-2012-0250 CVE-2012-0255 CVE-2012-1820 \n=====================================================================\n\n1. Summary:\n\nUpdated quagga packages that fix multiple security issues are now available\nfor Red Hat Enterprise Linux 6. \n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. Description:\n\nQuagga is a TCP/IP based routing software suite. The Quagga bgpd daemon\nimplements the BGP (Border Gateway Protocol) routing protocol. The Quagga\nospfd and ospf6d daemons implement the OSPF (Open Shortest Path First)\nrouting protocol. \n\nA heap-based buffer overflow flaw was found in the way the bgpd daemon\nprocessed malformed Extended Communities path attributes. An attacker could\nsend a specially-crafted BGP message, causing bgpd on a target system to\ncrash or, possibly, execute arbitrary code with the privileges of the user\nrunning bgpd. The UPDATE message would have to arrive from an explicitly\nconfigured BGP peer, but could have originated elsewhere in the BGP\nnetwork. (CVE-2011-3327)\n\nA stack-based buffer overflow flaw was found in the way the ospf6d daemon\nprocessed malformed Link State Update packets. An OSPF router could use\nthis flaw to crash ospf6d on an adjacent router. (CVE-2011-3323)\n\nA flaw was found in the way the ospf6d daemon processed malformed link\nstate advertisements. An OSPF neighbor could use this flaw to crash\nospf6d on a target system. (CVE-2011-3324)\n\nA flaw was found in the way the ospfd daemon processed malformed Hello\npackets. An OSPF neighbor could use this flaw to crash ospfd on a\ntarget system. (CVE-2011-3325)\n\nA flaw was found in the way the ospfd daemon processed malformed link state\nadvertisements. An OSPF router in the autonomous system could use this flaw\nto crash ospfd on a target system. (CVE-2011-3326)\n\nAn assertion failure was found in the way the ospfd daemon processed\ncertain Link State Update packets. An OSPF router could use this flaw to\ncause ospfd on an adjacent router to abort. (CVE-2012-0249)\n\nA buffer overflow flaw was found in the way the ospfd daemon processed\ncertain Link State Update packets. An OSPF router could use this flaw to\ncrash ospfd on an adjacent router. (CVE-2012-0250)\n\nTwo flaws were found in the way the bgpd daemon processed certain BGP OPEN\nmessages. A configured BGP peer could cause bgpd on a target system to\nabort via a specially-crafted BGP OPEN message. (CVE-2012-0255,\nCVE-2012-1820)\n\nRed Hat would like to thank CERT-FI for reporting CVE-2011-3327,\nCVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326; and the\nCERT/CC for reporting CVE-2012-0249, CVE-2012-0250, CVE-2012-0255, and\nCVE-2012-1820. CERT-FI acknowledges Riku Hietam\u00e4ki, Tuomo Untinen and Jukka\nTaimisto of the Codenomicon CROSS project as the original reporters of\nCVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and\nCVE-2011-3326. The CERT/CC acknowledges Martin Winter at\nOpenSourceRouting.org as the original reporter of CVE-2012-0249,\nCVE-2012-0250, and CVE-2012-0255, and Denis Ovsienko as the original\nreporter of CVE-2012-1820. \n\nUsers of quagga should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, the bgpd, ospfd, and ospf6d daemons will be restarted\nautomatically. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm\n\ni386:\nquagga-0.99.15-7.el6_3.2.i686.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm\n\nppc64:\nquagga-0.99.15-7.el6_3.2.ppc64.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.ppc64.rpm\n\ns390x:\nquagga-0.99.15-7.el6_3.2.s390x.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.s390x.rpm\n\nx86_64:\nquagga-0.99.15-7.el6_3.2.x86_64.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm\n\ni386:\nquagga-contrib-0.99.15-7.el6_3.2.i686.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm\nquagga-devel-0.99.15-7.el6_3.2.i686.rpm\n\nppc64:\nquagga-contrib-0.99.15-7.el6_3.2.ppc64.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.ppc.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.ppc64.rpm\nquagga-devel-0.99.15-7.el6_3.2.ppc.rpm\nquagga-devel-0.99.15-7.el6_3.2.ppc64.rpm\n\ns390x:\nquagga-contrib-0.99.15-7.el6_3.2.s390x.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.s390.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.s390x.rpm\nquagga-devel-0.99.15-7.el6_3.2.s390.rpm\nquagga-devel-0.99.15-7.el6_3.2.s390x.rpm\n\nx86_64:\nquagga-contrib-0.99.15-7.el6_3.2.x86_64.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm\nquagga-devel-0.99.15-7.el6_3.2.i686.rpm\nquagga-devel-0.99.15-7.el6_3.2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm\n\ni386:\nquagga-0.99.15-7.el6_3.2.i686.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm\n\nx86_64:\nquagga-0.99.15-7.el6_3.2.x86_64.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm\n\ni386:\nquagga-contrib-0.99.15-7.el6_3.2.i686.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm\nquagga-devel-0.99.15-7.el6_3.2.i686.rpm\n\nx86_64:\nquagga-contrib-0.99.15-7.el6_3.2.x86_64.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm\nquagga-devel-0.99.15-7.el6_3.2.i686.rpm\nquagga-devel-0.99.15-7.el6_3.2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-3323.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3324.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3325.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3326.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3327.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0249.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0250.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0255.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-1820.html\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2012 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFQUOxMXlSAg2UNWIIRAspnAKDCd5umtQIWFZYD8vyRPpCkAlgiwwCglw+g\nP4VSjxs4xRnVCtT/IOkBkKQ=\n=VtuC\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3324"
},
{
"db": "CERT/CC",
"id": "VU#668534"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002369"
},
{
"db": "BID",
"id": "49784"
},
{
"db": "PACKETSTORM",
"id": "110033"
},
{
"db": "PACKETSTORM",
"id": "107001"
},
{
"db": "PACKETSTORM",
"id": "106488"
},
{
"db": "PACKETSTORM",
"id": "105571"
},
{
"db": "PACKETSTORM",
"id": "116468"
},
{
"db": "PACKETSTORM",
"id": "116469"
}
],
"trust": 3.15
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#668534",
"trust": 3.5
},
{
"db": "NVD",
"id": "CVE-2011-3324",
"trust": 3.2
},
{
"db": "SECUNIA",
"id": "46139",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "48106",
"trust": 1.0
},
{
"db": "SECUNIA",
"id": "46274",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002369",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "46214",
"trust": 0.7
},
{
"db": "SECUNIA",
"id": "46244",
"trust": 0.6
},
{
"db": "DEBIAN",
"id": "DSA-2316",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201109-584",
"trust": 0.6
},
{
"db": "BID",
"id": "49784",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "110033",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "107001",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "106488",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "105571",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "116468",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "116469",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#668534"
},
{
"db": "BID",
"id": "49784"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002369"
},
{
"db": "PACKETSTORM",
"id": "110033"
},
{
"db": "PACKETSTORM",
"id": "107001"
},
{
"db": "PACKETSTORM",
"id": "106488"
},
{
"db": "PACKETSTORM",
"id": "105571"
},
{
"db": "PACKETSTORM",
"id": "116468"
},
{
"db": "PACKETSTORM",
"id": "116469"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-584"
},
{
"db": "NVD",
"id": "CVE-2011-3324"
}
]
},
"id": "VAR-201110-0451",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.25897437
},
"last_update_date": "2024-07-23T20:14:55.799000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.quagga.net"
},
{
"title": "ospf6d: CVE-2011-3324",
"trust": 0.8,
"url": "http://code.quagga.net/?p=quagga.git;a=commit;h=09395e2a0e93b2cf4258cb1de91887948796bb68"
},
{
"title": "quagga-0.99.19.changelog",
"trust": 0.8,
"url": "http://www.quagga.net/download/quagga-0.99.19.changelog.txt"
},
{
"title": "RHSA-2012:1259",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2012-1259.html"
},
{
"title": "Multiple Denial of Service vulnerabilities in Quagga",
"trust": 0.8,
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_denial_of_service_vulnerabilities5"
},
{
"title": "\u507d\u88c5\u3055\u308c\u305fOSPF\uff08v2,v3\uff09\u30d1\u30b1\u30c3\u30c8\u306b\u5bfe\u3059\u308b\u53d7\u4fe1\u51e6\u7406\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "http://www.seil.jp/support/security/a01141.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002369"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002369"
},
{
"db": "NVD",
"id": "CVE-2011-3324"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://www.cert.fi/en/reports/2011/vulnerability539178.html"
},
{
"trust": 2.7,
"url": "http://www.kb.cert.org/vuls/id/668534"
},
{
"trust": 1.6,
"url": "http://www.quagga.net/download/quagga-0.99.19.changelog.txt"
},
{
"trust": 1.6,
"url": "http://www.debian.org/security/2011/dsa-2316"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/46139"
},
{
"trust": 1.4,
"url": "http://rhn.redhat.com/errata/rhsa-2012-1258.html"
},
{
"trust": 1.4,
"url": "http://rhn.redhat.com/errata/rhsa-2012-1259.html"
},
{
"trust": 1.1,
"url": "http://security.gentoo.org/glsa/glsa-201202-02.xml"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00027.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00007.html"
},
{
"trust": 1.0,
"url": "http://code.quagga.net/?p=quagga.git%3ba=commit%3bh=09395e2a0e93b2cf4258cb1de91887948796bb68"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00010.html"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/46274"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/48106"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2011-3327"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3324"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu668534"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3324"
},
{
"trust": 0.6,
"url": "http://code.quagga.net/?p=quagga.git;a=commit;h=09395e2a0e93b2cf4258cb1de91887948796bb68"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/46214"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/46244"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3323"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3326"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3325"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3324"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3327"
},
{
"trust": 0.3,
"url": "http://www.quagga.net/news2.php?y=2011\u0026m=9\u0026d=26#id1285509600"
},
{
"trust": 0.3,
"url": "http://www.quagga.net/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1674"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3323.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0250"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3325.html"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3324.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0249"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0249.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0250.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/knowledge/articles/11258"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3326.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3327.html"
},
{
"trust": 0.2,
"url": "http://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1674"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2949"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3325"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3324"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1675"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2948"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3326"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3327"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3323"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2948"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2949"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1675"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/quagga/0.99.17-4ubuntu1.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/quagga/0.99.15-1ubuntu0.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/quagga/0.99.18-2ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/quagga/0.99.17-1ubuntu0.2"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-1261-1"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46214/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46214"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/vim/ovum_2011_request/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46214/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2010-1674.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0255.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0255"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-1820.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1820"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#668534"
},
{
"db": "BID",
"id": "49784"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002369"
},
{
"db": "PACKETSTORM",
"id": "110033"
},
{
"db": "PACKETSTORM",
"id": "107001"
},
{
"db": "PACKETSTORM",
"id": "106488"
},
{
"db": "PACKETSTORM",
"id": "105571"
},
{
"db": "PACKETSTORM",
"id": "116468"
},
{
"db": "PACKETSTORM",
"id": "116469"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-584"
},
{
"db": "NVD",
"id": "CVE-2011-3324"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#668534"
},
{
"db": "BID",
"id": "49784"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002369"
},
{
"db": "PACKETSTORM",
"id": "110033"
},
{
"db": "PACKETSTORM",
"id": "107001"
},
{
"db": "PACKETSTORM",
"id": "106488"
},
{
"db": "PACKETSTORM",
"id": "105571"
},
{
"db": "PACKETSTORM",
"id": "116468"
},
{
"db": "PACKETSTORM",
"id": "116469"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-584"
},
{
"db": "NVD",
"id": "CVE-2011-3324"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-09-26T00:00:00",
"db": "CERT/CC",
"id": "VU#668534"
},
{
"date": "2011-09-26T00:00:00",
"db": "BID",
"id": "49784"
},
{
"date": "2011-10-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002369"
},
{
"date": "2012-02-22T02:10:03",
"db": "PACKETSTORM",
"id": "110033"
},
{
"date": "2011-11-15T15:35:22",
"db": "PACKETSTORM",
"id": "107001"
},
{
"date": "2011-11-01T04:06:08",
"db": "PACKETSTORM",
"id": "106488"
},
{
"date": "2011-10-05T23:00:08",
"db": "PACKETSTORM",
"id": "105571"
},
{
"date": "2012-09-12T23:06:05",
"db": "PACKETSTORM",
"id": "116468"
},
{
"date": "2012-09-12T23:06:22",
"db": "PACKETSTORM",
"id": "116469"
},
{
"date": "2011-09-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-584"
},
{
"date": "2011-10-10T10:55:06.410000",
"db": "NVD",
"id": "CVE-2011-3324"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-10-06T00:00:00",
"db": "CERT/CC",
"id": "VU#668534"
},
{
"date": "2015-04-13T21:15:00",
"db": "BID",
"id": "49784"
},
{
"date": "2012-11-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002369"
},
{
"date": "2011-09-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-584"
},
{
"date": "2023-11-07T02:08:29.020000",
"db": "NVD",
"id": "CVE-2011-3324"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "110033"
},
{
"db": "PACKETSTORM",
"id": "107001"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-584"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple Quagga remote component vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#668534"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201109-584"
}
],
"trust": 0.6
}
}
var-201009-0229
Vulnerability from variot
Stack-based buffer overflow in the bgp_route_refresh_receive function in bgp_packet.c in bgpd in Quagga before 0.99.17 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a malformed Outbound Route Filtering (ORF) record in a BGP ROUTE-REFRESH (RR) message. Quagga is a routing software suite that implements multiple routing protocols on Unix platforms. Quagga's bgpd daemon has a stack overflow vulnerability when parsing Route-Refresh messages. Quagga is prone to a stack-based buffer-overflow vulnerability. Successful exploits will allow attackers to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition. Versions prior to Quagga 0.99.17 are vulnerable. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201202-02
http://security.gentoo.org/
Severity: High Title: Quagga: Multiple vulnerabilities Date: February 21, 2012 Bugs: #334303, #359903, #384651 ID: 201202-02
Synopsis
Multiple vulnerabilities were found in Quagga, the worst of which leading to remote execution of arbitrary code.
Background
Quagga is a free routing daemon replacing Zebra supporting RIP, OSPF and BGP.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/quagga < 0.99.20 >= 0.99.20
Description
Multiple vulnerabilities have been discovered in Quagga. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All Quagga users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/quagga-0.99.20 "
References
[ 1 ] CVE-2010-1674 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1674 [ 2 ] CVE-2010-1675 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1675 [ 3 ] CVE-2010-2948 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2948 [ 4 ] CVE-2010-2949 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2949 [ 5 ] CVE-2011-3323 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3323 [ 6 ] CVE-2011-3324 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3324 [ 7 ] CVE-2011-3325 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3325 [ 8 ] CVE-2011-3326 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3326 [ 9 ] CVE-2011-3327 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3327
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201202-02.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Debian Security Advisory DSA-2104-1 security@debian.org http://www.debian.org/security/ Florian Weimer September 06, 2010 http://www.debian.org/security/faq
Package : quagga Vulnerability : several Problem type : remote Debian-specific: no CVE Id(s) : CVE-2010-2948 CVE-2010-2949 Debian Bug : 594262
Several remote vulnerabilities have been discovered in the BGP implementation of Quagga, a routing daemon.
The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2010-2948 When processing a crafted Route Refresh message received from a configured, authenticated BGP neighbor, Quagga may crash, leading to a denial of service.
CVE-2010-2949 When processing certain crafted AS paths, Quagga would crash with a NULL pointer dereference, leading to a denial of service. In some configurations, such crafted AS paths could be relayed by intermediate BGP routers.
In addition, this update contains a reliability fix: Quagga will no longer advertise confederation-related AS paths to non-confederation peers, and reject unexpected confederation-related AS paths by resetting the session with the BGP peer which is advertising them. (Previously, such AS paths would trigger resets of unrelated BGP sessions.)
For the stable distribution (lenny), these problems have been fixed in version 0.99.10-1lenny3.
For the unstable distribution (sid) and the testing distribution (squeeze), these problems have been fixed in version 0.99.17-1.
We recommend that you upgrade your quagga package.
Upgrade instructions
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given below:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
Source archives:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10.orig.tar.gz Size/MD5 checksum: 2424191 c7a2d92e1c42214afef9b2e1cd4b5d06 http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3.diff.gz Size/MD5 checksum: 42826 100dbb936b3b0f0d4fb4947bf384d369 http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3.dsc Size/MD5 checksum: 1651 f5b9c26538e9d32008ad0256fe4ad0ed
Architecture independent packages:
http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.99.10-1lenny3_all.deb Size/MD5 checksum: 661354 f843c6f765a48f7e071a52d3c7834d2f
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_alpha.deb Size/MD5 checksum: 1902990 0f85c30d5f719f9c104f5a8977a5d1a0
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_amd64.deb Size/MD5 checksum: 1749952 89a53689c4daf3f0695ea2c21aa93254
arm architecture (ARM)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_arm.deb Size/MD5 checksum: 1449792 3c53e06e4d27ef8cf391533824668b19
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_armel.deb Size/MD5 checksum: 1457202 e52ae364e20ff137c5e0e5f75bfc1ec1
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_hppa.deb Size/MD5 checksum: 1683924 c8172ed22b010569949977f407c282b6
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_i386.deb Size/MD5 checksum: 1608678 e7b5fbd36e4466cdecaca46f1f96642b
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_ia64.deb Size/MD5 checksum: 2256144 75ebe4e12a3e22ef79e5e3dab2d457bf
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_mips.deb Size/MD5 checksum: 1605990 f33ef3d9b31f0da900aba6a20bdd188d
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_mipsel.deb Size/MD5 checksum: 1601240 68ff751ff9c022cc06db8d0d66895a6e
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_powerpc.deb Size/MD5 checksum: 1717802 931505a31bdcc1a7732a9a2e9f295a01
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_s390.deb Size/MD5 checksum: 1794990 7d52667f3f37553256e87b77450dc309
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_sparc.deb Size/MD5 checksum: 1671232 3706818c39b51bb45c58a0cf8fdba202
These files will probably be moved into the stable distribution on its next update.
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show
iQEcBAEBAgAGBQJMhUEPAAoJEL97/wQC1SS+dwMH/2tsjv3eQBHu3jvm+jMB7Dr1 6uRIi/1/DgaaRmVSD41quWSYoww374pkwZ5xjUVZqOQY1N6Y34avnwjN7FsSg8no H0Os4uioep8/IKzhse0EyeDZcmm2j8E41j3UZ+aANqWOssGa0MNddj846K3NDw2j dRuKUUy4JK8iRSwBLUaXqydAPI2ZjdXVH0Yy/3l51f2Aerm7N565f1ifUh38C6Y0 IR5BdiA1C6jzV+826VrZaj10cKAPg/Qm31mrNiZMBcVpi2sBJ+zQ8P/G3j7CpEdr sITi5UiULGAp+3cGvtPzZDtBxfkLLpVIpNgRPiSHhA+PTjG60HHvPK43OZkPdSY= =HP/T -----END PGP SIGNATURE----- .
Updated packages are available that bring Quagga to version 0.99.17 which provides numerous bugfixes over the previous 0.99.12 version, and also corrects these issues.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2948 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2949
Updated Packages:
Corporate 4.0: 982061c8bac57d5878a2dbd9747234f4 corporate/4.0/i586/libquagga0-0.99.17-0.1.20060mlcs4.i586.rpm 53b1e909e046539dcfd55f9b1f62e7ea corporate/4.0/i586/libquagga0-devel-0.99.17-0.1.20060mlcs4.i586.rpm 796ef3f10f793f6546ce6a0525082fa5 corporate/4.0/i586/quagga-0.99.17-0.1.20060mlcs4.i586.rpm 423c4032225687b252ddb3887db1f226 corporate/4.0/i586/quagga-contrib-0.99.17-0.1.20060mlcs4.i586.rpm 9f63365fc185a7bdf930a80cb6615c7d corporate/4.0/SRPMS/quagga-0.99.17-0.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64: 9b36814efd0751aa81e38baec0d2bae6 corporate/4.0/x86_64/lib64quagga0-0.99.17-0.1.20060mlcs4.x86_64.rpm 64ab6ba845a97236ffd2898e0aef892d corporate/4.0/x86_64/lib64quagga0-devel-0.99.17-0.1.20060mlcs4.x86_64.rpm 7d259ae75e30e1d172e340cc232d1ff2 corporate/4.0/x86_64/quagga-0.99.17-0.1.20060mlcs4.x86_64.rpm 2f3390db2bae0e0d505ec759e0a15232 corporate/4.0/x86_64/quagga-contrib-0.99.17-0.1.20060mlcs4.x86_64.rpm 9f63365fc185a7bdf930a80cb6615c7d corporate/4.0/SRPMS/quagga-0.99.17-0.1.20060mlcs4.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFMi592mqjQ0CJFipgRAoHFAJ0XDJVqB+SJmOHZ0hrPlMgjTMYeNgCgwxRw AMo+uyGwHeG+uyLmOzKKMOs= =ahfH -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . =========================================================== Ubuntu Security Notice USN-1027-1 December 07, 2010 quagga vulnerabilities CVE-2010-2948, CVE-2010-2949 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 9.10 Ubuntu 10.04 LTS
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 6.06 LTS: quagga 0.99.2-1ubuntu3.7
Ubuntu 8.04 LTS: quagga 0.99.9-2ubuntu1.4
Ubuntu 9.10: quagga 0.99.13-1ubuntu0.1
Ubuntu 10.04 LTS: quagga 0.99.15-1ubuntu0.1
In general, a standard system update will make all the necessary changes.
Details follow:
It was discovered that Quagga incorrectly handled certain Outbound Route Filtering (ORF) records. The default compiler options for Ubuntu 8.04 LTS and later should reduce the vulnerability to a denial of service. (CVE-2010-2948)
It was discovered that Quagga incorrectly parsed certain AS paths
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201009-0229",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.96.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.97.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.8"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.97.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.7"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.96.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.96.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.97.0"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.96.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.9"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.5"
},
{
"model": "quagga",
"scope": "lte",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.16"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.12"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.10"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.13"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.14"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.0"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.11"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.15"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.6"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.6"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.95"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.2"
},
{
"model": "quagga",
"scope": "lt",
"trust": 0.8,
"vendor": "quagga",
"version": "0.99.17"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3 (x86)"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3 (x86-64)"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "4.0"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "4.0 (x86-64)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (ws)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.8 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.8 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (server)"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5.0 (client)"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "rhel desktop workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (client)"
},
{
"model": "routing software suite",
"scope": "lt",
"trust": 0.6,
"vendor": "quagga",
"version": "0.99.17"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux enterprise server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11.3"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.2"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.1"
},
{
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "enterprise linux desktop version",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "hat enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "hat enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "hat enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "hat enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"model": "hat enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "4"
},
{
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.16"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.15"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5"
},
{
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "routing software suite",
"scope": "ne",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.17"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1780"
},
{
"db": "BID",
"id": "42635"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002298"
},
{
"db": "CNNVD",
"id": "CNNVD-201009-093"
},
{
"db": "NVD",
"id": "CVE-2010-2948"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.95:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "0.99.16",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2010-2948"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Chris Hall",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201009-093"
}
],
"trust": 0.6
},
"cve": "CVE-2010-2948",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2010-2948",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2010-2948",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201009-093",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-002298"
},
{
"db": "CNNVD",
"id": "CNNVD-201009-093"
},
{
"db": "NVD",
"id": "CVE-2010-2948"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in the bgp_route_refresh_receive function in bgp_packet.c in bgpd in Quagga before 0.99.17 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a malformed Outbound Route Filtering (ORF) record in a BGP ROUTE-REFRESH (RR) message. Quagga is a routing software suite that implements multiple routing protocols on Unix platforms. Quagga\u0027s bgpd daemon has a stack overflow vulnerability when parsing Route-Refresh messages. Quagga is prone to a stack-based buffer-overflow vulnerability. \nSuccessful exploits will allow attackers to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition. \nVersions prior to Quagga 0.99.17 are vulnerable. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201202-02\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Quagga: Multiple vulnerabilities\n Date: February 21, 2012\n Bugs: #334303, #359903, #384651\n ID: 201202-02\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities were found in Quagga, the worst of which\nleading to remote execution of arbitrary code. \n\nBackground\n==========\n\nQuagga is a free routing daemon replacing Zebra supporting RIP, OSPF\nand BGP. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/quagga \u003c 0.99.20 \u003e= 0.99.20\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Quagga. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Quagga users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/quagga-0.99.20 \"\n\nReferences\n==========\n\n[ 1 ] CVE-2010-1674\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1674\n[ 2 ] CVE-2010-1675\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1675\n[ 3 ] CVE-2010-2948\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2948\n[ 4 ] CVE-2010-2949\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2949\n[ 5 ] CVE-2011-3323\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3323\n[ 6 ] CVE-2011-3324\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3324\n[ 7 ] CVE-2011-3325\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3325\n[ 8 ] CVE-2011-3326\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3326\n[ 9 ] CVE-2011-3327\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3327\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201202-02.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\nDebian Security Advisory DSA-2104-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nSeptember 06, 2010 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : quagga\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2010-2948 CVE-2010-2949\nDebian Bug : 594262\n\nSeveral remote vulnerabilities have been discovered in the BGP\nimplementation of Quagga, a routing daemon. \n\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\nCVE-2010-2948\n\tWhen processing a crafted Route Refresh message received\n\tfrom a configured, authenticated BGP neighbor, Quagga\n\tmay crash, leading to a denial of service. \n\nCVE-2010-2949\n When processing certain crafted AS paths, Quagga would crash\n\twith a NULL pointer dereference, leading to a denial of\n\tservice. In some configurations, such crafted AS paths could\n\tbe relayed by intermediate BGP routers. \n\nIn addition, this update contains a reliability fix: Quagga will no\nlonger advertise confederation-related AS paths to non-confederation\npeers, and reject unexpected confederation-related AS paths by\nresetting the session with the BGP peer which is advertising them. \n(Previously, such AS paths would trigger resets of unrelated BGP\nsessions.)\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 0.99.10-1lenny3. \n\nFor the unstable distribution (sid) and the testing distribution\n(squeeze), these problems have been fixed in version 0.99.17-1. \n\nWe recommend that you upgrade your quagga package. \n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file. \n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration. \n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10.orig.tar.gz\n Size/MD5 checksum: 2424191 c7a2d92e1c42214afef9b2e1cd4b5d06\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3.diff.gz\n Size/MD5 checksum: 42826 100dbb936b3b0f0d4fb4947bf384d369\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3.dsc\n Size/MD5 checksum: 1651 f5b9c26538e9d32008ad0256fe4ad0ed\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.99.10-1lenny3_all.deb\n Size/MD5 checksum: 661354 f843c6f765a48f7e071a52d3c7834d2f\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_alpha.deb\n Size/MD5 checksum: 1902990 0f85c30d5f719f9c104f5a8977a5d1a0\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_amd64.deb\n Size/MD5 checksum: 1749952 89a53689c4daf3f0695ea2c21aa93254\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_arm.deb\n Size/MD5 checksum: 1449792 3c53e06e4d27ef8cf391533824668b19\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_armel.deb\n Size/MD5 checksum: 1457202 e52ae364e20ff137c5e0e5f75bfc1ec1\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_hppa.deb\n Size/MD5 checksum: 1683924 c8172ed22b010569949977f407c282b6\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_i386.deb\n Size/MD5 checksum: 1608678 e7b5fbd36e4466cdecaca46f1f96642b\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_ia64.deb\n Size/MD5 checksum: 2256144 75ebe4e12a3e22ef79e5e3dab2d457bf\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_mips.deb\n Size/MD5 checksum: 1605990 f33ef3d9b31f0da900aba6a20bdd188d\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_mipsel.deb\n Size/MD5 checksum: 1601240 68ff751ff9c022cc06db8d0d66895a6e\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_powerpc.deb\n Size/MD5 checksum: 1717802 931505a31bdcc1a7732a9a2e9f295a01\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_s390.deb\n Size/MD5 checksum: 1794990 7d52667f3f37553256e87b77450dc309\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_sparc.deb\n Size/MD5 checksum: 1671232 3706818c39b51bb45c58a0cf8fdba202\n\n\n These files will probably be moved into the stable distribution on\n its next update. \n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show \u003cpkg\u003e\u0027 and http://packages.debian.org/\u003cpkg\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niQEcBAEBAgAGBQJMhUEPAAoJEL97/wQC1SS+dwMH/2tsjv3eQBHu3jvm+jMB7Dr1\n6uRIi/1/DgaaRmVSD41quWSYoww374pkwZ5xjUVZqOQY1N6Y34avnwjN7FsSg8no\nH0Os4uioep8/IKzhse0EyeDZcmm2j8E41j3UZ+aANqWOssGa0MNddj846K3NDw2j\ndRuKUUy4JK8iRSwBLUaXqydAPI2ZjdXVH0Yy/3l51f2Aerm7N565f1ifUh38C6Y0\nIR5BdiA1C6jzV+826VrZaj10cKAPg/Qm31mrNiZMBcVpi2sBJ+zQ8P/G3j7CpEdr\nsITi5UiULGAp+3cGvtPzZDtBxfkLLpVIpNgRPiSHhA+PTjG60HHvPK43OZkPdSY=\n=HP/T\n-----END PGP SIGNATURE-----\n. \n \n Updated packages are available that bring Quagga to version 0.99.17\n which provides numerous bugfixes over the previous 0.99.12 version,\n and also corrects these issues. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2948\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2949\n _______________________________________________________________________\n\n Updated Packages:\n\n Corporate 4.0:\n 982061c8bac57d5878a2dbd9747234f4 corporate/4.0/i586/libquagga0-0.99.17-0.1.20060mlcs4.i586.rpm\n 53b1e909e046539dcfd55f9b1f62e7ea corporate/4.0/i586/libquagga0-devel-0.99.17-0.1.20060mlcs4.i586.rpm\n 796ef3f10f793f6546ce6a0525082fa5 corporate/4.0/i586/quagga-0.99.17-0.1.20060mlcs4.i586.rpm\n 423c4032225687b252ddb3887db1f226 corporate/4.0/i586/quagga-contrib-0.99.17-0.1.20060mlcs4.i586.rpm \n 9f63365fc185a7bdf930a80cb6615c7d corporate/4.0/SRPMS/quagga-0.99.17-0.1.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n 9b36814efd0751aa81e38baec0d2bae6 corporate/4.0/x86_64/lib64quagga0-0.99.17-0.1.20060mlcs4.x86_64.rpm\n 64ab6ba845a97236ffd2898e0aef892d corporate/4.0/x86_64/lib64quagga0-devel-0.99.17-0.1.20060mlcs4.x86_64.rpm\n 7d259ae75e30e1d172e340cc232d1ff2 corporate/4.0/x86_64/quagga-0.99.17-0.1.20060mlcs4.x86_64.rpm\n 2f3390db2bae0e0d505ec759e0a15232 corporate/4.0/x86_64/quagga-contrib-0.99.17-0.1.20060mlcs4.x86_64.rpm \n 9f63365fc185a7bdf930a80cb6615c7d corporate/4.0/SRPMS/quagga-0.99.17-0.1.20060mlcs4.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFMi592mqjQ0CJFipgRAoHFAJ0XDJVqB+SJmOHZ0hrPlMgjTMYeNgCgwxRw\nAMo+uyGwHeG+uyLmOzKKMOs=\n=ahfH\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. ===========================================================\nUbuntu Security Notice USN-1027-1 December 07, 2010\nquagga vulnerabilities\nCVE-2010-2948, CVE-2010-2949\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 6.06 LTS\nUbuntu 8.04 LTS\nUbuntu 9.10\nUbuntu 10.04 LTS\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 6.06 LTS:\n quagga 0.99.2-1ubuntu3.7\n\nUbuntu 8.04 LTS:\n quagga 0.99.9-2ubuntu1.4\n\nUbuntu 9.10:\n quagga 0.99.13-1ubuntu0.1\n\nUbuntu 10.04 LTS:\n quagga 0.99.15-1ubuntu0.1\n\nIn general, a standard system update will make all the necessary changes. \n\nDetails follow:\n\nIt was discovered that Quagga incorrectly handled certain Outbound Route\nFiltering (ORF) records. \nThe default compiler options for Ubuntu 8.04 LTS and later should reduce\nthe vulnerability to a denial of service. (CVE-2010-2948)\n\nIt was discovered that Quagga incorrectly parsed certain AS paths",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-2948"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002298"
},
{
"db": "CNVD",
"id": "CNVD-2010-1780"
},
{
"db": "BID",
"id": "42635"
},
{
"db": "PACKETSTORM",
"id": "110033"
},
{
"db": "PACKETSTORM",
"id": "93585"
},
{
"db": "PACKETSTORM",
"id": "93746"
},
{
"db": "PACKETSTORM",
"id": "96482"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-2948",
"trust": 3.7
},
{
"db": "SECUNIA",
"id": "41038",
"trust": 3.0
},
{
"db": "BID",
"id": "42635",
"trust": 2.7
},
{
"db": "VUPEN",
"id": "ADV-2010-3097",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2010-2304",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2010-3124",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "48106",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "42397",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "41238",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "42498",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "42446",
"trust": 1.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2010/08/25/4",
"trust": 1.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2010/08/24/3",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002298",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2010-1780",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201009-093",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "110033",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "93585",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "93746",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "96482",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1780"
},
{
"db": "BID",
"id": "42635"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002298"
},
{
"db": "PACKETSTORM",
"id": "110033"
},
{
"db": "PACKETSTORM",
"id": "93585"
},
{
"db": "PACKETSTORM",
"id": "93746"
},
{
"db": "PACKETSTORM",
"id": "96482"
},
{
"db": "CNNVD",
"id": "CNNVD-201009-093"
},
{
"db": "NVD",
"id": "CVE-2010-2948"
}
]
},
"id": "VAR-201009-0229",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1780"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1780"
}
]
},
"last_update_date": "2024-07-23T19:31:01.518000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "quagga-0.98.6-5.2.0.1.AXS3",
"trust": 0.8,
"url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=1286"
},
{
"title": "2145",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=2145"
},
{
"title": "Index of /releases/quagga",
"trust": 0.8,
"url": "http://download.savannah.gnu.org/releases/quagga/"
},
{
"title": "RHSA-2010:0785",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2010-0785.html"
},
{
"title": "RHSA-2010:0945",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2010-0945.html"
},
{
"title": "Multiple Denial of Service vulnerabilities in Quagga",
"trust": 0.8,
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_denial_of_service_vulnerabilities4"
},
{
"title": "Quagga bgpd Route-Refresh message remote stack overflow patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/920"
},
{
"title": "quagga-0.99.17.tar",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=34542"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1780"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002298"
},
{
"db": "CNNVD",
"id": "CNNVD-201009-093"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-002298"
},
{
"db": "NVD",
"id": "CVE-2010-2948"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://secunia.com/advisories/41038"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/42635"
},
{
"trust": 1.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=626783"
},
{
"trust": 1.7,
"url": "http://security.gentoo.org/glsa/glsa-201202-02.xml"
},
{
"trust": 1.6,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0785.html"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/48106"
},
{
"trust": 1.6,
"url": "http://www.openwall.com/lists/oss-security/2010/08/25/4"
},
{
"trust": 1.6,
"url": "http://www.vupen.com/english/advisories/2010/2304"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/42446"
},
{
"trust": 1.6,
"url": "http://www.vupen.com/english/advisories/2010/3097"
},
{
"trust": 1.6,
"url": "http://www.openwall.com/lists/oss-security/2010/08/24/3"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html"
},
{
"trust": 1.6,
"url": "http://code.quagga.net/?p=quagga.git%3ba=commit%3bh=d64379e8f3c0636df53ed08d5b2f1946cfedd0e3"
},
{
"trust": 1.6,
"url": "http://www.quagga.net/news2.php?y=2010\u0026m=8\u0026d=19"
},
{
"trust": 1.6,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2010:174"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html"
},
{
"trust": 1.6,
"url": "http://www.debian.org/security/2010/dsa-2104"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/42397"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/42498"
},
{
"trust": 1.6,
"url": "http://www.vupen.com/english/advisories/2010/3124"
},
{
"trust": 1.6,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0945.html"
},
{
"trust": 1.6,
"url": "http://www.ubuntu.com/usn/usn-1027-1"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/41238"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2948"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2948"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/41038/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0945"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0785"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2010-2948"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2948"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2949"
},
{
"trust": 0.3,
"url": "http://permalink.gmane.org/gmane.comp.security.oss.general/3347"
},
{
"trust": 0.3,
"url": "http://www.quagga.net/news2.php?y=2010\u0026m=8\u0026d=19#id1282241100"
},
{
"trust": 0.3,
"url": "http://www.quagga.net/"
},
{
"trust": 0.3,
"url": "http://www.ruggedcom.com/pdfs/soft_history/rox_v1.15.0.pdf"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1674"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3323"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2949"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3326"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3325"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3325"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3324"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3324"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1675"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3327"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3326"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3327"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3323"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2948"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1675"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1674"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_s390.deb"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.99.10-1lenny3_all.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_mips.deb"
},
{
"trust": 0.1,
"url": "http://packages.debian.org/\u003cpkg\u003e"
},
{
"trust": 0.1,
"url": "http://security.debian.org/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2949"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.4_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.1.diff.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.13.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.13-1ubuntu0.1_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.7.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.7_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.7_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.9-2ubuntu1.4_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.7_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.1.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.15-1ubuntu0.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.1.diff.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.4.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.7.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.2-1ubuntu3.7_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.1_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.1.dsc"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.1_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.7_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.4_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.4.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.15.orig.tar.gz"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1780"
},
{
"db": "BID",
"id": "42635"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002298"
},
{
"db": "PACKETSTORM",
"id": "110033"
},
{
"db": "PACKETSTORM",
"id": "93585"
},
{
"db": "PACKETSTORM",
"id": "93746"
},
{
"db": "PACKETSTORM",
"id": "96482"
},
{
"db": "CNNVD",
"id": "CNNVD-201009-093"
},
{
"db": "NVD",
"id": "CVE-2010-2948"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2010-1780"
},
{
"db": "BID",
"id": "42635"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002298"
},
{
"db": "PACKETSTORM",
"id": "110033"
},
{
"db": "PACKETSTORM",
"id": "93585"
},
{
"db": "PACKETSTORM",
"id": "93746"
},
{
"db": "PACKETSTORM",
"id": "96482"
},
{
"db": "CNNVD",
"id": "CNNVD-201009-093"
},
{
"db": "NVD",
"id": "CVE-2010-2948"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-09-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-1780"
},
{
"date": "2010-08-24T00:00:00",
"db": "BID",
"id": "42635"
},
{
"date": "2010-11-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-002298"
},
{
"date": "2012-02-22T02:10:03",
"db": "PACKETSTORM",
"id": "110033"
},
{
"date": "2010-09-08T03:57:17",
"db": "PACKETSTORM",
"id": "93585"
},
{
"date": "2010-09-11T19:28:36",
"db": "PACKETSTORM",
"id": "93746"
},
{
"date": "2010-12-08T19:17:16",
"db": "PACKETSTORM",
"id": "96482"
},
{
"date": "2010-08-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201009-093"
},
{
"date": "2010-09-10T19:00:02.533000",
"db": "NVD",
"id": "CVE-2010-2948"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-09-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-1780"
},
{
"date": "2015-05-07T17:02:00",
"db": "BID",
"id": "42635"
},
{
"date": "2012-04-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-002298"
},
{
"date": "2023-04-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201009-093"
},
{
"date": "2023-02-13T04:21:23.587000",
"db": "NVD",
"id": "CVE-2010-2948"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "110033"
},
{
"db": "PACKETSTORM",
"id": "93585"
},
{
"db": "PACKETSTORM",
"id": "93746"
},
{
"db": "PACKETSTORM",
"id": "96482"
},
{
"db": "CNNVD",
"id": "CNNVD-201009-093"
}
],
"trust": 1.0
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Quagga of bgpd of bgp_route_refresh_receive Stack-based buffer overflow vulnerability in functions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-002298"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201009-093"
}
],
"trust": 0.6
}
}
var-200605-0018
Vulnerability from variot
bgpd in Quagga 0.98 and 0.99 before 20060504 allows local users to cause a denial of service (CPU consumption) via a certain sh ip bgp command entered in the telnet interface. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ Quagga , GNU Zebra Is TCP/IP A collection of daemons that support base routing related protocols. Out of them RIP , BGP As a daemon that handles the protocol RIPd , bgpd Is included. Quagga , GNU Zebra Has several security issues: 1) RIPd The daemon RIPv2 Even if the setting is valid only, regardless of the presence or absence of authentication RIPv1 There is a problem that responds to the request. (CVE-2006-2223) If exploited by a remote attacker, SEND UPDATE Such as REQUEST Routing information may be obtained illegally by using packets. 2) RIPd The daemon RIPv2 Despite being enabled for authentication, RIPv1 There is a problem of accepting packets without authentication. (CVE-2006-2224) If exploited by a remote attacker, RIPv1 of RESPONSE By using packet RIP The routing table may be modified incorrectly. (CVE-2006-2276) If exploited by a local attacker, the target system can eventually become unserviceable.Please refer to the “Overview” for the impact of this vulnerability. Quagga is prone to a local denial-of-service vulnerability. An attacker can exploit this issue by using commands that cause the consumption of a large amount of CPU resources. An attacker may cause the application to crash, thus denying service to legitimate users. Version 0.98.3 is vulnerable; other versions may also be affected. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Debian Security Advisory DSA 1059-1 security@debian.org http://www.debian.org/security/ Martin Schulze May 19th, 2006 http://www.debian.org/security/faq
Package : quagga Vulnerability : several Problem type : remote Debian-specific: no CVE IDs : CVE-2006-2223 CVE-2006-2224 CVE-2006-2276 BugTraq ID : 17808 Debian Bugs : 365940 366980
Konstantin Gavrilenko discovered several vulnerabilities in quagga, the BGP/OSPF/RIP routing daemon. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2006-2223
Remote attackers may obtain sensitive information via RIPv1
REQUEST packets even if the quagga has been configured to use MD5
authentication.
CVE-2006-2224
Remote attackers could inject arbitrary routes using the RIPv1
RESPONSE packet even if the quagga has been configured to use MD5
authentication.
The old stable distribution (woody) does not contain quagga packages.
For the stable distribution (sarge) these problems have been fixed in version 0.98.3-7.2.
For the unstable distribution (sid) these problems have been fixed in version 0.99.4-1.
We recommend that you upgrade your quagga package.
Upgrade Instructions
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2.dsc
Size/MD5 checksum: 725 e985734e8ee31a87ff96f9c9b7291fa5
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2.diff.gz
Size/MD5 checksum: 43801 fe5b28230c268fe7ab141453a82c473c
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3.orig.tar.gz
Size/MD5 checksum: 2118348 68be5e911e4d604c0f5959338263356e
Architecture independent components:
http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.98.3-7.2_all.deb
Size/MD5 checksum: 488700 c79865480dfe140b106d39111b5379ba
Alpha architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_alpha.deb
Size/MD5 checksum: 1611704 c44bc78a27990ca9d77fe4529c04e42a
AMD64 architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_amd64.deb
Size/MD5 checksum: 1412990 7ab17ec568d3f0e2122677e81db5a2e2
ARM architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_arm.deb
Size/MD5 checksum: 1290442 9a5d285ffe43d8b05c470147c48357d5
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_i386.deb
Size/MD5 checksum: 1191426 a0438042e1935582b66a44f17e62b40b
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_ia64.deb
Size/MD5 checksum: 1829114 9e6e40afc51734c572de0f4e6e2d6519
HP Precision architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_hppa.deb
Size/MD5 checksum: 1447726 4f6d058646cd78f86994eee61359df22
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_m68k.deb
Size/MD5 checksum: 1159670 1438a6da0f5c0672075438df92e82695
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_mips.deb
Size/MD5 checksum: 1352522 567e463657f21ec64870c1a243012b49
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_mipsel.deb
Size/MD5 checksum: 1355460 3dec77ae54b897882091bb5501b349c7
PowerPC architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_powerpc.deb
Size/MD5 checksum: 1316776 adaa0828d830d7145236ee2f216fe46d
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_s390.deb
Size/MD5 checksum: 1401616 41b91f2eb90d26b1482696681552d9cb
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_sparc.deb
Size/MD5 checksum: 1287378 3b1624ec028e9f7944edd3fc396b0778
These files will probably be moved into the stable distribution on its next update.
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFEbehrW5ql+IAeqTIRAu1bAJ0YQwvwCvugopyXVBCit2SwrYl+SACdF09d ELcxVZUFQP8s43SsJQ3mlqo= =Niwk -----END PGP SIGNATURE-----
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200605-15
http://security.gentoo.org/
Severity: Normal Title: Quagga Routing Suite: Multiple vulnerabilities Date: May 21, 2006 Bugs: #132353 ID: 200605-15
Synopsis
Quagga's RIP daemon allows the injection of routes and the disclosure of routing information. The BGP daemon is vulnerable to a Denial of Service.
Background
The Quagga Routing Suite implements three major routing protocols: RIP (v1/v2/v3), OSPF (v2/v3) and BGP4. Gavrilenko discovered two flaws in the Routing Information Protocol (RIP) daemon that allow the processing of RIP v1 packets (carrying no authentication) even when the daemon is configured to use MD5 authentication or, in another case, even if RIP v1 is completely disabled.
Workaround
There is no known workaround at this time.
Resolution
All Quagga users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/quagga-0.98.6-r1"
References
[ 1 ] CVE-2006-2223 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2223 [ 2 ] CVE-2006-2224 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2224 [ 3 ] CVE-2006-2276 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2276 [ 4 ] Official release information http://www.quagga.net/news2.php?y=2006&m=5&d=8#id1147115280
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200605-15.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200605-0018",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.98.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.3"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "4.0"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "4.0 (x86-64)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (ws)"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "5.10"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "5.10"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "5.10"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "5.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "5.04"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "5.04"
},
{
"model": "secure linux",
"scope": "eq",
"trust": 0.3,
"vendor": "trustix",
"version": "3.0"
},
{
"model": "propack sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "3.0"
},
{
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"model": "enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"model": "enterprise linux as ia64",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"model": "enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4.0"
},
{
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3.0"
},
{
"model": "advanced workstation for the itanium processor ia64",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"model": "advanced workstation for the itanium processor",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.3"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "linux ppc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "3.1"
},
{
"model": "routing software suite",
"scope": "ne",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.6"
}
],
"sources": [
{
"db": "BID",
"id": "17979"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000261"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-151"
},
{
"db": "NVD",
"id": "CVE-2006-2276"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-2276"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This issue was disclosed by Fredrik Widell.",
"sources": [
{
"db": "BID",
"id": "17979"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-151"
}
],
"trust": 0.9
},
"cve": "CVE-2006-2276",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/severity#"
},
"@id": "https://www.variotdbs.pl/ref/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2006-2276",
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.8,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2006-2276",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200605-151",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-000261"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-151"
},
{
"db": "NVD",
"id": "CVE-2006-2276"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "bgpd in Quagga 0.98 and 0.99 before 20060504 allows local users to cause a denial of service (CPU consumption) via a certain sh ip bgp command entered in the telnet interface. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ Quagga , GNU Zebra Is TCP/IP A collection of daemons that support base routing related protocols. Out of them RIP , BGP As a daemon that handles the protocol RIPd , bgpd Is included. Quagga , GNU Zebra Has several security issues: 1) RIPd The daemon RIPv2 Even if the setting is valid only, regardless of the presence or absence of authentication RIPv1 There is a problem that responds to the request. (CVE-2006-2223) If exploited by a remote attacker, SEND UPDATE Such as REQUEST Routing information may be obtained illegally by using packets. 2) RIPd The daemon RIPv2 Despite being enabled for authentication, RIPv1 There is a problem of accepting packets without authentication. (CVE-2006-2224) If exploited by a remote attacker, RIPv1 of RESPONSE By using packet RIP The routing table may be modified incorrectly. (CVE-2006-2276) If exploited by a local attacker, the target system can eventually become unserviceable.Please refer to the \u201cOverview\u201d for the impact of this vulnerability. Quagga is prone to a local denial-of-service vulnerability. \nAn attacker can exploit this issue by using commands that cause the consumption of a large amount of CPU resources. \nAn attacker may cause the application to crash, thus denying service to legitimate users. \nVersion 0.98.3 is vulnerable; other versions may also be affected. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1059-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nMay 19th, 2006 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : quagga\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE IDs : CVE-2006-2223 CVE-2006-2224 CVE-2006-2276\nBugTraq ID : 17808\nDebian Bugs : 365940 366980\n\nKonstantin Gavrilenko discovered several vulnerabilities in quagga,\nthe BGP/OSPF/RIP routing daemon. The Common Vulnerabilities and\nExposures project identifies the following problems:\n\nCVE-2006-2223\n\n Remote attackers may obtain sensitive information via RIPv1\n REQUEST packets even if the quagga has been configured to use MD5\n authentication. \n\nCVE-2006-2224\n\n Remote attackers could inject arbitrary routes using the RIPv1\n RESPONSE packet even if the quagga has been configured to use MD5\n authentication. \n\nThe old stable distribution (woody) does not contain quagga packages. \n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 0.98.3-7.2. \n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 0.99.4-1. \n\nWe recommend that you upgrade your quagga package. \n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file. \n\nIf you are using the apt-get package manager, use the line for\nsources.list as given at the end of this advisory:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration. \n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2.dsc\n Size/MD5 checksum: 725 e985734e8ee31a87ff96f9c9b7291fa5\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2.diff.gz\n Size/MD5 checksum: 43801 fe5b28230c268fe7ab141453a82c473c\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3.orig.tar.gz\n Size/MD5 checksum: 2118348 68be5e911e4d604c0f5959338263356e\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.98.3-7.2_all.deb\n Size/MD5 checksum: 488700 c79865480dfe140b106d39111b5379ba\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_alpha.deb\n Size/MD5 checksum: 1611704 c44bc78a27990ca9d77fe4529c04e42a\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_amd64.deb\n Size/MD5 checksum: 1412990 7ab17ec568d3f0e2122677e81db5a2e2\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_arm.deb\n Size/MD5 checksum: 1290442 9a5d285ffe43d8b05c470147c48357d5\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_i386.deb\n Size/MD5 checksum: 1191426 a0438042e1935582b66a44f17e62b40b\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_ia64.deb\n Size/MD5 checksum: 1829114 9e6e40afc51734c572de0f4e6e2d6519\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_hppa.deb\n Size/MD5 checksum: 1447726 4f6d058646cd78f86994eee61359df22\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_m68k.deb\n Size/MD5 checksum: 1159670 1438a6da0f5c0672075438df92e82695\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_mips.deb\n Size/MD5 checksum: 1352522 567e463657f21ec64870c1a243012b49\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_mipsel.deb\n Size/MD5 checksum: 1355460 3dec77ae54b897882091bb5501b349c7\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_powerpc.deb\n Size/MD5 checksum: 1316776 adaa0828d830d7145236ee2f216fe46d\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_s390.deb\n Size/MD5 checksum: 1401616 41b91f2eb90d26b1482696681552d9cb\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_sparc.deb\n Size/MD5 checksum: 1287378 3b1624ec028e9f7944edd3fc396b0778\n\n\n These files will probably be moved into the stable distribution on\n its next update. \n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show \u003cpkg\u003e\u0027 and http://packages.debian.org/\u003cpkg\u003e\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.3 (GNU/Linux)\n\niD8DBQFEbehrW5ql+IAeqTIRAu1bAJ0YQwvwCvugopyXVBCit2SwrYl+SACdF09d\nELcxVZUFQP8s43SsJQ3mlqo=\n=Niwk\n-----END PGP SIGNATURE-----\n\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 200605-15\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Quagga Routing Suite: Multiple vulnerabilities\n Date: May 21, 2006\n Bugs: #132353\n ID: 200605-15\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nQuagga\u0027s RIP daemon allows the injection of routes and the disclosure\nof routing information. The BGP daemon is vulnerable to a Denial of\nService. \n\nBackground\n==========\n\nThe Quagga Routing Suite implements three major routing protocols: RIP\n(v1/v2/v3), OSPF (v2/v3) and BGP4. Gavrilenko discovered two flaws in the Routing\nInformation Protocol (RIP) daemon that allow the processing of RIP v1\npackets (carrying no authentication) even when the daemon is configured\nto use MD5 authentication or, in another case, even if RIP v1 is\ncompletely disabled. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Quagga users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/quagga-0.98.6-r1\"\n\nReferences\n==========\n\n [ 1 ] CVE-2006-2223\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2223\n [ 2 ] CVE-2006-2224\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2224\n [ 3 ] CVE-2006-2276\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2276\n [ 4 ] Official release information\n http://www.quagga.net/news2.php?y=2006\u0026m=5\u0026d=8#id1147115280\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-200605-15.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2006 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-2276"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000261"
},
{
"db": "BID",
"id": "17979"
},
{
"db": "PACKETSTORM",
"id": "46498"
},
{
"db": "PACKETSTORM",
"id": "46526"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-2276",
"trust": 2.9
},
{
"db": "BID",
"id": "17979",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "20116",
"trust": 2.4
},
{
"db": "SECTRACK",
"id": "1016204",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "20782",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "20138",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "20221",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "20420",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "20137",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "20421",
"trust": 1.6
},
{
"db": "OSVDB",
"id": "25245",
"trust": 1.6
},
{
"db": "BID",
"id": "17808",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "19910",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000261",
"trust": 0.8
},
{
"db": "MLIST",
"id": "[QUAGGA-DEV] 20060329 QUAGGA LOCKS WITH COMMAND SH IP BGP COMMUNITY 1:*",
"trust": 0.6
},
{
"db": "UBUNTU",
"id": "USN-284-1",
"trust": 0.6
},
{
"db": "DEBIAN",
"id": "DSA-1059",
"trust": 0.6
},
{
"db": "SGI",
"id": "20060602-01-U",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2006:0533",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2006:0525",
"trust": 0.6
},
{
"db": "GENTOO",
"id": "GLSA-200605-15",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200605-151",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "46498",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "46526",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "17979"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000261"
},
{
"db": "PACKETSTORM",
"id": "46498"
},
{
"db": "PACKETSTORM",
"id": "46526"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-151"
},
{
"db": "NVD",
"id": "CVE-2006-2276"
}
]
},
"id": "VAR-200605-0018",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.1590909
},
"last_update_date": "2022-05-29T19:53:12.281000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "quagga",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/update/list.php?errata_id=396"
},
{
"title": "RHSA-2006:0533",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2006-0533.html"
},
{
"title": "RHSA-2006:0525",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2006-0525.html"
},
{
"title": "RHSA-2006:0533",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2006-0533j.html"
},
{
"title": "RHSA-2006:0525",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2006-0525j.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-000261"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-2276"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/17979"
},
{
"trust": 1.9,
"url": "http://lists.quagga.net/pipermail/quagga-dev/2006-march/004052.html"
},
{
"trust": 1.6,
"url": "http://www.quagga.net/news2.php?y=2006\u0026m=5\u0026d=4#id1146764580"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/25245"
},
{
"trust": 1.6,
"url": "http://www.redhat.com/support/errata/rhsa-2006-0533.html"
},
{
"trust": 1.6,
"url": "http://www.redhat.com/support/errata/rhsa-2006-0525.html"
},
{
"trust": 1.6,
"url": "http://www.gentoo.org/security/en/glsa/glsa-200605-15.xml"
},
{
"trust": 1.6,
"url": "http://www.debian.org/security/2006/dsa-1059"
},
{
"trust": 1.6,
"url": "http://securitytracker.com/id?1016204"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/20782"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/20421"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/20420"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/20221"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/20138"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/20137"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/20116"
},
{
"trust": 1.6,
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060602-01-u.asc"
},
{
"trust": 1.0,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10651"
},
{
"trust": 1.0,
"url": "https://usn.ubuntu.com/284-1/"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2276"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2006-2276"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/19910/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/20116/"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/17808"
},
{
"trust": 0.6,
"url": "http://www.ubuntulinux.org/support/documentation/usn/usn-284-1"
},
{
"trust": 0.3,
"url": "http://www.quagga.net/"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2006-0525.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2006-0533.html"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2.dsc"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-2224"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.98.3-7.2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_amd64.deb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-2223"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_mipsel.deb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-2276"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_alpha.deb"
},
{
"trust": 0.1,
"url": "http://packages.debian.org/\u003cpkg\u003e"
},
{
"trust": 0.1,
"url": "http://security.debian.org/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_m68k.deb"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2223"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-200605-15.xml"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://www.quagga.net/news2.php?y=2006\u0026m=5\u0026d=8#id1147115280"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2224"
}
],
"sources": [
{
"db": "BID",
"id": "17979"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000261"
},
{
"db": "PACKETSTORM",
"id": "46498"
},
{
"db": "PACKETSTORM",
"id": "46526"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-151"
},
{
"db": "NVD",
"id": "CVE-2006-2276"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "17979"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000261"
},
{
"db": "PACKETSTORM",
"id": "46498"
},
{
"db": "PACKETSTORM",
"id": "46526"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-151"
},
{
"db": "NVD",
"id": "CVE-2006-2276"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-05-15T00:00:00",
"db": "BID",
"id": "17979"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-000261"
},
{
"date": "2006-05-22T06:20:21",
"db": "PACKETSTORM",
"id": "46498"
},
{
"date": "2006-05-22T07:26:25",
"db": "PACKETSTORM",
"id": "46526"
},
{
"date": "2006-05-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200605-151"
},
{
"date": "2006-05-10T02:14:00",
"db": "NVD",
"id": "CVE-2006-2276"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-11-29T21:30:00",
"db": "BID",
"id": "17979"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-000261"
},
{
"date": "2006-05-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200605-151"
},
{
"date": "2018-10-03T21:40:00",
"db": "NVD",
"id": "CVE-2006-2276"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "17979"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-151"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Quagga BGPD Local Denial Of Service Vulnerability",
"sources": [
{
"db": "BID",
"id": "17979"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-151"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200605-151"
}
],
"trust": 0.6
}
}
var-201110-0444
Vulnerability from variot
Heap-based buffer overflow in the ecommunity_ecom2str function in bgp_ecommunity.c in bgpd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by sending a crafted BGP UPDATE message over IPv4. Quagga contains five remote component vulnerabilities due to issues when handling BGP, OSPF, and OSPFv3 packets. A buffer overflow vulnerability 2. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All Quagga users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/quagga-0.99.20 "
References
[ 1 ] CVE-2010-1674 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1674 [ 2 ] CVE-2010-1675 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1675 [ 3 ] CVE-2010-2948 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2948 [ 4 ] CVE-2010-2949 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2949 [ 5 ] CVE-2011-3323 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3323 [ 6 ] CVE-2011-3324 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3324 [ 7 ] CVE-2011-3325 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3325 [ 8 ] CVE-2011-3326 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3326 [ 9 ] CVE-2011-3327 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3327
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201202-02.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-1261-1 November 14, 2011
quagga vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
Summary:
Quagga could be made to crash or run programs if it received specially crafted network traffic. (CVE-2011-3323)
Riku Hietamäki, Tuomo Untinen and Jukka Taimisto discovered that Quagga incorrectly handled certain IPv6 Database Description messages. (CVE-2011-3324)
Riku Hietamäki, Tuomo Untinen and Jukka Taimisto discovered that Quagga incorrectly handled certain IPv4 packets. (CVE-2011-3325)
Riku Hietamäki, Tuomo Untinen and Jukka Taimisto discovered that Quagga incorrectly handled invalid Link State Advertisement (LSA) types. (CVE-2011-3327)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 11.10: quagga 0.99.18-2ubuntu0.1
Ubuntu 11.04: quagga 0.99.17-4ubuntu1.1
Ubuntu 10.10: quagga 0.99.17-1ubuntu0.2
Ubuntu 10.04 LTS: quagga 0.99.15-1ubuntu0.3
In general, a standard system update will make all the necessary changes.
CVE-2011-3324 The ospf6d process can crash while processing a Database Description packet with a crafted Link-State-Advertisement.
CVE-2011-3325 The ospfd process can crash while processing a crafted Hello packet.
CVE-2011-3326 The ospfd process crashes while processing Link-State-Advertisements of a type not known to Quagga.
The OSPF-related vulnerabilities require that potential attackers send packets to a vulnerable Quagga router; the packets are not distributed over OSPF.
For the oldstable distribution (lenny), these problems have been fixed in version 0.99.10-1lenny6.
For the stable distribution (squeeze), these problems have been fixed in version 0.99.17-2+squeeze3.
For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 0.99.19-1. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: Radfa Sabadkharid Arbitrary File Upload Vulnerability
SECUNIA ADVISORY ID: SA46244
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46244/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46244
RELEASE DATE: 2011-10-24
DISCUSS ADVISORY: http://secunia.com/advisories/46244/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46244/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46244
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Radfa Sabadkharid, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to the wysiwyg/editor/filemanager/upload/php/upload.php script not properly validating uploaded file types, which can be exploited to e.g. execute arbitrary PHP code through an uploaded PHP file.
SOLUTION: Reportedly, the vendor has issued a fix.
PROVIDED AND/OR DISCOVERED BY: St493r
ORIGINAL ADVISORY: http://www.sabadkharid.com/news/19/%D9%82%D8%A7%D8%A8%D9%84-%D8%AA%D9%88%D8%AC%D9%87-%D9%85%D8%B4%D8%AA%D8%B1%DB%8C%D8%A7%D9%86-%D9%82%D8%AF%DB%8C%D9%85%DB%8C-%D9%86%D8%B3%D8%AE%D9%87-%D8%AD%D8%B1%D9%81%D9%87-%D8%A7%DB%8C!.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: quagga security update Advisory ID: RHSA-2012:1259-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1259.html Issue date: 2012-09-12 CVE Names: CVE-2011-3323 CVE-2011-3324 CVE-2011-3325 CVE-2011-3326 CVE-2011-3327 CVE-2012-0249 CVE-2012-0250 CVE-2012-0255 CVE-2012-1820 =====================================================================
- Summary:
Updated quagga packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
- Description:
Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP (Border Gateway Protocol) routing protocol. The Quagga ospfd and ospf6d daemons implement the OSPF (Open Shortest Path First) routing protocol.
A heap-based buffer overflow flaw was found in the way the bgpd daemon processed malformed Extended Communities path attributes. The UPDATE message would have to arrive from an explicitly configured BGP peer, but could have originated elsewhere in the BGP network. (CVE-2011-3327)
A stack-based buffer overflow flaw was found in the way the ospf6d daemon processed malformed Link State Update packets. An OSPF router could use this flaw to crash ospf6d on an adjacent router. (CVE-2011-3323)
A flaw was found in the way the ospf6d daemon processed malformed link state advertisements. An OSPF neighbor could use this flaw to crash ospf6d on a target system. (CVE-2011-3324)
A flaw was found in the way the ospfd daemon processed malformed Hello packets. An OSPF neighbor could use this flaw to crash ospfd on a target system. (CVE-2011-3325)
A flaw was found in the way the ospfd daemon processed malformed link state advertisements. An OSPF router in the autonomous system could use this flaw to crash ospfd on a target system. (CVE-2011-3326)
An assertion failure was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to cause ospfd on an adjacent router to abort. (CVE-2012-0249)
A buffer overflow flaw was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to crash ospfd on an adjacent router. (CVE-2012-0250)
Two flaws were found in the way the bgpd daemon processed certain BGP OPEN messages. A configured BGP peer could cause bgpd on a target system to abort via a specially-crafted BGP OPEN message. (CVE-2012-0255, CVE-2012-1820)
Red Hat would like to thank CERT-FI for reporting CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326; and the CERT/CC for reporting CVE-2012-0249, CVE-2012-0250, CVE-2012-0255, and CVE-2012-1820. CERT-FI acknowledges Riku Hietamäki, Tuomo Untinen and Jukka Taimisto of the Codenomicon CROSS project as the original reporters of CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326. The CERT/CC acknowledges Martin Winter at OpenSourceRouting.org as the original reporter of CVE-2012-0249, CVE-2012-0250, and CVE-2012-0255, and Denis Ovsienko as the original reporter of CVE-2012-1820.
Users of quagga should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the bgpd, ospfd, and ospf6d daemons will be restarted automatically.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258
- Bugs fixed (http://bugzilla.redhat.com/):
738393 - CVE-2011-3323 Quagga (ospf6d): Stack-based buffer overflow while decoding Link State Update packet with malformed Inter Area Prefix LSA 738394 - CVE-2011-3324 Quagga (ospf6d): Denial of service by decoding malformed Database Description packet headers 738396 - CVE-2011-3325 Quagga (ospfd): Denial of service by decoding too short Hello packet or Hello packet with invalid OSPFv2 header type 738398 - CVE-2011-3326 Quagga (ospfd): Denial of service by decoding Link State Update LSAs of unknown type 738400 - CVE-2011-3327 Quagga (bgpd): Heap-based buffer overflow by decoding BGP UPDATE message with unknown AS_PATH attributes 802781 - CVE-2012-0255 quagga (bgpd): Assertion failure by processing malformed AS4 capability in BGP OPEN message 802827 - CVE-2012-0249 quagga (ospfd): Assertion failure due improper length check for a received LS-Update OSPF packet 802829 - CVE-2012-0250 quagga (ospfd): Crash by processing LS-Update OSPF packet due improper length check of the Network-LSA structures 817580 - CVE-2012-1820 quagga (bgpd): Assertion failure by processing BGP OPEN message with malformed ORF capability TLV (VU#962587)
- Package List:
Red Hat Enterprise Linux Server (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm
i386: quagga-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm
ppc64: quagga-0.99.15-7.el6_3.2.ppc64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.ppc64.rpm
s390x: quagga-0.99.15-7.el6_3.2.s390x.rpm quagga-debuginfo-0.99.15-7.el6_3.2.s390x.rpm
x86_64: quagga-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm
i386: quagga-contrib-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm
ppc64: quagga-contrib-0.99.15-7.el6_3.2.ppc64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.ppc.rpm quagga-debuginfo-0.99.15-7.el6_3.2.ppc64.rpm quagga-devel-0.99.15-7.el6_3.2.ppc.rpm quagga-devel-0.99.15-7.el6_3.2.ppc64.rpm
s390x: quagga-contrib-0.99.15-7.el6_3.2.s390x.rpm quagga-debuginfo-0.99.15-7.el6_3.2.s390.rpm quagga-debuginfo-0.99.15-7.el6_3.2.s390x.rpm quagga-devel-0.99.15-7.el6_3.2.s390.rpm quagga-devel-0.99.15-7.el6_3.2.s390x.rpm
x86_64: quagga-contrib-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm
i386: quagga-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm
x86_64: quagga-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm
i386: quagga-contrib-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm
x86_64: quagga-contrib-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2011-3323.html https://www.redhat.com/security/data/cve/CVE-2011-3324.html https://www.redhat.com/security/data/cve/CVE-2011-3325.html https://www.redhat.com/security/data/cve/CVE-2011-3326.html https://www.redhat.com/security/data/cve/CVE-2011-3327.html https://www.redhat.com/security/data/cve/CVE-2012-0249.html https://www.redhat.com/security/data/cve/CVE-2012-0250.html https://www.redhat.com/security/data/cve/CVE-2012-0255.html https://www.redhat.com/security/data/cve/CVE-2012-1820.html https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFQUOxMXlSAg2UNWIIRAspnAKDCd5umtQIWFZYD8vyRPpCkAlgiwwCglw+g P4VSjxs4xRnVCtT/IOkBkKQ= =VtuC -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201110-0444",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.15"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.11"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.16"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.13"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.14"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.9"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.10"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.17"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.12"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.6"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.8"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.7"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.0"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.6"
},
{
"model": "quagga",
"scope": "lte",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.18"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.0"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.95"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.2"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian gnu linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "quagga",
"scope": "lt",
"trust": 0.8,
"vendor": "quagga",
"version": "0.99.19"
},
{
"model": "seil/b1",
"scope": "lt",
"trust": 0.8,
"vendor": "internet initiative",
"version": "1.00 from 3.41"
},
{
"model": "seil/neu 2fe plus",
"scope": "lt",
"trust": 0.8,
"vendor": "internet initiative",
"version": "1.00 from 2.13"
},
{
"model": "seil/turbo",
"scope": "lt",
"trust": 0.8,
"vendor": "internet initiative",
"version": "1.00 from 2.13"
},
{
"model": "seil/x1",
"scope": "lt",
"trust": 0.8,
"vendor": "internet initiative",
"version": "1.00 from 3.41"
},
{
"model": "seil/x2",
"scope": "lt",
"trust": 0.8,
"vendor": "internet initiative",
"version": "1.00 from 3.41"
},
{
"model": "seil/x86",
"scope": "lt",
"trust": 0.8,
"vendor": "internet initiative",
"version": "1.70 from 1.91"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.6,
"vendor": "quagga",
"version": "0.99.18"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.10"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.10"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux enterprise server for vmware sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise sdk sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise sdk sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise sdk sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11.4"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11.3"
},
{
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "hat enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "hat enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.17"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.16"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.15"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.11"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.9"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.8"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.7"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.6"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.5"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.4"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.3"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.2"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.1"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.6"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.5"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.3"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.97.3"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.4"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.3"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.2"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "routing software suite",
"scope": "ne",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.19"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#668534"
},
{
"db": "BID",
"id": "49784"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002373"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-587"
},
{
"db": "NVD",
"id": "CVE-2011-3327"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.95:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "0.99.18",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3327"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Riku Hietam\u0026amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;auml;ki, Tuomo Untinen and Jukka Taimisto of the Codenomicon CROSS project",
"sources": [
{
"db": "BID",
"id": "49784"
}
],
"trust": 0.3
},
"cve": "CVE-2011-3327",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2011-3327",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-3327",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#668534",
"trust": 0.8,
"value": "15.69"
},
{
"author": "CNNVD",
"id": "CNNVD-201109-587",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#668534"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002373"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-587"
},
{
"db": "NVD",
"id": "CVE-2011-3327"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based buffer overflow in the ecommunity_ecom2str function in bgp_ecommunity.c in bgpd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by sending a crafted BGP UPDATE message over IPv4. Quagga contains five remote component vulnerabilities due to issues when handling BGP, OSPF, and OSPFv3 packets. A buffer overflow vulnerability\n2. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Quagga users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/quagga-0.99.20 \"\n\nReferences\n==========\n\n[ 1 ] CVE-2010-1674\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1674\n[ 2 ] CVE-2010-1675\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1675\n[ 3 ] CVE-2010-2948\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2948\n[ 4 ] CVE-2010-2949\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2949\n[ 5 ] CVE-2011-3323\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3323\n[ 6 ] CVE-2011-3324\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3324\n[ 7 ] CVE-2011-3325\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3325\n[ 8 ] CVE-2011-3326\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3326\n[ 9 ] CVE-2011-3327\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3327\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201202-02.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ==========================================================================\nUbuntu Security Notice USN-1261-1\nNovember 14, 2011\n\nquagga vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 11.10\n- Ubuntu 11.04\n- Ubuntu 10.10\n- Ubuntu 10.04 LTS\n\nSummary:\n\nQuagga could be made to crash or run programs if it received specially\ncrafted network traffic. (CVE-2011-3323)\n\nRiku Hietam\u00e4ki, Tuomo Untinen and Jukka Taimisto discovered that Quagga\nincorrectly handled certain IPv6 Database Description messages. (CVE-2011-3324)\n\nRiku Hietam\u00e4ki, Tuomo Untinen and Jukka Taimisto discovered that Quagga\nincorrectly handled certain IPv4 packets. \n(CVE-2011-3325)\n\nRiku Hietam\u00e4ki, Tuomo Untinen and Jukka Taimisto discovered that Quagga\nincorrectly handled invalid Link State Advertisement (LSA) types. (CVE-2011-3327)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 11.10:\n quagga 0.99.18-2ubuntu0.1\n\nUbuntu 11.04:\n quagga 0.99.17-4ubuntu1.1\n\nUbuntu 10.10:\n quagga 0.99.17-1ubuntu0.2\n\nUbuntu 10.04 LTS:\n quagga 0.99.15-1ubuntu0.3\n\nIn general, a standard system update will make all the necessary changes. \n\nCVE-2011-3324\n\tThe ospf6d process can crash while processing a Database\n\tDescription packet with a crafted Link-State-Advertisement. \n\nCVE-2011-3325\n\tThe ospfd process can crash while processing a crafted Hello\n\tpacket. \n\nCVE-2011-3326\n\tThe ospfd process crashes while processing\n\tLink-State-Advertisements of a type not known to Quagga. \n\nThe OSPF-related vulnerabilities require that potential attackers send\npackets to a vulnerable Quagga router; the packets are not distributed\nover OSPF. \n\nFor the oldstable distribution (lenny), these problems have been fixed\nin version 0.99.10-1lenny6. \n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 0.99.17-2+squeeze3. \n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 0.99.19-1. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nRadfa Sabadkharid Arbitrary File Upload Vulnerability\n\nSECUNIA ADVISORY ID:\nSA46244\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46244/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46244\n\nRELEASE DATE:\n2011-10-24\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46244/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46244/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46244\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Radfa Sabadkharid, which can be\nexploited by malicious people to compromise a vulnerable system. \n\nThe vulnerability is caused due to the\nwysiwyg/editor/filemanager/upload/php/upload.php script not properly\nvalidating uploaded file types, which can be exploited to e.g. \nexecute arbitrary PHP code through an uploaded PHP file. \n\nSOLUTION:\nReportedly, the vendor has issued a fix. \n\nPROVIDED AND/OR DISCOVERED BY:\nSt493r\n\nORIGINAL ADVISORY:\nhttp://www.sabadkharid.com/news/19/%D9%82%D8%A7%D8%A8%D9%84-%D8%AA%D9%88%D8%AC%D9%87-%D9%85%D8%B4%D8%AA%D8%B1%DB%8C%D8%A7%D9%86-%D9%82%D8%AF%DB%8C%D9%85%DB%8C-%D9%86%D8%B3%D8%AE%D9%87-%D8%AD%D8%B1%D9%81%D9%87-%D8%A7%DB%8C!.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: quagga security update\nAdvisory ID: RHSA-2012:1259-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2012-1259.html\nIssue date: 2012-09-12\nCVE Names: CVE-2011-3323 CVE-2011-3324 CVE-2011-3325 \n CVE-2011-3326 CVE-2011-3327 CVE-2012-0249 \n CVE-2012-0250 CVE-2012-0255 CVE-2012-1820 \n=====================================================================\n\n1. Summary:\n\nUpdated quagga packages that fix multiple security issues are now available\nfor Red Hat Enterprise Linux 6. \n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. Description:\n\nQuagga is a TCP/IP based routing software suite. The Quagga bgpd daemon\nimplements the BGP (Border Gateway Protocol) routing protocol. The Quagga\nospfd and ospf6d daemons implement the OSPF (Open Shortest Path First)\nrouting protocol. \n\nA heap-based buffer overflow flaw was found in the way the bgpd daemon\nprocessed malformed Extended Communities path attributes. The UPDATE message would have to arrive from an explicitly\nconfigured BGP peer, but could have originated elsewhere in the BGP\nnetwork. (CVE-2011-3327)\n\nA stack-based buffer overflow flaw was found in the way the ospf6d daemon\nprocessed malformed Link State Update packets. An OSPF router could use\nthis flaw to crash ospf6d on an adjacent router. (CVE-2011-3323)\n\nA flaw was found in the way the ospf6d daemon processed malformed link\nstate advertisements. An OSPF neighbor could use this flaw to crash\nospf6d on a target system. (CVE-2011-3324)\n\nA flaw was found in the way the ospfd daemon processed malformed Hello\npackets. An OSPF neighbor could use this flaw to crash ospfd on a\ntarget system. (CVE-2011-3325)\n\nA flaw was found in the way the ospfd daemon processed malformed link state\nadvertisements. An OSPF router in the autonomous system could use this flaw\nto crash ospfd on a target system. (CVE-2011-3326)\n\nAn assertion failure was found in the way the ospfd daemon processed\ncertain Link State Update packets. An OSPF router could use this flaw to\ncause ospfd on an adjacent router to abort. (CVE-2012-0249)\n\nA buffer overflow flaw was found in the way the ospfd daemon processed\ncertain Link State Update packets. An OSPF router could use this flaw to\ncrash ospfd on an adjacent router. (CVE-2012-0250)\n\nTwo flaws were found in the way the bgpd daemon processed certain BGP OPEN\nmessages. A configured BGP peer could cause bgpd on a target system to\nabort via a specially-crafted BGP OPEN message. (CVE-2012-0255,\nCVE-2012-1820)\n\nRed Hat would like to thank CERT-FI for reporting CVE-2011-3327,\nCVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326; and the\nCERT/CC for reporting CVE-2012-0249, CVE-2012-0250, CVE-2012-0255, and\nCVE-2012-1820. CERT-FI acknowledges Riku Hietam\u00e4ki, Tuomo Untinen and Jukka\nTaimisto of the Codenomicon CROSS project as the original reporters of\nCVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and\nCVE-2011-3326. The CERT/CC acknowledges Martin Winter at\nOpenSourceRouting.org as the original reporter of CVE-2012-0249,\nCVE-2012-0250, and CVE-2012-0255, and Denis Ovsienko as the original\nreporter of CVE-2012-1820. \n\nUsers of quagga should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, the bgpd, ospfd, and ospf6d daemons will be restarted\nautomatically. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n738393 - CVE-2011-3323 Quagga (ospf6d): Stack-based buffer overflow while decoding Link State Update packet with malformed Inter Area Prefix LSA\n738394 - CVE-2011-3324 Quagga (ospf6d): Denial of service by decoding malformed Database Description packet headers\n738396 - CVE-2011-3325 Quagga (ospfd): Denial of service by decoding too short Hello packet or Hello packet with invalid OSPFv2 header type\n738398 - CVE-2011-3326 Quagga (ospfd): Denial of service by decoding Link State Update LSAs of unknown type\n738400 - CVE-2011-3327 Quagga (bgpd): Heap-based buffer overflow by decoding BGP UPDATE message with unknown AS_PATH attributes\n802781 - CVE-2012-0255 quagga (bgpd): Assertion failure by processing malformed AS4 capability in BGP OPEN message\n802827 - CVE-2012-0249 quagga (ospfd): Assertion failure due improper length check for a received LS-Update OSPF packet\n802829 - CVE-2012-0250 quagga (ospfd): Crash by processing LS-Update OSPF packet due improper length check of the Network-LSA structures\n817580 - CVE-2012-1820 quagga (bgpd): Assertion failure by processing BGP OPEN message with malformed ORF capability TLV (VU#962587)\n\n6. Package List:\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm\n\ni386:\nquagga-0.99.15-7.el6_3.2.i686.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm\n\nppc64:\nquagga-0.99.15-7.el6_3.2.ppc64.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.ppc64.rpm\n\ns390x:\nquagga-0.99.15-7.el6_3.2.s390x.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.s390x.rpm\n\nx86_64:\nquagga-0.99.15-7.el6_3.2.x86_64.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm\n\ni386:\nquagga-contrib-0.99.15-7.el6_3.2.i686.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm\nquagga-devel-0.99.15-7.el6_3.2.i686.rpm\n\nppc64:\nquagga-contrib-0.99.15-7.el6_3.2.ppc64.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.ppc.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.ppc64.rpm\nquagga-devel-0.99.15-7.el6_3.2.ppc.rpm\nquagga-devel-0.99.15-7.el6_3.2.ppc64.rpm\n\ns390x:\nquagga-contrib-0.99.15-7.el6_3.2.s390x.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.s390.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.s390x.rpm\nquagga-devel-0.99.15-7.el6_3.2.s390.rpm\nquagga-devel-0.99.15-7.el6_3.2.s390x.rpm\n\nx86_64:\nquagga-contrib-0.99.15-7.el6_3.2.x86_64.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm\nquagga-devel-0.99.15-7.el6_3.2.i686.rpm\nquagga-devel-0.99.15-7.el6_3.2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm\n\ni386:\nquagga-0.99.15-7.el6_3.2.i686.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm\n\nx86_64:\nquagga-0.99.15-7.el6_3.2.x86_64.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm\n\ni386:\nquagga-contrib-0.99.15-7.el6_3.2.i686.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm\nquagga-devel-0.99.15-7.el6_3.2.i686.rpm\n\nx86_64:\nquagga-contrib-0.99.15-7.el6_3.2.x86_64.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm\nquagga-devel-0.99.15-7.el6_3.2.i686.rpm\nquagga-devel-0.99.15-7.el6_3.2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-3323.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3324.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3325.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3326.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3327.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0249.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0250.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0255.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-1820.html\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2012 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFQUOxMXlSAg2UNWIIRAspnAKDCd5umtQIWFZYD8vyRPpCkAlgiwwCglw+g\nP4VSjxs4xRnVCtT/IOkBkKQ=\n=VtuC\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3327"
},
{
"db": "CERT/CC",
"id": "VU#668534"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002373"
},
{
"db": "BID",
"id": "49784"
},
{
"db": "PACKETSTORM",
"id": "110033"
},
{
"db": "PACKETSTORM",
"id": "107001"
},
{
"db": "PACKETSTORM",
"id": "105571"
},
{
"db": "PACKETSTORM",
"id": "106135"
},
{
"db": "PACKETSTORM",
"id": "116468"
},
{
"db": "PACKETSTORM",
"id": "116469"
}
],
"trust": 3.15
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#668534",
"trust": 3.5
},
{
"db": "NVD",
"id": "CVE-2011-3327",
"trust": 3.2
},
{
"db": "SECUNIA",
"id": "46139",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "48106",
"trust": 1.0
},
{
"db": "SECUNIA",
"id": "46274",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002373",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "46244",
"trust": 0.7
},
{
"db": "SECUNIA",
"id": "46214",
"trust": 0.6
},
{
"db": "DEBIAN",
"id": "DSA-2316",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201109-587",
"trust": 0.6
},
{
"db": "BID",
"id": "49784",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "110033",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "107001",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "105571",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "106135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "116468",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "116469",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#668534"
},
{
"db": "BID",
"id": "49784"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002373"
},
{
"db": "PACKETSTORM",
"id": "110033"
},
{
"db": "PACKETSTORM",
"id": "107001"
},
{
"db": "PACKETSTORM",
"id": "105571"
},
{
"db": "PACKETSTORM",
"id": "106135"
},
{
"db": "PACKETSTORM",
"id": "116468"
},
{
"db": "PACKETSTORM",
"id": "116469"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-587"
},
{
"db": "NVD",
"id": "CVE-2011-3327"
}
]
},
"id": "VAR-201110-0444",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.25897437
},
"last_update_date": "2024-07-22T22:27:20.815000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.quagga.net"
},
{
"title": "bgpd: CVE-2011-3327",
"trust": 0.8,
"url": "http://code.quagga.net/?p=quagga.git;a=commit;h=94431dbc753171b48b5c6806af97fd690813b00a"
},
{
"title": "quagga-0.99.19.changelog",
"trust": 0.8,
"url": "http://www.quagga.net/download/quagga-0.99.19.changelog.txt"
},
{
"title": "RHSA-2012:1259",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2012-1259.html"
},
{
"title": "\u507d\u88c5\u3055\u308c\u305fOSPF\uff08v2,v3\uff09\u30d1\u30b1\u30c3\u30c8\u306b\u5bfe\u3059\u308b\u53d7\u4fe1\u51e6\u7406\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "http://www.seil.jp/support/security/a01141.html"
},
{
"title": "quagga-0.99.19",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=40714"
},
{
"title": "quagga-master-513254",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=40715"
},
{
"title": "quagga.git-94431dbc753171b48b5c6806af97fd690813b00a",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=40713"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002373"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-587"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002373"
},
{
"db": "NVD",
"id": "CVE-2011-3327"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://www.cert.fi/en/reports/2011/vulnerability539178.html"
},
{
"trust": 2.7,
"url": "http://www.kb.cert.org/vuls/id/668534"
},
{
"trust": 1.6,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=738400"
},
{
"trust": 1.6,
"url": "http://www.quagga.net/download/quagga-0.99.19.changelog.txt"
},
{
"trust": 1.6,
"url": "http://www.debian.org/security/2011/dsa-2316"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/46139"
},
{
"trust": 1.4,
"url": "http://rhn.redhat.com/errata/rhsa-2012-1258.html"
},
{
"trust": 1.4,
"url": "http://rhn.redhat.com/errata/rhsa-2012-1259.html"
},
{
"trust": 1.1,
"url": "http://security.gentoo.org/glsa/glsa-201202-02.xml"
},
{
"trust": 1.0,
"url": "http://code.quagga.net/?p=quagga.git%3ba=commit%3bh=94431dbc753171b48b5c6806af97fd690813b00a"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00027.html"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00007.html"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00010.html"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/46274"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/48106"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2011-3327"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3327"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu668534"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3327"
},
{
"trust": 0.6,
"url": "http://code.quagga.net/?p=quagga.git;a=commit;h=94431dbc753171b48b5c6806af97fd690813b00a"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/46214"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/46244"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3323"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3326"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3325"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3324"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3327"
},
{
"trust": 0.3,
"url": "http://www.quagga.net/news2.php?y=2011\u0026m=9\u0026d=26#id1285509600"
},
{
"trust": 0.3,
"url": "http://www.quagga.net/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1674"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3323.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0250"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3325.html"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3324.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0249"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0249.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0250.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/knowledge/articles/11258"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3326.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3327.html"
},
{
"trust": 0.2,
"url": "http://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1674"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2949"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3325"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3324"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1675"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2948"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3326"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3327"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3323"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2948"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2949"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1675"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/quagga/0.99.17-4ubuntu1.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/quagga/0.99.15-1ubuntu0.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/quagga/0.99.18-2ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/quagga/0.99.17-1ubuntu0.2"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-1261-1"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46244"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46244/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/vim/ovum_2011_request/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46244/"
},
{
"trust": 0.1,
"url": "http://www.sabadkharid.com/news/19/%d9%82%d8%a7%d8%a8%d9%84-%d8%aa%d9%88%d8%ac%d9%87-%d9%85%d8%b4%d8%aa%d8%b1%db%8c%d8%a7%d9%86-%d9%82%d8%af%db%8c%d9%85%db%8c-%d9%86%d8%b3%d8%ae%d9%87-%d8%ad%d8%b1%d9%81%d9%87-%d8%a7%db%8c!.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2010-1674.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0255.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0255"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-1820.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1820"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#668534"
},
{
"db": "BID",
"id": "49784"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002373"
},
{
"db": "PACKETSTORM",
"id": "110033"
},
{
"db": "PACKETSTORM",
"id": "107001"
},
{
"db": "PACKETSTORM",
"id": "105571"
},
{
"db": "PACKETSTORM",
"id": "106135"
},
{
"db": "PACKETSTORM",
"id": "116468"
},
{
"db": "PACKETSTORM",
"id": "116469"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-587"
},
{
"db": "NVD",
"id": "CVE-2011-3327"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#668534"
},
{
"db": "BID",
"id": "49784"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002373"
},
{
"db": "PACKETSTORM",
"id": "110033"
},
{
"db": "PACKETSTORM",
"id": "107001"
},
{
"db": "PACKETSTORM",
"id": "105571"
},
{
"db": "PACKETSTORM",
"id": "106135"
},
{
"db": "PACKETSTORM",
"id": "116468"
},
{
"db": "PACKETSTORM",
"id": "116469"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-587"
},
{
"db": "NVD",
"id": "CVE-2011-3327"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-09-26T00:00:00",
"db": "CERT/CC",
"id": "VU#668534"
},
{
"date": "2011-09-26T00:00:00",
"db": "BID",
"id": "49784"
},
{
"date": "2011-10-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002373"
},
{
"date": "2012-02-22T02:10:03",
"db": "PACKETSTORM",
"id": "110033"
},
{
"date": "2011-11-15T15:35:22",
"db": "PACKETSTORM",
"id": "107001"
},
{
"date": "2011-10-05T23:00:08",
"db": "PACKETSTORM",
"id": "105571"
},
{
"date": "2011-10-24T07:34:49",
"db": "PACKETSTORM",
"id": "106135"
},
{
"date": "2012-09-12T23:06:05",
"db": "PACKETSTORM",
"id": "116468"
},
{
"date": "2012-09-12T23:06:22",
"db": "PACKETSTORM",
"id": "116469"
},
{
"date": "2011-09-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-587"
},
{
"date": "2011-10-10T10:55:06.690000",
"db": "NVD",
"id": "CVE-2011-3327"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-10-06T00:00:00",
"db": "CERT/CC",
"id": "VU#668534"
},
{
"date": "2015-04-13T21:15:00",
"db": "BID",
"id": "49784"
},
{
"date": "2012-11-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002373"
},
{
"date": "2011-10-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-587"
},
{
"date": "2023-11-07T02:08:29.247000",
"db": "NVD",
"id": "CVE-2011-3327"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "110033"
},
{
"db": "PACKETSTORM",
"id": "107001"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-587"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple Quagga remote component vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#668534"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201109-587"
}
],
"trust": 0.6
}
}
var-201204-0162
Vulnerability from variot
The BGP implementation in bgpd in Quagga before 0.99.20.1 does not properly use message buffers for OPEN messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a message associated with a malformed Four-octet AS Number Capability (aka AS4 capability). Quagga, a routing software suite, contains multiple vulnerabilities that result in a denial-of-service condition. Quagga is prone to multiple remote security vulnerabilities including: 1. A denial-of-service vulnerability 2. Multiple buffer-overflow vulnerabilities An attackers can exploit these issues to execute arbitrary code in the context of the application or cause denial-of-service conditions. Quagga versions prior to 0.99.20.1 are vulnerable. ============================================================================ Ubuntu Security Notice USN-1441-1 May 15, 2012
quagga vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
Summary:
Quagga could be made to crash if it received specially crafted network traffic. (CVE-2012-0249, CVE-2012-0250)
It was discovered that Quagga incorrectly handled messages with a malformed Four-octet AS Number Capability. After a standard system update you need to restart Quagga to make all the necessary changes. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: Debian update for quagga
SECUNIA ADVISORY ID: SA48949
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48949/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48949
RELEASE DATE: 2012-04-26
DISCUSS ADVISORY: http://secunia.com/advisories/48949/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/48949/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48949
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Debian has issued an update for quagga. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
For more information: SA48388
SOLUTION: Apply updated packages via the apt-get package manager.
ORIGINAL ADVISORY: DSA-2459-1: http://lists.debian.org/debian-security-announce/2012/msg00092.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201310-08
http://security.gentoo.org/
Severity: Normal Title: Quagga: Multiple vulnerabilities Date: October 10, 2013 Bugs: #408507, #475706 ID: 201310-08
Synopsis
Multiple vulnerabilities have been found in Quagga, the worst of which could lead to arbitrary code execution. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All Quagga users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/quagga-0.99.22.4"
References
[ 1 ] CVE-2012-0249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0249 [ 2 ] CVE-2012-0250 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0250 [ 3 ] CVE-2012-0255 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0255 [ 4 ] CVE-2012-1820 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1820 [ 5 ] CVE-2013-2236 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2236
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201310-08.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: quagga security update Advisory ID: RHSA-2012:1259-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1259.html Issue date: 2012-09-12 CVE Names: CVE-2011-3323 CVE-2011-3324 CVE-2011-3325 CVE-2011-3326 CVE-2011-3327 CVE-2012-0249 CVE-2012-0250 CVE-2012-0255 CVE-2012-1820 =====================================================================
- Summary:
Updated quagga packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
- The Quagga bgpd daemon implements the BGP (Border Gateway Protocol) routing protocol. The Quagga ospfd and ospf6d daemons implement the OSPF (Open Shortest Path First) routing protocol.
A heap-based buffer overflow flaw was found in the way the bgpd daemon processed malformed Extended Communities path attributes. An attacker could send a specially-crafted BGP message, causing bgpd on a target system to crash or, possibly, execute arbitrary code with the privileges of the user running bgpd. The UPDATE message would have to arrive from an explicitly configured BGP peer, but could have originated elsewhere in the BGP network. (CVE-2011-3327)
A stack-based buffer overflow flaw was found in the way the ospf6d daemon processed malformed Link State Update packets. An OSPF router could use this flaw to crash ospf6d on an adjacent router. (CVE-2011-3323)
A flaw was found in the way the ospf6d daemon processed malformed link state advertisements. An OSPF neighbor could use this flaw to crash ospf6d on a target system. (CVE-2011-3324)
A flaw was found in the way the ospfd daemon processed malformed Hello packets. An OSPF neighbor could use this flaw to crash ospfd on a target system. (CVE-2011-3325)
A flaw was found in the way the ospfd daemon processed malformed link state advertisements. An OSPF router in the autonomous system could use this flaw to crash ospfd on a target system. (CVE-2011-3326)
An assertion failure was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to cause ospfd on an adjacent router to abort. (CVE-2012-0249)
A buffer overflow flaw was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to crash ospfd on an adjacent router. (CVE-2012-0250)
Two flaws were found in the way the bgpd daemon processed certain BGP OPEN messages. A configured BGP peer could cause bgpd on a target system to abort via a specially-crafted BGP OPEN message. (CVE-2012-0255, CVE-2012-1820)
Red Hat would like to thank CERT-FI for reporting CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326; and the CERT/CC for reporting CVE-2012-0249, CVE-2012-0250, CVE-2012-0255, and CVE-2012-1820. CERT-FI acknowledges Riku Hietamäki, Tuomo Untinen and Jukka Taimisto of the Codenomicon CROSS project as the original reporters of CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326. The CERT/CC acknowledges Martin Winter at OpenSourceRouting.org as the original reporter of CVE-2012-0249, CVE-2012-0250, and CVE-2012-0255, and Denis Ovsienko as the original reporter of CVE-2012-1820.
Users of quagga should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the bgpd, ospfd, and ospf6d daemons will be restarted automatically.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258
- Package List:
Red Hat Enterprise Linux Server (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm
i386: quagga-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm
ppc64: quagga-0.99.15-7.el6_3.2.ppc64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.ppc64.rpm
s390x: quagga-0.99.15-7.el6_3.2.s390x.rpm quagga-debuginfo-0.99.15-7.el6_3.2.s390x.rpm
x86_64: quagga-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm
i386: quagga-contrib-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm
ppc64: quagga-contrib-0.99.15-7.el6_3.2.ppc64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.ppc.rpm quagga-debuginfo-0.99.15-7.el6_3.2.ppc64.rpm quagga-devel-0.99.15-7.el6_3.2.ppc.rpm quagga-devel-0.99.15-7.el6_3.2.ppc64.rpm
s390x: quagga-contrib-0.99.15-7.el6_3.2.s390x.rpm quagga-debuginfo-0.99.15-7.el6_3.2.s390.rpm quagga-debuginfo-0.99.15-7.el6_3.2.s390x.rpm quagga-devel-0.99.15-7.el6_3.2.s390.rpm quagga-devel-0.99.15-7.el6_3.2.s390x.rpm
x86_64: quagga-contrib-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm
i386: quagga-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm
x86_64: quagga-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm
i386: quagga-contrib-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm
x86_64: quagga-contrib-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2011-3323.html https://www.redhat.com/security/data/cve/CVE-2011-3324.html https://www.redhat.com/security/data/cve/CVE-2011-3325.html https://www.redhat.com/security/data/cve/CVE-2011-3326.html https://www.redhat.com/security/data/cve/CVE-2011-3327.html https://www.redhat.com/security/data/cve/CVE-2012-0249.html https://www.redhat.com/security/data/cve/CVE-2012-0250.html https://www.redhat.com/security/data/cve/CVE-2012-0255.html https://www.redhat.com/security/data/cve/CVE-2012-1820.html https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFQUOxMXlSAg2UNWIIRAspnAKDCd5umtQIWFZYD8vyRPpCkAlgiwwCglw+g P4VSjxs4xRnVCtT/IOkBkKQ= =VtuC -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce.
This security update upgrades the quagga package to the most recent upstream release. This release includes other corrections, such as hardening against unknown BGP path attributes.
For the stable distribution (squeeze), these problems have been fixed in version 0.99.20.1-0+squeeze1.
For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 0.99.20.1-1
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201204-0162",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.96.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.96.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.95"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.96"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.96.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.96.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.97.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.97.0"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.97.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.96.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.10"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.9"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.0"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.14"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.7"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.19"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.15"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.13"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.8"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.6"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.6"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.12"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.11"
},
{
"model": "quagga",
"scope": "lte",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.20"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.17"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.18"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.16"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "quagga",
"version": null
},
{
"model": "quagga",
"scope": "lt",
"trust": 0.8,
"vendor": "quagga",
"version": "0.99.20.1"
},
{
"model": "seil/b1",
"scope": "eq",
"trust": 0.8,
"vendor": "internet initiative",
"version": "3.70"
},
{
"model": "seil/x1",
"scope": "eq",
"trust": 0.8,
"vendor": "internet initiative",
"version": "3.70"
},
{
"model": "seil/x2",
"scope": "eq",
"trust": 0.8,
"vendor": "internet initiative",
"version": "3.70"
},
{
"model": "seil/x86",
"scope": "eq",
"trust": 0.8,
"vendor": "internet initiative",
"version": "2.20 to 2.31"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.10"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.10"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.19"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.17"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.16"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.15"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.11"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.9"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.8"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.7"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.6"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.5"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.4"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.3"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.2"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.1"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.6"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.5"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.3"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.97.3"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.4"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.3"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.2"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5"
},
{
"model": "firewall enterprise 8.2.1p03",
"scope": null,
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "firewall enterprise 7.0.1.03h04",
"scope": null,
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "routing software suite",
"scope": "ne",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.20.1"
},
{
"model": "firewall enterprise 8.2.1p04",
"scope": "ne",
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "firewall enterprise 7.0.1.05.h05",
"scope": "ne",
"trust": 0.3,
"vendor": "mcafee",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#551715"
},
{
"db": "BID",
"id": "52531"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002006"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-068"
},
{
"db": "NVD",
"id": "CVE-2012-0255"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "0.99.20",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.95:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-0255"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MU Dynamics.",
"sources": [
{
"db": "BID",
"id": "52531"
}
],
"trust": 0.3
},
"cve": "CVE-2012-0255",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2012-0255",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 1.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "ADJACENT NETWORK",
"authentication": "NONE",
"author": "CARNEGIE MELLON",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 6.1,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 4.8,
"exploitability": "PROOF-OF-CONCEPT",
"exploitabilityScore": 6.5,
"id": "VU#551715",
"impactScore": 6.9,
"integrityImpact": "NONE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "OFFICIAL FIX",
"reportConfidence": "CONFIRMED",
"severity": "MEDIUM",
"targetDistribution": "NOT DEFINED",
"trust": 0.8,
"userInterationRequired": null,
"vector_string": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-0255",
"trust": 1.8,
"value": "Medium"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#551715",
"trust": 0.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201204-068",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#551715"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002006"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-068"
},
{
"db": "NVD",
"id": "CVE-2012-0255"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The BGP implementation in bgpd in Quagga before 0.99.20.1 does not properly use message buffers for OPEN messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a message associated with a malformed Four-octet AS Number Capability (aka AS4 capability). Quagga, a routing software suite, contains multiple vulnerabilities that result in a denial-of-service condition. Quagga is prone to multiple remote security vulnerabilities including:\n1. A denial-of-service vulnerability\n2. Multiple buffer-overflow vulnerabilities\nAn attackers can exploit these issues to execute arbitrary code in the context of the application or cause denial-of-service conditions. \nQuagga versions prior to 0.99.20.1 are vulnerable. ============================================================================\nUbuntu Security Notice USN-1441-1\nMay 15, 2012\n\nquagga vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 12.04 LTS\n- Ubuntu 11.10\n- Ubuntu 11.04\n- Ubuntu 10.04 LTS\n\nSummary:\n\nQuagga could be made to crash if it received specially crafted network\ntraffic. (CVE-2012-0249,\nCVE-2012-0250)\n\nIt was discovered that Quagga incorrectly handled messages with a malformed\nFour-octet AS Number Capability. After a standard system update you need to restart Quagga to make\nall the necessary changes. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nDebian update for quagga\n\nSECUNIA ADVISORY ID:\nSA48949\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/48949/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48949\n\nRELEASE DATE:\n2012-04-26\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/48949/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/48949/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48949\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nDebian has issued an update for quagga. This fixes multiple\nvulnerabilities, which can be exploited by malicious people to cause\na DoS (Denial of Service). \n\nFor more information:\nSA48388\n\nSOLUTION:\nApply updated packages via the apt-get package manager. \n\nORIGINAL ADVISORY:\nDSA-2459-1:\nhttp://lists.debian.org/debian-security-announce/2012/msg00092.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201310-08\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Quagga: Multiple vulnerabilities\n Date: October 10, 2013\n Bugs: #408507, #475706\n ID: 201310-08\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Quagga, the worst of which\ncould lead to arbitrary code execution. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Quagga users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/quagga-0.99.22.4\"\n\nReferences\n==========\n\n[ 1 ] CVE-2012-0249\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0249\n[ 2 ] CVE-2012-0250\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0250\n[ 3 ] CVE-2012-0255\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0255\n[ 4 ] CVE-2012-1820\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1820\n[ 5 ] CVE-2013-2236\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2236\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201310-08.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2013 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: quagga security update\nAdvisory ID: RHSA-2012:1259-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2012-1259.html\nIssue date: 2012-09-12\nCVE Names: CVE-2011-3323 CVE-2011-3324 CVE-2011-3325 \n CVE-2011-3326 CVE-2011-3327 CVE-2012-0249 \n CVE-2012-0250 CVE-2012-0255 CVE-2012-1820 \n=====================================================================\n\n1. Summary:\n\nUpdated quagga packages that fix multiple security issues are now available\nfor Red Hat Enterprise Linux 6. \n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. The Quagga bgpd daemon\nimplements the BGP (Border Gateway Protocol) routing protocol. The Quagga\nospfd and ospf6d daemons implement the OSPF (Open Shortest Path First)\nrouting protocol. \n\nA heap-based buffer overflow flaw was found in the way the bgpd daemon\nprocessed malformed Extended Communities path attributes. An attacker could\nsend a specially-crafted BGP message, causing bgpd on a target system to\ncrash or, possibly, execute arbitrary code with the privileges of the user\nrunning bgpd. The UPDATE message would have to arrive from an explicitly\nconfigured BGP peer, but could have originated elsewhere in the BGP\nnetwork. (CVE-2011-3327)\n\nA stack-based buffer overflow flaw was found in the way the ospf6d daemon\nprocessed malformed Link State Update packets. An OSPF router could use\nthis flaw to crash ospf6d on an adjacent router. (CVE-2011-3323)\n\nA flaw was found in the way the ospf6d daemon processed malformed link\nstate advertisements. An OSPF neighbor could use this flaw to crash\nospf6d on a target system. (CVE-2011-3324)\n\nA flaw was found in the way the ospfd daemon processed malformed Hello\npackets. An OSPF neighbor could use this flaw to crash ospfd on a\ntarget system. (CVE-2011-3325)\n\nA flaw was found in the way the ospfd daemon processed malformed link state\nadvertisements. An OSPF router in the autonomous system could use this flaw\nto crash ospfd on a target system. (CVE-2011-3326)\n\nAn assertion failure was found in the way the ospfd daemon processed\ncertain Link State Update packets. An OSPF router could use this flaw to\ncause ospfd on an adjacent router to abort. (CVE-2012-0249)\n\nA buffer overflow flaw was found in the way the ospfd daemon processed\ncertain Link State Update packets. An OSPF router could use this flaw to\ncrash ospfd on an adjacent router. (CVE-2012-0250)\n\nTwo flaws were found in the way the bgpd daemon processed certain BGP OPEN\nmessages. A configured BGP peer could cause bgpd on a target system to\nabort via a specially-crafted BGP OPEN message. (CVE-2012-0255,\nCVE-2012-1820)\n\nRed Hat would like to thank CERT-FI for reporting CVE-2011-3327,\nCVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326; and the\nCERT/CC for reporting CVE-2012-0249, CVE-2012-0250, CVE-2012-0255, and\nCVE-2012-1820. CERT-FI acknowledges Riku Hietam\u00e4ki, Tuomo Untinen and Jukka\nTaimisto of the Codenomicon CROSS project as the original reporters of\nCVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and\nCVE-2011-3326. The CERT/CC acknowledges Martin Winter at\nOpenSourceRouting.org as the original reporter of CVE-2012-0249,\nCVE-2012-0250, and CVE-2012-0255, and Denis Ovsienko as the original\nreporter of CVE-2012-1820. \n\nUsers of quagga should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, the bgpd, ospfd, and ospf6d daemons will be restarted\nautomatically. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm\n\ni386:\nquagga-0.99.15-7.el6_3.2.i686.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm\n\nppc64:\nquagga-0.99.15-7.el6_3.2.ppc64.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.ppc64.rpm\n\ns390x:\nquagga-0.99.15-7.el6_3.2.s390x.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.s390x.rpm\n\nx86_64:\nquagga-0.99.15-7.el6_3.2.x86_64.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm\n\ni386:\nquagga-contrib-0.99.15-7.el6_3.2.i686.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm\nquagga-devel-0.99.15-7.el6_3.2.i686.rpm\n\nppc64:\nquagga-contrib-0.99.15-7.el6_3.2.ppc64.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.ppc.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.ppc64.rpm\nquagga-devel-0.99.15-7.el6_3.2.ppc.rpm\nquagga-devel-0.99.15-7.el6_3.2.ppc64.rpm\n\ns390x:\nquagga-contrib-0.99.15-7.el6_3.2.s390x.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.s390.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.s390x.rpm\nquagga-devel-0.99.15-7.el6_3.2.s390.rpm\nquagga-devel-0.99.15-7.el6_3.2.s390x.rpm\n\nx86_64:\nquagga-contrib-0.99.15-7.el6_3.2.x86_64.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm\nquagga-devel-0.99.15-7.el6_3.2.i686.rpm\nquagga-devel-0.99.15-7.el6_3.2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm\n\ni386:\nquagga-0.99.15-7.el6_3.2.i686.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm\n\nx86_64:\nquagga-0.99.15-7.el6_3.2.x86_64.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm\n\ni386:\nquagga-contrib-0.99.15-7.el6_3.2.i686.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm\nquagga-devel-0.99.15-7.el6_3.2.i686.rpm\n\nx86_64:\nquagga-contrib-0.99.15-7.el6_3.2.x86_64.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm\nquagga-devel-0.99.15-7.el6_3.2.i686.rpm\nquagga-devel-0.99.15-7.el6_3.2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-3323.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3324.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3325.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3326.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3327.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0249.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0250.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0255.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-1820.html\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2012 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFQUOxMXlSAg2UNWIIRAspnAKDCd5umtQIWFZYD8vyRPpCkAlgiwwCglw+g\nP4VSjxs4xRnVCtT/IOkBkKQ=\n=VtuC\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce. \n\nThis security update upgrades the quagga package to the most recent\nupstream release. This release includes other corrections, such as\nhardening against unknown BGP path attributes. \n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 0.99.20.1-0+squeeze1. \n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 0.99.20.1-1",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-0255"
},
{
"db": "CERT/CC",
"id": "VU#551715"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002006"
},
{
"db": "BID",
"id": "52531"
},
{
"db": "PACKETSTORM",
"id": "112732"
},
{
"db": "PACKETSTORM",
"id": "112206"
},
{
"db": "PACKETSTORM",
"id": "123565"
},
{
"db": "PACKETSTORM",
"id": "116469"
},
{
"db": "PACKETSTORM",
"id": "112209"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#551715",
"trust": 3.2
},
{
"db": "NVD",
"id": "CVE-2012-0255",
"trust": 3.1
},
{
"db": "SECUNIA",
"id": "48949",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002006",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "20679",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "20685",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201204-068",
"trust": 0.6
},
{
"db": "BID",
"id": "52531",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "112732",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "112206",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "123565",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "116469",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "112209",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#551715"
},
{
"db": "BID",
"id": "52531"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002006"
},
{
"db": "PACKETSTORM",
"id": "112732"
},
{
"db": "PACKETSTORM",
"id": "112206"
},
{
"db": "PACKETSTORM",
"id": "123565"
},
{
"db": "PACKETSTORM",
"id": "116469"
},
{
"db": "PACKETSTORM",
"id": "112209"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-068"
},
{
"db": "NVD",
"id": "CVE-2012-0255"
}
]
},
"id": "VAR-201204-0162",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.1590909
},
"last_update_date": "2022-05-04T07:19:31.075000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FEDORA-2012-5436",
"trust": 0.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-april/078926.html"
},
{
"title": "FEDORA-2012-5411",
"trust": 0.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-april/078910.html"
},
{
"title": "FEDORA-2012-5352",
"trust": 0.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-april/078794.html"
},
{
"title": "Quagga Routing Suite",
"trust": 0.8,
"url": "http://www.nongnu.org/quagga/"
},
{
"title": "RHSA-2012:1259",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2012-1259.html"
},
{
"title": "Multiple Vulnerabilities in Quagga",
"trust": 0.8,
"url": "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_quagga"
},
{
"title": "\u507d\u88c5\u3055\u308c\u305fBGP\u30d1\u30b1\u30c3\u30c8\u306b\u5bfe\u3059\u308b\u53d7\u4fe1\u51e6\u7406\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "http://www.seil.jp/support/security/a01220.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002006"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002006"
},
{
"db": "NVD",
"id": "CVE-2012-0255"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.kb.cert.org/vuls/id/551715"
},
{
"trust": 1.4,
"url": "http://rhn.redhat.com/errata/rhsa-2012-1259.html"
},
{
"trust": 1.1,
"url": "http://www.nongnu.org/quagga/"
},
{
"trust": 1.0,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-april/078794.html"
},
{
"trust": 1.0,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-april/078926.html"
},
{
"trust": 1.0,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-april/078910.html"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/48949"
},
{
"trust": 1.0,
"url": "http://www.debian.org/security/2012/dsa-2459"
},
{
"trust": 0.8,
"url": "https://bugzilla.quagga.net/show_bug.cgi?id=705"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0255"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu551715/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0255"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/20685"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/20679"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0250"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0255"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0249"
},
{
"trust": 0.3,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=kb76173"
},
{
"trust": 0.3,
"url": "http://savannah.nongnu.org/forum/forum.php?forum_id=7151"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2012-1258.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1820"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/quagga/0.99.20.1-0ubuntu0.10.04.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/quagga/0.99.20.1-0ubuntu0.11.04.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/quagga/0.99.20.1-0ubuntu0.11.10.2"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-1441-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/quagga/0.99.20.1-0ubuntu0.12.04.2"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48949"
},
{
"trust": 0.1,
"url": "http://lists.debian.org/debian-security-announce/2012/msg00092.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/psi_30_beta_launch"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48949/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48949/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1820"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201310-08.xml"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2236"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2236"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0249"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0250"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0255"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3323.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3325.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3323"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3324.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3326"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3325"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0255.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-1820.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3324"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3327"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0249.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0250.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/knowledge/articles/11258"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3326.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3327.html"
},
{
"trust": 0.1,
"url": "http://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#551715"
},
{
"db": "BID",
"id": "52531"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002006"
},
{
"db": "PACKETSTORM",
"id": "112732"
},
{
"db": "PACKETSTORM",
"id": "112206"
},
{
"db": "PACKETSTORM",
"id": "123565"
},
{
"db": "PACKETSTORM",
"id": "116469"
},
{
"db": "PACKETSTORM",
"id": "112209"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-068"
},
{
"db": "NVD",
"id": "CVE-2012-0255"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#551715"
},
{
"db": "BID",
"id": "52531"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002006"
},
{
"db": "PACKETSTORM",
"id": "112732"
},
{
"db": "PACKETSTORM",
"id": "112206"
},
{
"db": "PACKETSTORM",
"id": "123565"
},
{
"db": "PACKETSTORM",
"id": "116469"
},
{
"db": "PACKETSTORM",
"id": "112209"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-068"
},
{
"db": "NVD",
"id": "CVE-2012-0255"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-03-23T00:00:00",
"db": "CERT/CC",
"id": "VU#551715"
},
{
"date": "2012-03-16T00:00:00",
"db": "BID",
"id": "52531"
},
{
"date": "2012-04-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002006"
},
{
"date": "2012-05-15T21:57:44",
"db": "PACKETSTORM",
"id": "112732"
},
{
"date": "2012-04-26T01:55:38",
"db": "PACKETSTORM",
"id": "112206"
},
{
"date": "2013-10-10T12:14:00",
"db": "PACKETSTORM",
"id": "123565"
},
{
"date": "2012-09-12T23:06:22",
"db": "PACKETSTORM",
"id": "116469"
},
{
"date": "2012-04-26T21:55:46",
"db": "PACKETSTORM",
"id": "112209"
},
{
"date": "2010-04-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201204-068"
},
{
"date": "2012-04-05T13:25:00",
"db": "NVD",
"id": "CVE-2012-0255"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-03-28T00:00:00",
"db": "CERT/CC",
"id": "VU#551715"
},
{
"date": "2015-04-13T21:16:00",
"db": "BID",
"id": "52531"
},
{
"date": "2012-11-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002006"
},
{
"date": "2012-04-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201204-068"
},
{
"date": "2018-01-18T02:29:00",
"db": "NVD",
"id": "CVE-2012-0255"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "112732"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-068"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Quagga contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#551715"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201204-068"
}
],
"trust": 0.6
}
}
var-200312-0227
Vulnerability from variot
The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference. GNU Zebra A password is set, and zebra If the connection to the module's management port is valid: telnet Sending an undefined code that does not exist as an option when connecting will cause a segmentation violation, zebra A vulnerability exists that causes the daemon to crash.zebra Daemon interferes with service operation (DoS) It may be in a state. It has been reported that Zebra, as well as Quagga, may be vulnerable to a remote denial of service vulnerability that may allow an attacker to cause the software to crash or hang. The issue is reported to occur if an attacker attempts to connect to the Zebra telnet management port while a password is enabled. The program will crash when attempting to dereference an invalid, possibly NULL, pointer. All versions of GNU Zebra are said to be vulnerable to this issue. All versions of Quagga prior to 0.96.4 are also vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200312-0227",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.96"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.95"
},
{
"model": "propack",
"scope": "eq",
"trust": 1.3,
"vendor": "sgi",
"version": "2.3"
},
{
"model": "propack",
"scope": "eq",
"trust": 1.3,
"vendor": "sgi",
"version": "2.2.1"
},
{
"model": "zebra",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "0.92a"
},
{
"model": "zebra",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "0.91a"
},
{
"model": "quagga",
"scope": "lte",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.1"
},
{
"model": "zebra",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "0.93a"
},
{
"model": "zebra",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "0.93b"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.3"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "8.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "9"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.6,
"vendor": "quagga",
"version": "0.96.3"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.3"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.2"
},
{
"model": "zebra b",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "0.93"
},
{
"model": "zebra a",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "0.93"
},
{
"model": "zebra a",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "0.92"
},
{
"model": "zebra a",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "0.91"
},
{
"model": "routing software suite",
"scope": "ne",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.4"
}
],
"sources": [
{
"db": "BID",
"id": "9029"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000343"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-062"
},
{
"db": "NVD",
"id": "CVE-2003-0795"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:gnu:zebra:0.92a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:zebra:0.93a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "0.96.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.95:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sgi:propack:2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:zebra:0.93b:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sgi:propack:2.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:zebra:0.91a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0795"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat Security Advisory",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200312-062"
}
],
"trust": 0.6
},
"cve": "CVE-2003-0795",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2003-0795",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 1.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2003-0795",
"trust": 1.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200312-062",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2003-000343"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-062"
},
{
"db": "NVD",
"id": "CVE-2003-0795"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference. GNU Zebra A password is set, and zebra If the connection to the module\u0027s management port is valid: telnet Sending an undefined code that does not exist as an option when connecting will cause a segmentation violation, zebra A vulnerability exists that causes the daemon to crash.zebra Daemon interferes with service operation (DoS) It may be in a state. It has been reported that Zebra, as well as Quagga, may be vulnerable to a remote denial of service vulnerability that may allow an attacker to cause the software to crash or hang. The issue is reported to occur if an attacker attempts to connect to the Zebra telnet management port while a password is enabled. The program will crash when attempting to dereference an invalid, possibly NULL, pointer. \nAll versions of GNU Zebra are said to be vulnerable to this issue. All versions of Quagga prior to 0.96.4 are also vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0795"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000343"
},
{
"db": "BID",
"id": "9029"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2003-0795",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "10563",
"trust": 1.6
},
{
"db": "BID",
"id": "9029",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000343",
"trust": 0.8
},
{
"db": "REDHAT",
"id": "RHSA-2003:305",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2003:307",
"trust": 0.6
},
{
"db": "DEBIAN",
"id": "DSA-415",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20031114 QUAGGA REMOTE VULNERABILITY",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200312-062",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "9029"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000343"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-062"
},
{
"db": "NVD",
"id": "CVE-2003-0795"
}
]
},
"id": "VAR-200312-0227",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.1590909
},
"last_update_date": "2022-05-04T09:27:10.240000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "RHSA-2003:307",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2003-307.html"
},
{
"title": "RHSA-2003:307",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2003-307j.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2003-000343"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0795"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://www.redhat.com/support/errata/rhsa-2003-307.html"
},
{
"trust": 1.6,
"url": "http://www.redhat.com/support/errata/rhsa-2003-305.html"
},
{
"trust": 1.6,
"url": "http://www.debian.org/security/2004/dsa-415"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/10563"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=106883387304266\u0026w=2"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0795"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0795"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/9029"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=106883387304266\u0026w=2"
},
{
"trust": 0.3,
"url": "http://distro.conectiva.com.br/atualizacoes/index.php?id=a\u0026anuncio=000789"
},
{
"trust": 0.3,
"url": "http://archives.neohapsis.com/archives/vendor/2004-q1/0011.html"
},
{
"trust": 0.3,
"url": "http://www.quagga.net/"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2003-305.html"
},
{
"trust": 0.3,
"url": "/archive/1/344491"
}
],
"sources": [
{
"db": "BID",
"id": "9029"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000343"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-062"
},
{
"db": "NVD",
"id": "CVE-2003-0795"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "9029"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000343"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-062"
},
{
"db": "NVD",
"id": "CVE-2003-0795"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-11-12T00:00:00",
"db": "BID",
"id": "9029"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2003-000343"
},
{
"date": "2003-11-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200312-062"
},
{
"date": "2003-12-15T05:00:00",
"db": "NVD",
"id": "CVE-2003-0795"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-07-12T00:56:00",
"db": "BID",
"id": "9029"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2003-000343"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200312-062"
},
{
"date": "2016-10-18T02:37:00",
"db": "NVD",
"id": "CVE-2003-0795"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200312-062"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GNU Zebra Undefined in Telnet Service operation disruption due to connection options (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2003-000343"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200312-062"
}
],
"trust": 0.6
}
}
var-201009-0230
Vulnerability from variot
bgpd in Quagga before 0.99.17 does not properly parse AS paths, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unknown AS type in an AS path attribute in a BGP UPDATE message. Quagga is a routing software suite that implements multiple routing protocols on Unix platforms. Quagga's bgpd daemon has a null pointer reference vulnerability when parsing the AS path. The configured BGP peer can send a BGP update request with an unknown AS type causing the daemon to crash. Quagga is prone to a remote denial-of-service vulnerability caused by a NULL-pointer dereference in the Border Gateway Protocol daemon (bgpd). Versions prior to Quagga 0.99.17 are vulnerable. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201202-02
http://security.gentoo.org/
Severity: High Title: Quagga: Multiple vulnerabilities Date: February 21, 2012 Bugs: #334303, #359903, #384651 ID: 201202-02
Synopsis
Multiple vulnerabilities were found in Quagga, the worst of which leading to remote execution of arbitrary code.
Background
Quagga is a free routing daemon replacing Zebra supporting RIP, OSPF and BGP.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/quagga < 0.99.20 >= 0.99.20
Description
Multiple vulnerabilities have been discovered in Quagga. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All Quagga users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/quagga-0.99.20 "
References
[ 1 ] CVE-2010-1674 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1674 [ 2 ] CVE-2010-1675 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1675 [ 3 ] CVE-2010-2948 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2948 [ 4 ] CVE-2010-2949 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2949 [ 5 ] CVE-2011-3323 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3323 [ 6 ] CVE-2011-3324 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3324 [ 7 ] CVE-2011-3325 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3325 [ 8 ] CVE-2011-3326 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3326 [ 9 ] CVE-2011-3327 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3327
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201202-02.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Debian Security Advisory DSA-2104-1 security@debian.org http://www.debian.org/security/ Florian Weimer September 06, 2010 http://www.debian.org/security/faq
Package : quagga Vulnerability : several Problem type : remote Debian-specific: no CVE Id(s) : CVE-2010-2948 CVE-2010-2949 Debian Bug : 594262
Several remote vulnerabilities have been discovered in the BGP implementation of Quagga, a routing daemon. In some configurations, such crafted AS paths could be relayed by intermediate BGP routers.
In addition, this update contains a reliability fix: Quagga will no longer advertise confederation-related AS paths to non-confederation peers, and reject unexpected confederation-related AS paths by resetting the session with the BGP peer which is advertising them. (Previously, such AS paths would trigger resets of unrelated BGP sessions.)
For the stable distribution (lenny), these problems have been fixed in version 0.99.10-1lenny3.
For the unstable distribution (sid) and the testing distribution (squeeze), these problems have been fixed in version 0.99.17-1.
We recommend that you upgrade your quagga package.
Upgrade instructions
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given below:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
Source archives:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10.orig.tar.gz Size/MD5 checksum: 2424191 c7a2d92e1c42214afef9b2e1cd4b5d06 http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3.diff.gz Size/MD5 checksum: 42826 100dbb936b3b0f0d4fb4947bf384d369 http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3.dsc Size/MD5 checksum: 1651 f5b9c26538e9d32008ad0256fe4ad0ed
Architecture independent packages:
http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.99.10-1lenny3_all.deb Size/MD5 checksum: 661354 f843c6f765a48f7e071a52d3c7834d2f
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_alpha.deb Size/MD5 checksum: 1902990 0f85c30d5f719f9c104f5a8977a5d1a0
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_amd64.deb Size/MD5 checksum: 1749952 89a53689c4daf3f0695ea2c21aa93254
arm architecture (ARM)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_arm.deb Size/MD5 checksum: 1449792 3c53e06e4d27ef8cf391533824668b19
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_armel.deb Size/MD5 checksum: 1457202 e52ae364e20ff137c5e0e5f75bfc1ec1
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_hppa.deb Size/MD5 checksum: 1683924 c8172ed22b010569949977f407c282b6
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_i386.deb Size/MD5 checksum: 1608678 e7b5fbd36e4466cdecaca46f1f96642b
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_ia64.deb Size/MD5 checksum: 2256144 75ebe4e12a3e22ef79e5e3dab2d457bf
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_mips.deb Size/MD5 checksum: 1605990 f33ef3d9b31f0da900aba6a20bdd188d
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_mipsel.deb Size/MD5 checksum: 1601240 68ff751ff9c022cc06db8d0d66895a6e
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_powerpc.deb Size/MD5 checksum: 1717802 931505a31bdcc1a7732a9a2e9f295a01
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_s390.deb Size/MD5 checksum: 1794990 7d52667f3f37553256e87b77450dc309
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_sparc.deb Size/MD5 checksum: 1671232 3706818c39b51bb45c58a0cf8fdba202
These files will probably be moved into the stable distribution on its next update.
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show
iQEcBAEBAgAGBQJMhUEPAAoJEL97/wQC1SS+dwMH/2tsjv3eQBHu3jvm+jMB7Dr1 6uRIi/1/DgaaRmVSD41quWSYoww374pkwZ5xjUVZqOQY1N6Y34avnwjN7FsSg8no H0Os4uioep8/IKzhse0EyeDZcmm2j8E41j3UZ+aANqWOssGa0MNddj846K3NDw2j dRuKUUy4JK8iRSwBLUaXqydAPI2ZjdXVH0Yy/3l51f2Aerm7N565f1ifUh38C6Y0 IR5BdiA1C6jzV+826VrZaj10cKAPg/Qm31mrNiZMBcVpi2sBJ+zQ8P/G3j7CpEdr sITi5UiULGAp+3cGvtPzZDtBxfkLLpVIpNgRPiSHhA+PTjG60HHvPK43OZkPdSY= =HP/T -----END PGP SIGNATURE----- .
Updated packages are available that bring Quagga to version 0.99.17 which provides numerous bugfixes over the previous 0.99.12 version, and also corrects these issues.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2948 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2949
Updated Packages:
Corporate 4.0: 982061c8bac57d5878a2dbd9747234f4 corporate/4.0/i586/libquagga0-0.99.17-0.1.20060mlcs4.i586.rpm 53b1e909e046539dcfd55f9b1f62e7ea corporate/4.0/i586/libquagga0-devel-0.99.17-0.1.20060mlcs4.i586.rpm 796ef3f10f793f6546ce6a0525082fa5 corporate/4.0/i586/quagga-0.99.17-0.1.20060mlcs4.i586.rpm 423c4032225687b252ddb3887db1f226 corporate/4.0/i586/quagga-contrib-0.99.17-0.1.20060mlcs4.i586.rpm 9f63365fc185a7bdf930a80cb6615c7d corporate/4.0/SRPMS/quagga-0.99.17-0.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64: 9b36814efd0751aa81e38baec0d2bae6 corporate/4.0/x86_64/lib64quagga0-0.99.17-0.1.20060mlcs4.x86_64.rpm 64ab6ba845a97236ffd2898e0aef892d corporate/4.0/x86_64/lib64quagga0-devel-0.99.17-0.1.20060mlcs4.x86_64.rpm 7d259ae75e30e1d172e340cc232d1ff2 corporate/4.0/x86_64/quagga-0.99.17-0.1.20060mlcs4.x86_64.rpm 2f3390db2bae0e0d505ec759e0a15232 corporate/4.0/x86_64/quagga-contrib-0.99.17-0.1.20060mlcs4.x86_64.rpm 9f63365fc185a7bdf930a80cb6615c7d corporate/4.0/SRPMS/quagga-0.99.17-0.1.20060mlcs4.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFMi592mqjQ0CJFipgRAoHFAJ0XDJVqB+SJmOHZ0hrPlMgjTMYeNgCgwxRw AMo+uyGwHeG+uyLmOzKKMOs= =ahfH -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . =========================================================== Ubuntu Security Notice USN-1027-1 December 07, 2010 quagga vulnerabilities CVE-2010-2948, CVE-2010-2949 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 9.10 Ubuntu 10.04 LTS
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 6.06 LTS: quagga 0.99.2-1ubuntu3.7
Ubuntu 8.04 LTS: quagga 0.99.9-2ubuntu1.4
Ubuntu 9.10: quagga 0.99.13-1ubuntu0.1
Ubuntu 10.04 LTS: quagga 0.99.15-1ubuntu0.1
In general, a standard system update will make all the necessary changes.
Details follow:
It was discovered that Quagga incorrectly handled certain Outbound Route Filtering (ORF) records. The default compiler options for Ubuntu 8.04 LTS and later should reduce the vulnerability to a denial of service. (CVE-2010-2948)
It was discovered that Quagga incorrectly parsed certain AS paths
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201009-0230",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.7"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.10"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.9"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.11"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.6"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.8"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.5"
},
{
"model": "quagga",
"scope": "lte",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.16"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.12"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.13"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.14"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.0"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.15"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.0"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.6"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.95"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.2"
},
{
"model": "quagga",
"scope": "lt",
"trust": 0.8,
"vendor": "quagga",
"version": "0.99.17"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "routing software suite",
"scope": "lt",
"trust": 0.6,
"vendor": "quagga",
"version": "0.99.17"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux enterprise server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11.3"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.2"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.1"
},
{
"model": "hat enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "hat enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "hat enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.16"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.15"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "routing software suite",
"scope": "ne",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.17"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1779"
},
{
"db": "BID",
"id": "42642"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002551"
},
{
"db": "CNNVD",
"id": "CNNVD-201009-094"
},
{
"db": "NVD",
"id": "CVE-2010-2949"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.95:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "0.99.16",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2010-2949"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Chris Hall",
"sources": [
{
"db": "BID",
"id": "42642"
},
{
"db": "CNNVD",
"id": "CNNVD-201009-094"
}
],
"trust": 0.9
},
"cve": "CVE-2010-2949",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2010-2949",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2010-2949",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201009-094",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-002551"
},
{
"db": "CNNVD",
"id": "CNNVD-201009-094"
},
{
"db": "NVD",
"id": "CVE-2010-2949"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "bgpd in Quagga before 0.99.17 does not properly parse AS paths, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unknown AS type in an AS path attribute in a BGP UPDATE message. Quagga is a routing software suite that implements multiple routing protocols on Unix platforms. Quagga\u0027s bgpd daemon has a null pointer reference vulnerability when parsing the AS path. The configured BGP peer can send a BGP update request with an unknown AS type causing the daemon to crash. Quagga is prone to a remote denial-of-service vulnerability caused by a NULL-pointer dereference in the Border Gateway Protocol daemon (bgpd). \nVersions prior to Quagga 0.99.17 are vulnerable. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201202-02\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Quagga: Multiple vulnerabilities\n Date: February 21, 2012\n Bugs: #334303, #359903, #384651\n ID: 201202-02\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities were found in Quagga, the worst of which\nleading to remote execution of arbitrary code. \n\nBackground\n==========\n\nQuagga is a free routing daemon replacing Zebra supporting RIP, OSPF\nand BGP. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/quagga \u003c 0.99.20 \u003e= 0.99.20\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Quagga. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Quagga users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/quagga-0.99.20 \"\n\nReferences\n==========\n\n[ 1 ] CVE-2010-1674\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1674\n[ 2 ] CVE-2010-1675\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1675\n[ 3 ] CVE-2010-2948\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2948\n[ 4 ] CVE-2010-2949\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2949\n[ 5 ] CVE-2011-3323\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3323\n[ 6 ] CVE-2011-3324\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3324\n[ 7 ] CVE-2011-3325\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3325\n[ 8 ] CVE-2011-3326\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3326\n[ 9 ] CVE-2011-3327\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3327\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201202-02.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\nDebian Security Advisory DSA-2104-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nSeptember 06, 2010 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : quagga\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2010-2948 CVE-2010-2949\nDebian Bug : 594262\n\nSeveral remote vulnerabilities have been discovered in the BGP\nimplementation of Quagga, a routing daemon. In some configurations, such crafted AS paths could\n\tbe relayed by intermediate BGP routers. \n\nIn addition, this update contains a reliability fix: Quagga will no\nlonger advertise confederation-related AS paths to non-confederation\npeers, and reject unexpected confederation-related AS paths by\nresetting the session with the BGP peer which is advertising them. \n(Previously, such AS paths would trigger resets of unrelated BGP\nsessions.)\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 0.99.10-1lenny3. \n\nFor the unstable distribution (sid) and the testing distribution\n(squeeze), these problems have been fixed in version 0.99.17-1. \n\nWe recommend that you upgrade your quagga package. \n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file. \n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration. \n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10.orig.tar.gz\n Size/MD5 checksum: 2424191 c7a2d92e1c42214afef9b2e1cd4b5d06\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3.diff.gz\n Size/MD5 checksum: 42826 100dbb936b3b0f0d4fb4947bf384d369\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3.dsc\n Size/MD5 checksum: 1651 f5b9c26538e9d32008ad0256fe4ad0ed\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.99.10-1lenny3_all.deb\n Size/MD5 checksum: 661354 f843c6f765a48f7e071a52d3c7834d2f\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_alpha.deb\n Size/MD5 checksum: 1902990 0f85c30d5f719f9c104f5a8977a5d1a0\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_amd64.deb\n Size/MD5 checksum: 1749952 89a53689c4daf3f0695ea2c21aa93254\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_arm.deb\n Size/MD5 checksum: 1449792 3c53e06e4d27ef8cf391533824668b19\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_armel.deb\n Size/MD5 checksum: 1457202 e52ae364e20ff137c5e0e5f75bfc1ec1\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_hppa.deb\n Size/MD5 checksum: 1683924 c8172ed22b010569949977f407c282b6\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_i386.deb\n Size/MD5 checksum: 1608678 e7b5fbd36e4466cdecaca46f1f96642b\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_ia64.deb\n Size/MD5 checksum: 2256144 75ebe4e12a3e22ef79e5e3dab2d457bf\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_mips.deb\n Size/MD5 checksum: 1605990 f33ef3d9b31f0da900aba6a20bdd188d\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_mipsel.deb\n Size/MD5 checksum: 1601240 68ff751ff9c022cc06db8d0d66895a6e\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_powerpc.deb\n Size/MD5 checksum: 1717802 931505a31bdcc1a7732a9a2e9f295a01\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_s390.deb\n Size/MD5 checksum: 1794990 7d52667f3f37553256e87b77450dc309\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_sparc.deb\n Size/MD5 checksum: 1671232 3706818c39b51bb45c58a0cf8fdba202\n\n\n These files will probably be moved into the stable distribution on\n its next update. \n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show \u003cpkg\u003e\u0027 and http://packages.debian.org/\u003cpkg\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niQEcBAEBAgAGBQJMhUEPAAoJEL97/wQC1SS+dwMH/2tsjv3eQBHu3jvm+jMB7Dr1\n6uRIi/1/DgaaRmVSD41quWSYoww374pkwZ5xjUVZqOQY1N6Y34avnwjN7FsSg8no\nH0Os4uioep8/IKzhse0EyeDZcmm2j8E41j3UZ+aANqWOssGa0MNddj846K3NDw2j\ndRuKUUy4JK8iRSwBLUaXqydAPI2ZjdXVH0Yy/3l51f2Aerm7N565f1ifUh38C6Y0\nIR5BdiA1C6jzV+826VrZaj10cKAPg/Qm31mrNiZMBcVpi2sBJ+zQ8P/G3j7CpEdr\nsITi5UiULGAp+3cGvtPzZDtBxfkLLpVIpNgRPiSHhA+PTjG60HHvPK43OZkPdSY=\n=HP/T\n-----END PGP SIGNATURE-----\n. \n \n Updated packages are available that bring Quagga to version 0.99.17\n which provides numerous bugfixes over the previous 0.99.12 version,\n and also corrects these issues. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2948\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2949\n _______________________________________________________________________\n\n Updated Packages:\n\n Corporate 4.0:\n 982061c8bac57d5878a2dbd9747234f4 corporate/4.0/i586/libquagga0-0.99.17-0.1.20060mlcs4.i586.rpm\n 53b1e909e046539dcfd55f9b1f62e7ea corporate/4.0/i586/libquagga0-devel-0.99.17-0.1.20060mlcs4.i586.rpm\n 796ef3f10f793f6546ce6a0525082fa5 corporate/4.0/i586/quagga-0.99.17-0.1.20060mlcs4.i586.rpm\n 423c4032225687b252ddb3887db1f226 corporate/4.0/i586/quagga-contrib-0.99.17-0.1.20060mlcs4.i586.rpm \n 9f63365fc185a7bdf930a80cb6615c7d corporate/4.0/SRPMS/quagga-0.99.17-0.1.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n 9b36814efd0751aa81e38baec0d2bae6 corporate/4.0/x86_64/lib64quagga0-0.99.17-0.1.20060mlcs4.x86_64.rpm\n 64ab6ba845a97236ffd2898e0aef892d corporate/4.0/x86_64/lib64quagga0-devel-0.99.17-0.1.20060mlcs4.x86_64.rpm\n 7d259ae75e30e1d172e340cc232d1ff2 corporate/4.0/x86_64/quagga-0.99.17-0.1.20060mlcs4.x86_64.rpm\n 2f3390db2bae0e0d505ec759e0a15232 corporate/4.0/x86_64/quagga-contrib-0.99.17-0.1.20060mlcs4.x86_64.rpm \n 9f63365fc185a7bdf930a80cb6615c7d corporate/4.0/SRPMS/quagga-0.99.17-0.1.20060mlcs4.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFMi592mqjQ0CJFipgRAoHFAJ0XDJVqB+SJmOHZ0hrPlMgjTMYeNgCgwxRw\nAMo+uyGwHeG+uyLmOzKKMOs=\n=ahfH\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. ===========================================================\nUbuntu Security Notice USN-1027-1 December 07, 2010\nquagga vulnerabilities\nCVE-2010-2948, CVE-2010-2949\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 6.06 LTS\nUbuntu 8.04 LTS\nUbuntu 9.10\nUbuntu 10.04 LTS\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 6.06 LTS:\n quagga 0.99.2-1ubuntu3.7\n\nUbuntu 8.04 LTS:\n quagga 0.99.9-2ubuntu1.4\n\nUbuntu 9.10:\n quagga 0.99.13-1ubuntu0.1\n\nUbuntu 10.04 LTS:\n quagga 0.99.15-1ubuntu0.1\n\nIn general, a standard system update will make all the necessary changes. \n\nDetails follow:\n\nIt was discovered that Quagga incorrectly handled certain Outbound Route\nFiltering (ORF) records. \nThe default compiler options for Ubuntu 8.04 LTS and later should reduce\nthe vulnerability to a denial of service. (CVE-2010-2948)\n\nIt was discovered that Quagga incorrectly parsed certain AS paths",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-2949"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002551"
},
{
"db": "CNVD",
"id": "CNVD-2010-1779"
},
{
"db": "BID",
"id": "42642"
},
{
"db": "PACKETSTORM",
"id": "110033"
},
{
"db": "PACKETSTORM",
"id": "93585"
},
{
"db": "PACKETSTORM",
"id": "93746"
},
{
"db": "PACKETSTORM",
"id": "96482"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-2949",
"trust": 3.7
},
{
"db": "SECUNIA",
"id": "41038",
"trust": 3.0
},
{
"db": "BID",
"id": "42642",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "42446",
"trust": 2.4
},
{
"db": "VUPEN",
"id": "ADV-2010-3124",
"trust": 2.4
},
{
"db": "VUPEN",
"id": "ADV-2010-2304",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2010-3097",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "48106",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "42397",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "41238",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "42498",
"trust": 1.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2010/08/25/4",
"trust": 1.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2010/08/24/3",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002551",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2010-1779",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201009-094",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "110033",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "93585",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "93746",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "96482",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1779"
},
{
"db": "BID",
"id": "42642"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002551"
},
{
"db": "PACKETSTORM",
"id": "110033"
},
{
"db": "PACKETSTORM",
"id": "93585"
},
{
"db": "PACKETSTORM",
"id": "93746"
},
{
"db": "PACKETSTORM",
"id": "96482"
},
{
"db": "CNNVD",
"id": "CNNVD-201009-094"
},
{
"db": "NVD",
"id": "CVE-2010-2949"
}
]
},
"id": "VAR-201009-0230",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1779"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1779"
}
]
},
"last_update_date": "2024-07-23T22:12:06.629000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "bgpd: fix handling of AS path data",
"trust": 0.8,
"url": "http://code.quagga.net/?p=quagga.git;a=commit;h=cddb8112b80fa9867156c637d63e6e79eeac67bb"
},
{
"title": "Index of /releases/quagga",
"trust": 0.8,
"url": "http://download.savannah.gnu.org/releases/quagga/"
},
{
"title": "RHSA-2010:0945",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2010-0945.html"
},
{
"title": "Multiple Denial of Service vulnerabilities in Quagga",
"trust": 0.8,
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_denial_of_service_vulnerabilities4"
},
{
"title": "Quagga bgpd null pointer reference denial of service patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/919"
},
{
"title": "quagga-0.99.17.tar",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=34542"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1779"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002551"
},
{
"db": "CNNVD",
"id": "CNNVD-201009-094"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-002551"
},
{
"db": "NVD",
"id": "CVE-2010-2949"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://secunia.com/advisories/41038"
},
{
"trust": 2.4,
"url": "http://secunia.com/advisories/42446"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/42642"
},
{
"trust": 2.4,
"url": "http://www.vupen.com/english/advisories/2010/3124"
},
{
"trust": 1.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=626795"
},
{
"trust": 1.7,
"url": "http://security.gentoo.org/glsa/glsa-201202-02.xml"
},
{
"trust": 1.6,
"url": "http://www.debian.org/security/2010/dsa-2104"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/48106"
},
{
"trust": 1.6,
"url": "http://www.openwall.com/lists/oss-security/2010/08/25/4"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/42397"
},
{
"trust": 1.6,
"url": "http://www.vupen.com/english/advisories/2010/2304"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/42498"
},
{
"trust": 1.6,
"url": "http://code.quagga.net/?p=quagga.git%3ba=commit%3bh=cddb8112b80fa9867156c637d63e6e79eeac67bb"
},
{
"trust": 1.6,
"url": "http://www.vupen.com/english/advisories/2010/3097"
},
{
"trust": 1.6,
"url": "http://www.openwall.com/lists/oss-security/2010/08/24/3"
},
{
"trust": 1.6,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0945.html"
},
{
"trust": 1.6,
"url": "http://www.ubuntu.com/usn/usn-1027-1"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/41238"
},
{
"trust": 1.6,
"url": "http://www.quagga.net/news2.php?y=2010\u0026m=8\u0026d=19"
},
{
"trust": 1.6,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2010:174"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2949"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2949"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/41038/"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2948"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2949"
},
{
"trust": 0.3,
"url": "http://permalink.gmane.org/gmane.comp.security.oss.general/3347"
},
{
"trust": 0.3,
"url": "http://www.quagga.net/news2.php?y=2010\u0026m=8\u0026d=19#id1282241100"
},
{
"trust": 0.3,
"url": "http://www.quagga.net/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1674"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3323"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2949"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3326"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3325"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3325"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3324"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3324"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1675"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3327"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3326"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3327"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3323"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2948"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1675"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1674"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_s390.deb"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.99.10-1lenny3_all.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_mips.deb"
},
{
"trust": 0.1,
"url": "http://packages.debian.org/\u003cpkg\u003e"
},
{
"trust": 0.1,
"url": "http://security.debian.org/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2948"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.4_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.1.diff.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.13.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.13-1ubuntu0.1_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.7.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.7_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.7_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.9-2ubuntu1.4_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.7_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.1.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.15-1ubuntu0.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.1.diff.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.4.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.7.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.2-1ubuntu3.7_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.1_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.1.dsc"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.1_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.7_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.4_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.4.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.15.orig.tar.gz"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1779"
},
{
"db": "BID",
"id": "42642"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002551"
},
{
"db": "PACKETSTORM",
"id": "110033"
},
{
"db": "PACKETSTORM",
"id": "93585"
},
{
"db": "PACKETSTORM",
"id": "93746"
},
{
"db": "PACKETSTORM",
"id": "96482"
},
{
"db": "CNNVD",
"id": "CNNVD-201009-094"
},
{
"db": "NVD",
"id": "CVE-2010-2949"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2010-1779"
},
{
"db": "BID",
"id": "42642"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002551"
},
{
"db": "PACKETSTORM",
"id": "110033"
},
{
"db": "PACKETSTORM",
"id": "93585"
},
{
"db": "PACKETSTORM",
"id": "93746"
},
{
"db": "PACKETSTORM",
"id": "96482"
},
{
"db": "CNNVD",
"id": "CNNVD-201009-094"
},
{
"db": "NVD",
"id": "CVE-2010-2949"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-09-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-1779"
},
{
"date": "2010-08-24T00:00:00",
"db": "BID",
"id": "42642"
},
{
"date": "2010-12-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-002551"
},
{
"date": "2012-02-22T02:10:03",
"db": "PACKETSTORM",
"id": "110033"
},
{
"date": "2010-09-08T03:57:17",
"db": "PACKETSTORM",
"id": "93585"
},
{
"date": "2010-09-11T19:28:36",
"db": "PACKETSTORM",
"id": "93746"
},
{
"date": "2010-12-08T19:17:16",
"db": "PACKETSTORM",
"id": "96482"
},
{
"date": "2010-08-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201009-094"
},
{
"date": "2010-09-10T19:00:02.597000",
"db": "NVD",
"id": "CVE-2010-2949"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-09-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-1779"
},
{
"date": "2013-07-18T18:23:00",
"db": "BID",
"id": "42642"
},
{
"date": "2012-04-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-002551"
},
{
"date": "2023-02-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201009-094"
},
{
"date": "2023-02-13T04:21:24.037000",
"db": "NVD",
"id": "CVE-2010-2949"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "110033"
},
{
"db": "PACKETSTORM",
"id": "93585"
},
{
"db": "PACKETSTORM",
"id": "93746"
},
{
"db": "PACKETSTORM",
"id": "96482"
},
{
"db": "CNNVD",
"id": "CNNVD-201009-094"
}
],
"trust": 1.0
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Quagga of bgpd Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-002551"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201009-094"
}
],
"trust": 0.6
}
}
var-200709-0225
Vulnerability from variot
bgpd in Quagga before 0.99.9 allows explicitly configured BGP peers to cause a denial of service (crash) via a malformed (1) OPEN message or (2) a COMMUNITY attribute, which triggers a NULL pointer dereference. NOTE: vector 2 only exists when debugging is enabled. Quagga Routing Suite is prone to a multiple denial-of-service vulnerabilities. An attacker can exploit these issues to crash the affected application, denying service to legitimate users. These issues affect versions prior to Quagga Routing Suite 0.99.9.
Updated packages are available that bring Quagga to version 0.99.9 which provides numerous bugfixes over the previous 0.99.3 version, and also correct this issue.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4826
Updated Packages:
Corporate 4.0: ab6e0e1d280a6945ce7a5b47d908181c corporate/4.0/i586/libquagga0-0.99.9-0.1.20060mlcs4.i586.rpm f0744b4772d1d15dc5d02d0642e5f0da corporate/4.0/i586/libquagga0-devel-0.99.9-0.1.20060mlcs4.i586.rpm 6d5921788f7a5c169f053013fa4dd0c5 corporate/4.0/i586/quagga-0.99.9-0.1.20060mlcs4.i586.rpm cde3640e96e96e47384181a940a9e8c1 corporate/4.0/i586/quagga-contrib-0.99.9-0.1.20060mlcs4.i586.rpm 5e64b02beff305ba5a37272e13592739 corporate/4.0/SRPMS/quagga-0.99.9-0.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64: 24474feed270055ce5e5ed096c227e50 corporate/4.0/x86_64/lib64quagga0-0.99.9-0.1.20060mlcs4.x86_64.rpm cac13525b2e2935e314fe8a8a0dd1626 corporate/4.0/x86_64/lib64quagga0-devel-0.99.9-0.1.20060mlcs4.x86_64.rpm dcb01be5184742e412f99f5fa601f7a7 corporate/4.0/x86_64/quagga-0.99.9-0.1.20060mlcs4.x86_64.rpm c8978f69636129050debd2e721bba887 corporate/4.0/x86_64/quagga-contrib-0.99.9-0.1.20060mlcs4.x86_64.rpm 5e64b02beff305ba5a37272e13592739 corporate/4.0/SRPMS/quagga-0.99.9-0.1.20060mlcs4.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFG6WgbmqjQ0CJFipgRAoPJAJ9gZxTHQMiR/Z+WjwIErpa/JmMQRwCg4Ckf bzjs45A3TRaGLqsKFHZ9qqQ= =PJRI -----END PGP SIGNATURE-----
.
Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure.
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,700 different Windows applications.
-- Debian GNU/Linux 3.1 alias sarge --
Source archives:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3.orig.tar.gz Size/MD5 checksum: 2118348 68be5e911e4d604c0f5959338263356e http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5.diff.gz Size/MD5 checksum: 43910 8bfd06c851172358137d7b67d5f90490 http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5.dsc Size/MD5 checksum: 1017 69dc4e5de4de00ec723ecaad6f285af8
Architecture independent packages:
http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.98.3-7.5_all.deb Size/MD5 checksum: 488996 4f150df3d0d7c1b26d648590ac02541a
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_alpha.deb Size/MD5 checksum: 1613894 c0064c06d8eeed92b7607bc9d1c03c0f
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_amd64.deb Size/MD5 checksum: 1413484 399d4fe967343eb586eb4f17348d2f4b
arm architecture (ARM)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_arm.deb Size/MD5 checksum: 1291326 cc876fbb2cf8e3602cde4ea1e93e75e0
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_hppa.deb Size/MD5 checksum: 1447854 ae9502f1d97de52c875f0eb82ab8cf3e
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_i386.deb Size/MD5 checksum: 1192432 e3057ed965a580381e7c15dc430df295
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_ia64.deb Size/MD5 checksum: 1829272 e182c3ae76fe84b9b041498aef8807ee
m68k architecture (Motorola Mc680x0)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_m68k.deb Size/MD5 checksum: 1159818 487dd9883427b87d886674996e6850a1
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_mips.deb Size/MD5 checksum: 1353182 411564875b0ecb39ffd166865392ed7b
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_mipsel.deb Size/MD5 checksum: 1356062 b828e6228e2b8389d61de6b97c1b6b56
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_powerpc.deb Size/MD5 checksum: 1317460 927a1768a1e2449981c0159d974658e8
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_s390.deb Size/MD5 checksum: 1401842 e30e4afa3570324cb913ae0b746f49a3
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_sparc.deb Size/MD5 checksum: 1287860 17ad533f4dfc7b184812ad7634bf215f
-- Debian GNU/Linux 4.0 alias etch --
Source archives:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5.orig.tar.gz Size/MD5 checksum: 2311140 3f9c71aca6faa22a889e2f84ecfd0076 http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3.dsc Size/MD5 checksum: 1046 3a36e812322157de715626cbe04c519f http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3.diff.gz Size/MD5 checksum: 33551 0de3c5021dbed0e4739f88b6f00a9c59
Architecture independent packages:
http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.99.5-5etch3_all.deb Size/MD5 checksum: 720288 2bafee611f8a75fedc07be2224f90922
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_alpha.deb Size/MD5 checksum: 1681786 b98d10ce3b2906b13031f9d09fcdde3c
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_amd64.deb Size/MD5 checksum: 1414716 00846f88e7df3db61001d54fd5647d23
arm architecture (ARM)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_arm.deb Size/MD5 checksum: 1349946 5e8c58f59352222caf345fbf3f1551de
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_hppa.deb Size/MD5 checksum: 1531350 54a89d669ab617597c7abf53eb7c3e6a
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_i386.deb Size/MD5 checksum: 1247076 6334fa5dd1344e6be4bfe77d8f5efba7
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_ia64.deb Size/MD5 checksum: 1955634 6b98821ad60bd0a757b274488f92a50d
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_mips.deb Size/MD5 checksum: 1455714 1b8e171cb0b8dd1d5643f4960fb227de
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_mipsel.deb Size/MD5 checksum: 1460804 4bbd130c9419f69f6c759c80ec672352
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_powerpc.deb Size/MD5 checksum: 1379640 a0c25edb50d2b0c3ddbcacf96a702b29
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_s390.deb Size/MD5 checksum: 1482930 e22c407cb6fdf8071799d3891de4c12c
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_sparc.deb Size/MD5 checksum: 1348064 843f3b9bcfc7f25f1fe096a0c0f46793
-- Debian GNU/Linux unstable alias sid --
Fixed in version 0.99.9-1. =========================================================== Ubuntu Security Notice USN-512-1 September 15, 2007 quagga vulnerability CVE-2007-4826 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 6.06 LTS: quagga 0.99.2-1ubuntu3.3
Ubuntu 6.10: quagga 0.99.4-4ubuntu1.2
Ubuntu 7.04: quagga 0.99.6-2ubuntu3.2
In general, a standard system upgrade is sufficient to affect the necessary changes. ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
15 days left of beta period.
The 1st generation of the Secunia Network Software Inspector (NSI) has been available for corporate users for almost 1 year and its been a tremendous success.
The 2nd generation Secunia NSI is built on the same technology as the award winning Secunia PSI, which has already been downloaded and installed on more than 400,000 computers world wide.
For more information: SA24808 SA26744
The vulnerabilities have been reported in GNU Zebra and Quagga BGP Routing Daemon included in Solaris 10 for both the SPARC and x86 platforms.
SOLUTION: Apply patches.
-- SPARC Platform --
Apply patch 126206-04 or later.
-- x86 Platform --
Apply patch 126207-04 or later.
BETA test the new Secunia Personal Software Inspector!
The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors.
Download the free PSI BETA from the Secunia website: https://psi.secunia.com/
TITLE: Quagga Multiple Denial of Service Vulnerabilities
SECUNIA ADVISORY ID: SA26744
VERIFY ADVISORY: http://secunia.com/advisories/26744/
CRITICAL: Less critical
IMPACT: DoS
WHERE:
From remote
SOFTWARE: Quagga 0.x http://secunia.com/product/4731/
DESCRIPTION: Some vulnerabilities have been reported in Quagga, which can be exploited by malicious users to cause a DoS (Denial of Service).
The vulnerabilities are caused due to bgpd improperly handling messages and attributes sent by peers. This can be exploited to crash bgpd by sending a specially crafted "OPEN" message or a specially crafted "COMMUNITY" attribute to the affected server.
Successful exploitation requires that the attacker is configured as peer of the victim system, and that the debugging of BGP updates is on.
The vulnerabilities are reported in versions prior to 0.99.9.
SOLUTION: Fixed in unstable version 0.99.9.
Connect to trusted peers only.
PROVIDED AND/OR DISCOVERED BY: The vendor credits Mu Security.
ORIGINAL ADVISORY: http://www.quagga.net/download/quagga-0.99.9.changelog.txt
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200709-0225",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quagga",
"scope": "lte",
"trust": 1.8,
"vendor": "quagga",
"version": "0.99.8"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.97.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.97.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.98.0"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.98.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.97.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.98.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.97.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.98.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.98.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.0"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.6"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.6"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.7"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.95"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.3"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3 (x86)"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3 (x86-64)"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "4.0"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "4.0 (x86-64)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "10 (sparc)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "10 (x86)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (ws)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.8 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.8 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (server)"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5.0 (client)"
},
{
"model": "rhel desktop workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (client)"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.6,
"vendor": "quagga",
"version": "0.99.8"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.04"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.04"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.04"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.10"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.10"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.10"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.10"
},
{
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "secure linux",
"scope": "eq",
"trust": 0.3,
"vendor": "trustix",
"version": "3.0.5"
},
{
"model": "secure linux",
"scope": "eq",
"trust": 0.3,
"vendor": "trustix",
"version": "3.0"
},
{
"model": "secure linux",
"scope": "eq",
"trust": 0.3,
"vendor": "trustix",
"version": "2.2"
},
{
"model": "solaris 10 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "solaris 10 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "enterprise linux desktop version",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "hat fedora core7",
"scope": null,
"trust": 0.3,
"vendor": "red",
"version": null
},
{
"model": "hat enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"model": "hat enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "4"
},
{
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.8"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.7"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.6"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.5"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.4"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.3"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.2"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.1"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5"
},
{
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "interactive response",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"model": "routing software suite",
"scope": "ne",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.9"
}
],
"sources": [
{
"db": "BID",
"id": "25634"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001159"
},
{
"db": "CNNVD",
"id": "CNNVD-200709-152"
},
{
"db": "NVD",
"id": "CVE-2007-4826"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "0.99.8",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.95:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-4826"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mu Security",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200709-152"
}
],
"trust": 0.6
},
"cve": "CVE-2007-4826",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2007-4826",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 1.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-4826",
"trust": 1.8,
"value": "Low"
},
{
"author": "CNNVD",
"id": "CNNVD-200709-152",
"trust": 0.6,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001159"
},
{
"db": "CNNVD",
"id": "CNNVD-200709-152"
},
{
"db": "NVD",
"id": "CVE-2007-4826"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "bgpd in Quagga before 0.99.9 allows explicitly configured BGP peers to cause a denial of service (crash) via a malformed (1) OPEN message or (2) a COMMUNITY attribute, which triggers a NULL pointer dereference. NOTE: vector 2 only exists when debugging is enabled. Quagga Routing Suite is prone to a multiple denial-of-service vulnerabilities. \nAn attacker can exploit these issues to crash the affected application, denying service to legitimate users. \nThese issues affect versions prior to Quagga Routing Suite 0.99.9. \n \n Updated packages are available that bring Quagga to version 0.99.9\n which provides numerous bugfixes over the previous 0.99.3 version,\n and also correct this issue. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4826\n _______________________________________________________________________\n \n Updated Packages:\n \n Corporate 4.0:\n ab6e0e1d280a6945ce7a5b47d908181c corporate/4.0/i586/libquagga0-0.99.9-0.1.20060mlcs4.i586.rpm\n f0744b4772d1d15dc5d02d0642e5f0da corporate/4.0/i586/libquagga0-devel-0.99.9-0.1.20060mlcs4.i586.rpm\n 6d5921788f7a5c169f053013fa4dd0c5 corporate/4.0/i586/quagga-0.99.9-0.1.20060mlcs4.i586.rpm\n cde3640e96e96e47384181a940a9e8c1 corporate/4.0/i586/quagga-contrib-0.99.9-0.1.20060mlcs4.i586.rpm \n 5e64b02beff305ba5a37272e13592739 corporate/4.0/SRPMS/quagga-0.99.9-0.1.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n 24474feed270055ce5e5ed096c227e50 corporate/4.0/x86_64/lib64quagga0-0.99.9-0.1.20060mlcs4.x86_64.rpm\n cac13525b2e2935e314fe8a8a0dd1626 corporate/4.0/x86_64/lib64quagga0-devel-0.99.9-0.1.20060mlcs4.x86_64.rpm\n dcb01be5184742e412f99f5fa601f7a7 corporate/4.0/x86_64/quagga-0.99.9-0.1.20060mlcs4.x86_64.rpm\n c8978f69636129050debd2e721bba887 corporate/4.0/x86_64/quagga-contrib-0.99.9-0.1.20060mlcs4.x86_64.rpm \n 5e64b02beff305ba5a37272e13592739 corporate/4.0/SRPMS/quagga-0.99.9-0.1.20060mlcs4.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFG6WgbmqjQ0CJFipgRAoPJAJ9gZxTHQMiR/Z+WjwIErpa/JmMQRwCg4Ckf\nbzjs45A3TRaGLqsKFHZ9qqQ=\n=PJRI\n-----END PGP SIGNATURE-----\n\n. \n\n----------------------------------------------------------------------\n\nTry a new way to discover vulnerabilities that ALREADY EXIST in your\nIT infrastructure. \n\nThe Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT\nvulnerabilities in more than 4,700 different Windows applications. \n\n-- Debian GNU/Linux 3.1 alias sarge --\n\nSource archives:\n\nhttp://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3.orig.tar.gz\nSize/MD5 checksum: 2118348 68be5e911e4d604c0f5959338263356e\nhttp://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5.diff.gz\nSize/MD5 checksum: 43910 8bfd06c851172358137d7b67d5f90490\nhttp://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5.dsc\nSize/MD5 checksum: 1017 69dc4e5de4de00ec723ecaad6f285af8\n\nArchitecture independent packages:\n\nhttp://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.98.3-7.5_all.deb\nSize/MD5 checksum: 488996 4f150df3d0d7c1b26d648590ac02541a\n\nalpha architecture (DEC Alpha)\n\nhttp://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_alpha.deb\nSize/MD5 checksum: 1613894 c0064c06d8eeed92b7607bc9d1c03c0f\n\namd64 architecture (AMD x86_64 (AMD64))\n\nhttp://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_amd64.deb\nSize/MD5 checksum: 1413484 399d4fe967343eb586eb4f17348d2f4b\n\narm architecture (ARM)\n\nhttp://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_arm.deb\nSize/MD5 checksum: 1291326 cc876fbb2cf8e3602cde4ea1e93e75e0\n\nhppa architecture (HP PA RISC)\n\nhttp://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_hppa.deb\nSize/MD5 checksum: 1447854 ae9502f1d97de52c875f0eb82ab8cf3e\n\ni386 architecture (Intel ia32)\n\nhttp://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_i386.deb\nSize/MD5 checksum: 1192432 e3057ed965a580381e7c15dc430df295\n\nia64 architecture (Intel ia64)\n\nhttp://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_ia64.deb\nSize/MD5 checksum: 1829272 e182c3ae76fe84b9b041498aef8807ee\n\nm68k architecture (Motorola Mc680x0)\n\nhttp://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_m68k.deb\nSize/MD5 checksum: 1159818 487dd9883427b87d886674996e6850a1\n\nmips architecture (MIPS (Big Endian))\n\nhttp://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_mips.deb\nSize/MD5 checksum: 1353182 411564875b0ecb39ffd166865392ed7b\n\nmipsel architecture (MIPS (Little Endian))\n\nhttp://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_mipsel.deb\nSize/MD5 checksum: 1356062 b828e6228e2b8389d61de6b97c1b6b56\n\npowerpc architecture (PowerPC)\n\nhttp://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_powerpc.deb\nSize/MD5 checksum: 1317460 927a1768a1e2449981c0159d974658e8\n\ns390 architecture (IBM S/390)\n\nhttp://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_s390.deb\nSize/MD5 checksum: 1401842 e30e4afa3570324cb913ae0b746f49a3\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\nhttp://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_sparc.deb\nSize/MD5 checksum: 1287860 17ad533f4dfc7b184812ad7634bf215f\n\n-- Debian GNU/Linux 4.0 alias etch --\n\nSource archives:\n\nhttp://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5.orig.tar.gz\nSize/MD5 checksum: 2311140 3f9c71aca6faa22a889e2f84ecfd0076\nhttp://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3.dsc\nSize/MD5 checksum: 1046 3a36e812322157de715626cbe04c519f\nhttp://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3.diff.gz\nSize/MD5 checksum: 33551 0de3c5021dbed0e4739f88b6f00a9c59\n\nArchitecture independent packages:\n\nhttp://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.99.5-5etch3_all.deb\nSize/MD5 checksum: 720288 2bafee611f8a75fedc07be2224f90922\n\nalpha architecture (DEC Alpha)\n\nhttp://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_alpha.deb\nSize/MD5 checksum: 1681786 b98d10ce3b2906b13031f9d09fcdde3c\n\namd64 architecture (AMD x86_64 (AMD64))\n\nhttp://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_amd64.deb\nSize/MD5 checksum: 1414716 00846f88e7df3db61001d54fd5647d23\n\narm architecture (ARM)\n\nhttp://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_arm.deb\nSize/MD5 checksum: 1349946 5e8c58f59352222caf345fbf3f1551de\n\nhppa architecture (HP PA RISC)\n\nhttp://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_hppa.deb\nSize/MD5 checksum: 1531350 54a89d669ab617597c7abf53eb7c3e6a\n\ni386 architecture (Intel ia32)\n\nhttp://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_i386.deb\nSize/MD5 checksum: 1247076 6334fa5dd1344e6be4bfe77d8f5efba7\n\nia64 architecture (Intel ia64)\n\nhttp://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_ia64.deb\nSize/MD5 checksum: 1955634 6b98821ad60bd0a757b274488f92a50d\n\nmips architecture (MIPS (Big Endian))\n\nhttp://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_mips.deb\nSize/MD5 checksum: 1455714 1b8e171cb0b8dd1d5643f4960fb227de\n\nmipsel architecture (MIPS (Little Endian))\n\nhttp://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_mipsel.deb\nSize/MD5 checksum: 1460804 4bbd130c9419f69f6c759c80ec672352\n\npowerpc architecture (PowerPC)\n\nhttp://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_powerpc.deb\nSize/MD5 checksum: 1379640 a0c25edb50d2b0c3ddbcacf96a702b29\n\ns390 architecture (IBM S/390)\n\nhttp://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_s390.deb\nSize/MD5 checksum: 1482930 e22c407cb6fdf8071799d3891de4c12c\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\nhttp://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_sparc.deb\nSize/MD5 checksum: 1348064 843f3b9bcfc7f25f1fe096a0c0f46793\n\n-- Debian GNU/Linux unstable alias sid --\n\nFixed in version 0.99.9-1. =========================================================== \nUbuntu Security Notice USN-512-1 September 15, 2007\nquagga vulnerability\nCVE-2007-4826\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 6.06 LTS\nUbuntu 6.10\nUbuntu 7.04\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 6.06 LTS:\n quagga 0.99.2-1ubuntu3.3\n\nUbuntu 6.10:\n quagga 0.99.4-4ubuntu1.2\n\nUbuntu 7.04:\n quagga 0.99.6-2ubuntu3.2\n\nIn general, a standard system upgrade is sufficient to affect the\nnecessary changes. ----------------------------------------------------------------------\n\nSecunia Network Software Inspector 2.0 (NSI) - Public Beta\n\n15 days left of beta period. \n\nThe 1st generation of the Secunia Network Software Inspector (NSI)\nhas been available for corporate users for almost 1 year and its been\na tremendous success. \n\nThe 2nd generation Secunia NSI is built on the same technology as the\naward winning Secunia PSI, which has already been downloaded and\ninstalled on more than 400,000 computers world wide. \n\nFor more information:\nSA24808\nSA26744\n\nThe vulnerabilities have been reported in GNU Zebra and Quagga BGP\nRouting Daemon included in Solaris 10 for both the SPARC and x86\nplatforms. \n\nSOLUTION:\nApply patches. \n\n-- SPARC Platform --\n\nApply patch 126206-04 or later. \n\n-- x86 Platform --\n\nApply patch 126207-04 or later. \n\n----------------------------------------------------------------------\n\nBETA test the new Secunia Personal Software Inspector!\n\nThe Secunia PSI detects installed software on your computer and\ncategorises it as either Insecure, End-of-Life, or Up-To-Date. \nEffectively enabling you to focus your attention on software\ninstallations where more secure versions are available from the\nvendors. \n\nDownload the free PSI BETA from the Secunia website:\nhttps://psi.secunia.com/\n\n----------------------------------------------------------------------\n\nTITLE:\nQuagga Multiple Denial of Service Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA26744\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/26744/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nDoS\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nQuagga 0.x\nhttp://secunia.com/product/4731/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in Quagga, which can be\nexploited by malicious users to cause a DoS (Denial of Service). \n\nThe vulnerabilities are caused due to bgpd improperly handling\nmessages and attributes sent by peers. This can be exploited to crash\nbgpd by sending a specially crafted \"OPEN\" message or a specially\ncrafted \"COMMUNITY\" attribute to the affected server. \n\nSuccessful exploitation requires that the attacker is configured as\npeer of the victim system, and that the debugging of BGP updates is\non. \n\nThe vulnerabilities are reported in versions prior to 0.99.9. \n\nSOLUTION:\nFixed in unstable version 0.99.9. \n\nConnect to trusted peers only. \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Mu Security. \n\nORIGINAL ADVISORY:\nhttp://www.quagga.net/download/quagga-0.99.9.changelog.txt\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-4826"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001159"
},
{
"db": "BID",
"id": "25634"
},
{
"db": "PACKETSTORM",
"id": "59307"
},
{
"db": "PACKETSTORM",
"id": "59758"
},
{
"db": "PACKETSTORM",
"id": "59371"
},
{
"db": "PACKETSTORM",
"id": "59341"
},
{
"db": "PACKETSTORM",
"id": "65543"
},
{
"db": "PACKETSTORM",
"id": "59220"
},
{
"db": "PACKETSTORM",
"id": "59440"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-4826",
"trust": 2.9
},
{
"db": "BID",
"id": "25634",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "26744",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "27049",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26829",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "29743",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26863",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-3129",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2008-1195",
"trust": 1.6
},
{
"db": "XF",
"id": "36551",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001159",
"trust": 0.8
},
{
"db": "FEDORA",
"id": "FEDORA-2007-2196",
"trust": 0.6
},
{
"db": "MANDRIVA",
"id": "MDKSA-2007:182",
"trust": 0.6
},
{
"db": "UBUNTU",
"id": "USN-512-1",
"trust": 0.6
},
{
"db": "DEBIAN",
"id": "DSA-1382",
"trust": 0.6
},
{
"db": "SUNALERT",
"id": "236141",
"trust": 0.6
},
{
"db": "TRUSTIX",
"id": "2007-0028",
"trust": 0.6
},
{
"db": "MLIST",
"id": "[DEBIAN-SECURITY-ANNOUNCE] 20071003 [SECURITY] [DSA 1379-1] NEW QUAGGA PACKAGES FIX DENIAL OF SERVICE",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200709-152",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "59307",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "59758",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "59371",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "59341",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "65543",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "59220",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "59440",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "25634"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001159"
},
{
"db": "PACKETSTORM",
"id": "59307"
},
{
"db": "PACKETSTORM",
"id": "59758"
},
{
"db": "PACKETSTORM",
"id": "59371"
},
{
"db": "PACKETSTORM",
"id": "59341"
},
{
"db": "PACKETSTORM",
"id": "65543"
},
{
"db": "PACKETSTORM",
"id": "59220"
},
{
"db": "PACKETSTORM",
"id": "59440"
},
{
"db": "CNNVD",
"id": "CNNVD-200709-152"
},
{
"db": "NVD",
"id": "CVE-2007-4826"
}
]
},
"id": "VAR-200709-0225",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.1590909
},
"last_update_date": "2022-05-04T07:17:23.402000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "quagga-0.98.6-5.2.0.1.AXS3",
"trust": 0.8,
"url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=1286"
},
{
"title": "2145",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=2145"
},
{
"title": "Index of /releases/quagga",
"trust": 0.8,
"url": "http://download.savannah.gnu.org/releases/quagga/"
},
{
"title": "RHSA-2010:0785",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2010-0785.html"
},
{
"title": "Multiple Denial of Service vulnerabilities in Quagga",
"trust": 0.8,
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_denial_of_service_vulnerabilities4"
},
{
"title": "236141",
"trust": 0.8,
"url": "http://download.oracle.com/sunalerts/1019153.1.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001159"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-4826"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://secunia.com/advisories/26744"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/25634"
},
{
"trust": 2.0,
"url": "http://www.quagga.net/download/quagga-0.99.9.changelog.txt"
},
{
"trust": 1.7,
"url": "http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00153.html"
},
{
"trust": 1.7,
"url": "http://www.ubuntu.com/usn/usn-512-1"
},
{
"trust": 1.6,
"url": "http://quagga.net/news2.php?y=2007\u0026m=9\u0026d=7#id1189190760"
},
{
"trust": 1.6,
"url": "http://www.trustix.org/errata/2007/0028/"
},
{
"trust": 1.6,
"url": "http://www.mandriva.com/security/advisories?name=mdksa-2007:182"
},
{
"trust": 1.6,
"url": "http://www.debian.org/security/2007/dsa-1382"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/27049"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/26863"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/26829"
},
{
"trust": 1.6,
"url": "http://fedoranews.org/updates/fedora-2007-219.shtml"
},
{
"trust": 1.6,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-236141-1"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/29743"
},
{
"trust": 1.4,
"url": "http://www.frsirt.com/english/advisories/2007/3129"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/36551"
},
{
"trust": 1.0,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0785.html"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2007/3129"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2008/1195/references"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36551"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4826"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-4826"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2008/1195/references"
},
{
"trust": 0.5,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.5,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.5,
"url": "http://secunia.com/advisories/26744/"
},
{
"trust": 0.5,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.4,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-236141-1"
},
{
"trust": 0.3,
"url": "http://www.quagga.net/"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/elmodocs2/security/asa-2008-176.htm"
},
{
"trust": 0.3,
"url": "https://psi.secunia.com/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-4826"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6-2ubuntu3.2.diff.gz"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.2-1ubuntu3.3_all.deb"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4-4ubuntu1.2.diff.gz"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.3_i386.deb"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6-2ubuntu3.2_amd64.deb"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6-2ubuntu3.2_powerpc.deb"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4.orig.tar.gz"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.3.dsc"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.3.diff.gz"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4-4ubuntu1.2_powerpc.deb"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6-2ubuntu3.2_i386.deb"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4-4ubuntu1.2_i386.deb"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.3_sparc.deb"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.3_powerpc.deb"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2.orig.tar.gz"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4-4ubuntu1.2_amd64.deb"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.6-2ubuntu3.2_all.deb"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.4-4ubuntu1.2_all.deb"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.3_amd64.deb"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4-4ubuntu1.2.dsc"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6-2ubuntu3.2_sparc.deb"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6-2ubuntu3.2.dsc"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.4-4ubuntu1.2_sparc.deb"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.6.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://secunia.com/network_software_inspector/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_s390.deb"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/13844/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5307/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.98.3-7.5_all.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_m68k.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.99.5-5etch3_all.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/27049/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/530/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_alpha.deb"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/12470/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/26829/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/10611/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14068/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/29743/"
},
{
"trust": 0.1,
"url": "http://secunia.com/network_software_inspector_2/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/4813/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/24808/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/4731/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/15552/"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-september/msg00304.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/26863/"
}
],
"sources": [
{
"db": "BID",
"id": "25634"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001159"
},
{
"db": "PACKETSTORM",
"id": "59307"
},
{
"db": "PACKETSTORM",
"id": "59758"
},
{
"db": "PACKETSTORM",
"id": "59371"
},
{
"db": "PACKETSTORM",
"id": "59341"
},
{
"db": "PACKETSTORM",
"id": "65543"
},
{
"db": "PACKETSTORM",
"id": "59220"
},
{
"db": "PACKETSTORM",
"id": "59440"
},
{
"db": "CNNVD",
"id": "CNNVD-200709-152"
},
{
"db": "NVD",
"id": "CVE-2007-4826"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "25634"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001159"
},
{
"db": "PACKETSTORM",
"id": "59307"
},
{
"db": "PACKETSTORM",
"id": "59758"
},
{
"db": "PACKETSTORM",
"id": "59371"
},
{
"db": "PACKETSTORM",
"id": "59341"
},
{
"db": "PACKETSTORM",
"id": "65543"
},
{
"db": "PACKETSTORM",
"id": "59220"
},
{
"db": "PACKETSTORM",
"id": "59440"
},
{
"db": "CNNVD",
"id": "CNNVD-200709-152"
},
{
"db": "NVD",
"id": "CVE-2007-4826"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-09-11T00:00:00",
"db": "BID",
"id": "25634"
},
{
"date": "2008-05-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-001159"
},
{
"date": "2007-09-13T23:56:50",
"db": "PACKETSTORM",
"id": "59307"
},
{
"date": "2007-10-03T20:39:01",
"db": "PACKETSTORM",
"id": "59758"
},
{
"date": "2007-09-18T16:48:01",
"db": "PACKETSTORM",
"id": "59371"
},
{
"date": "2007-09-18T14:57:19",
"db": "PACKETSTORM",
"id": "59341"
},
{
"date": "2008-04-15T23:22:47",
"db": "PACKETSTORM",
"id": "65543"
},
{
"date": "2007-09-11T22:19:30",
"db": "PACKETSTORM",
"id": "59220"
},
{
"date": "2007-09-20T08:11:10",
"db": "PACKETSTORM",
"id": "59440"
},
{
"date": "2007-09-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200709-152"
},
{
"date": "2007-09-12T10:17:00",
"db": "NVD",
"id": "CVE-2007-4826"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-09-13T17:20:00",
"db": "BID",
"id": "25634"
},
{
"date": "2012-04-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-001159"
},
{
"date": "2007-09-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200709-152"
},
{
"date": "2017-07-29T01:33:00",
"db": "NVD",
"id": "CVE-2007-4826"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "59307"
},
{
"db": "PACKETSTORM",
"id": "59371"
},
{
"db": "CNNVD",
"id": "CNNVD-200709-152"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Quagga of bgpd Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001159"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200709-152"
}
],
"trust": 0.6
}
}
var-201807-0268
Vulnerability from variot
Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State Advertisement (LSA) recency for LSAs with MaxSequenceNumber. According to RFC 2328 section 13.1, for two instances of the same LSA, recency is determined by first comparing sequence numbers, then checksums, and finally MaxAge. In a case where the sequence numbers are the same, the LSA with the larger checksum is considered more recent, and will not be flushed from the Link State Database (LSDB). Since the RFC does not explicitly state that the values of links carried by a LSA must be the same when prematurely aging a self-originating LSA with MaxSequenceNumber, it is possible in vulnerable OSPF implementations for an attacker to craft a LSA with MaxSequenceNumber and invalid links that will result in a larger checksum and thus a 'newer' LSA that will not be flushed from the LSDB. Propagation of the crafted LSA can result in the erasure or alteration of the routing tables of routers within the routing domain, creating a denial of service condition or the re-routing of traffic on the network. CVE-2017-3224 has been reserved for Quagga and downstream implementations (SUSE, openSUSE, and Red Hat packages). Attackers with the ability to transmit messages from a routing domain router may send specially crafted OSPF messages to poison routing tables within the domain. Quagga Contains vulnerabilities related to insufficient validation of data reliability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Quagga is a routing software suite developed by US software developer Kunihiro Ishiguro. The kit implements OSPFv2, OSPFv3, and RIPv1/v2 protocols on multiple platforms, and provides functions such as route redistribution and route mapping. A denial of service vulnerability exists in Quagga. Exploiting this issue allows remote attackers to cause a denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-0268",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quagga",
"scope": "eq",
"trust": 1.9,
"vendor": "quagga",
"version": null
},
{
"model": "quagga",
"scope": null,
"trust": 1.4,
"vendor": "quagga",
"version": null
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": null
},
{
"model": "package manager",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "quagga",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "suse linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "opensuse",
"version": null
},
{
"model": "opensuse",
"scope": null,
"trust": 0.8,
"vendor": "suse",
"version": null
},
{
"model": "linux",
"scope": null,
"trust": 0.8,
"vendor": "suse",
"version": null
},
{
"model": "package manager",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#793496"
},
{
"db": "CNVD",
"id": "CNVD-2017-35374"
},
{
"db": "BID",
"id": "100134"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014163"
},
{
"db": "NVD",
"id": "CVE-2017-3224"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-153"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:suse:opensuse:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:suse_linux:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:package_manager:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3224"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "and Gabi Nakibly,Adi Sosnovich, Orna Grumberg",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-153"
}
],
"trust": 0.6
},
"cve": "CVE-2017-3224",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 5.5,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-3224",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-35374",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.6,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.2,
"baseSeverity": "High",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2017-3224",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-3224",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-35374",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-153",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35374"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014163"
},
{
"db": "NVD",
"id": "CVE-2017-3224"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-153"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State Advertisement (LSA) recency for LSAs with MaxSequenceNumber. According to RFC 2328 section 13.1, for two instances of the same LSA, recency is determined by first comparing sequence numbers, then checksums, and finally MaxAge. In a case where the sequence numbers are the same, the LSA with the larger checksum is considered more recent, and will not be flushed from the Link State Database (LSDB). Since the RFC does not explicitly state that the values of links carried by a LSA must be the same when prematurely aging a self-originating LSA with MaxSequenceNumber, it is possible in vulnerable OSPF implementations for an attacker to craft a LSA with MaxSequenceNumber and invalid links that will result in a larger checksum and thus a \u0027newer\u0027 LSA that will not be flushed from the LSDB. Propagation of the crafted LSA can result in the erasure or alteration of the routing tables of routers within the routing domain, creating a denial of service condition or the re-routing of traffic on the network. CVE-2017-3224 has been reserved for Quagga and downstream implementations (SUSE, openSUSE, and Red Hat packages). Attackers with the ability to transmit messages from a routing domain router may send specially crafted OSPF messages to poison routing tables within the domain. Quagga Contains vulnerabilities related to insufficient validation of data reliability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Quagga is a routing software suite developed by US software developer Kunihiro Ishiguro. The kit implements OSPFv2, OSPFv3, and RIPv1/v2 protocols on multiple platforms, and provides functions such as route redistribution and route mapping. A denial of service vulnerability exists in Quagga. \nExploiting this issue allows remote attackers to cause a denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3224"
},
{
"db": "CERT/CC",
"id": "VU#793496"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014163"
},
{
"db": "CNVD",
"id": "CNVD-2017-35374"
},
{
"db": "BID",
"id": "100134"
}
],
"trust": 3.15
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#793496",
"trust": 4.1
},
{
"db": "NVD",
"id": "CVE-2017-3224",
"trust": 3.3
},
{
"db": "LENOVO",
"id": "LEN-14078",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU93329670",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014163",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-35374",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201708-153",
"trust": 0.6
},
{
"db": "BID",
"id": "100134",
"trust": 0.3
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#793496"
},
{
"db": "CNVD",
"id": "CNVD-2017-35374"
},
{
"db": "BID",
"id": "100134"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014163"
},
{
"db": "NVD",
"id": "CVE-2017-3224"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-153"
}
]
},
"id": "VAR-201807-0268",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35374"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35374"
}
]
},
"last_update_date": "2023-12-18T12:18:42.472000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.quagga.net/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "https://access.redhat.com/"
},
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "https://www.suse.com/ja-jp/"
},
{
"title": "Patch for Quagga Denial of Service Vulnerability (CNVD-2017-35374)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/106873"
},
{
"title": "Quagga Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=74825"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35374"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014163"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-153"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-345",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014163"
},
{
"db": "NVD",
"id": "CVE-2017-3224"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://www.kb.cert.org/vuls/id/793496"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/354.html"
},
{
"trust": 0.8,
"url": "https://en.wikipedia.org/wiki/open_shortest_path_first"
},
{
"trust": 0.8,
"url": "https://www.ietf.org/rfc/rfc2328.txt"
},
{
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170727-ospf"
},
{
"trust": 0.8,
"url": "https://support.lenovo.com/us/en/product_security/len-14078"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3224"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93329670/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3224"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1472873"
},
{
"trust": 0.3,
"url": "http://www.quagga.net/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2017-3224"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#793496"
},
{
"db": "CNVD",
"id": "CNVD-2017-35374"
},
{
"db": "BID",
"id": "100134"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014163"
},
{
"db": "NVD",
"id": "CVE-2017-3224"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-153"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#793496"
},
{
"db": "CNVD",
"id": "CNVD-2017-35374"
},
{
"db": "BID",
"id": "100134"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014163"
},
{
"db": "NVD",
"id": "CVE-2017-3224"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-153"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-27T00:00:00",
"db": "CERT/CC",
"id": "VU#793496"
},
{
"date": "2017-11-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-35374"
},
{
"date": "2017-07-27T00:00:00",
"db": "BID",
"id": "100134"
},
{
"date": "2018-10-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014163"
},
{
"date": "2018-07-24T15:29:00.890000",
"db": "NVD",
"id": "CVE-2017-3224"
},
{
"date": "2017-07-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-153"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-18T00:00:00",
"db": "CERT/CC",
"id": "VU#793496"
},
{
"date": "2017-11-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-35374"
},
{
"date": "2017-07-27T00:00:00",
"db": "BID",
"id": "100134"
},
{
"date": "2018-10-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014163"
},
{
"date": "2019-10-09T23:27:25.087000",
"db": "NVD",
"id": "CVE-2017-3224"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-153"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-153"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Open Shortest Path First (OSPF) protocol implementations may improperly determine LSA recency",
"sources": [
{
"db": "CERT/CC",
"id": "VU#793496"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "data forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-153"
}
],
"trust": 0.6
}
}
var-201204-0159
Vulnerability from variot
Buffer overflow in the ospf_ls_upd_list_lsa function in ospf_packet.c in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a Link State Update (aka LS Update) packet that is smaller than the length specified in its header. Quagga, a routing software suite, contains multiple vulnerabilities that result in a denial-of-service condition. Quagga is prone to multiple remote security vulnerabilities including: 1. A denial-of-service vulnerability 2. Multiple buffer-overflow vulnerabilities An attackers can exploit these issues to execute arbitrary code in the context of the application or cause denial-of-service conditions. Quagga versions prior to 0.99.20.1 are vulnerable. ============================================================================ Ubuntu Security Notice USN-1441-1 May 15, 2012
quagga vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
Summary:
Quagga could be made to crash if it received specially crafted network traffic. (CVE-2012-0249, CVE-2012-0250)
It was discovered that Quagga incorrectly handled messages with a malformed Four-octet AS Number Capability. After a standard system update you need to restart Quagga to make all the necessary changes. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: Debian update for quagga
SECUNIA ADVISORY ID: SA48949
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48949/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48949
RELEASE DATE: 2012-04-26
DISCUSS ADVISORY: http://secunia.com/advisories/48949/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/48949/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48949
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Debian has issued an update for quagga. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
For more information: SA48388
SOLUTION: Apply updated packages via the apt-get package manager.
ORIGINAL ADVISORY: DSA-2459-1: http://lists.debian.org/debian-security-announce/2012/msg00092.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201310-08
http://security.gentoo.org/
Severity: Normal Title: Quagga: Multiple vulnerabilities Date: October 10, 2013 Bugs: #408507, #475706 ID: 201310-08
Synopsis
Multiple vulnerabilities have been found in Quagga, the worst of which could lead to arbitrary code execution. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All Quagga users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/quagga-0.99.22.4"
References
[ 1 ] CVE-2012-0249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0249 [ 2 ] CVE-2012-0250 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0250 [ 3 ] CVE-2012-0255 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0255 [ 4 ] CVE-2012-1820 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1820 [ 5 ] CVE-2013-2236 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2236
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201310-08.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: quagga security update Advisory ID: RHSA-2012:1259-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1259.html Issue date: 2012-09-12 CVE Names: CVE-2011-3323 CVE-2011-3324 CVE-2011-3325 CVE-2011-3326 CVE-2011-3327 CVE-2012-0249 CVE-2012-0250 CVE-2012-0255 CVE-2012-1820 =====================================================================
- Summary:
Updated quagga packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
- The Quagga bgpd daemon implements the BGP (Border Gateway Protocol) routing protocol. The Quagga ospfd and ospf6d daemons implement the OSPF (Open Shortest Path First) routing protocol.
A heap-based buffer overflow flaw was found in the way the bgpd daemon processed malformed Extended Communities path attributes. An attacker could send a specially-crafted BGP message, causing bgpd on a target system to crash or, possibly, execute arbitrary code with the privileges of the user running bgpd. The UPDATE message would have to arrive from an explicitly configured BGP peer, but could have originated elsewhere in the BGP network. An OSPF router could use this flaw to crash ospf6d on an adjacent router. (CVE-2011-3323)
A flaw was found in the way the ospf6d daemon processed malformed link state advertisements. An OSPF neighbor could use this flaw to crash ospf6d on a target system. (CVE-2011-3324)
A flaw was found in the way the ospfd daemon processed malformed Hello packets. An OSPF neighbor could use this flaw to crash ospfd on a target system. (CVE-2011-3325)
A flaw was found in the way the ospfd daemon processed malformed link state advertisements. An OSPF router in the autonomous system could use this flaw to crash ospfd on a target system. An OSPF router could use this flaw to cause ospfd on an adjacent router to abort. An OSPF router could use this flaw to crash ospfd on an adjacent router. (CVE-2012-0250)
Two flaws were found in the way the bgpd daemon processed certain BGP OPEN messages. A configured BGP peer could cause bgpd on a target system to abort via a specially-crafted BGP OPEN message. (CVE-2012-0255, CVE-2012-1820)
Red Hat would like to thank CERT-FI for reporting CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326; and the CERT/CC for reporting CVE-2012-0249, CVE-2012-0250, CVE-2012-0255, and CVE-2012-1820. CERT-FI acknowledges Riku Hietamäki, Tuomo Untinen and Jukka Taimisto of the Codenomicon CROSS project as the original reporters of CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326. The CERT/CC acknowledges Martin Winter at OpenSourceRouting.org as the original reporter of CVE-2012-0249, CVE-2012-0250, and CVE-2012-0255, and Denis Ovsienko as the original reporter of CVE-2012-1820.
Users of quagga should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the bgpd, ospfd, and ospf6d daemons will be restarted automatically.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258
- Package List:
Red Hat Enterprise Linux Server (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm
i386: quagga-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm
ppc64: quagga-0.99.15-7.el6_3.2.ppc64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.ppc64.rpm
s390x: quagga-0.99.15-7.el6_3.2.s390x.rpm quagga-debuginfo-0.99.15-7.el6_3.2.s390x.rpm
x86_64: quagga-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm
i386: quagga-contrib-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm
ppc64: quagga-contrib-0.99.15-7.el6_3.2.ppc64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.ppc.rpm quagga-debuginfo-0.99.15-7.el6_3.2.ppc64.rpm quagga-devel-0.99.15-7.el6_3.2.ppc.rpm quagga-devel-0.99.15-7.el6_3.2.ppc64.rpm
s390x: quagga-contrib-0.99.15-7.el6_3.2.s390x.rpm quagga-debuginfo-0.99.15-7.el6_3.2.s390.rpm quagga-debuginfo-0.99.15-7.el6_3.2.s390x.rpm quagga-devel-0.99.15-7.el6_3.2.s390.rpm quagga-devel-0.99.15-7.el6_3.2.s390x.rpm
x86_64: quagga-contrib-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm
i386: quagga-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm
x86_64: quagga-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm
i386: quagga-contrib-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm
x86_64: quagga-contrib-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2011-3323.html https://www.redhat.com/security/data/cve/CVE-2011-3324.html https://www.redhat.com/security/data/cve/CVE-2011-3325.html https://www.redhat.com/security/data/cve/CVE-2011-3326.html https://www.redhat.com/security/data/cve/CVE-2011-3327.html https://www.redhat.com/security/data/cve/CVE-2012-0249.html https://www.redhat.com/security/data/cve/CVE-2012-0250.html https://www.redhat.com/security/data/cve/CVE-2012-0255.html https://www.redhat.com/security/data/cve/CVE-2012-1820.html https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFQUOxMXlSAg2UNWIIRAspnAKDCd5umtQIWFZYD8vyRPpCkAlgiwwCglw+g P4VSjxs4xRnVCtT/IOkBkKQ= =VtuC -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce.
This security update upgrades the quagga package to the most recent upstream release. This release includes other corrections, such as hardening against unknown BGP path attributes.
For the stable distribution (squeeze), these problems have been fixed in version 0.99.20.1-0+squeeze1.
For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 0.99.20.1-1
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201204-0159",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.97.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.97.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.98.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.96.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.97.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.97.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.96.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.98.0"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.97.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.97.0"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.13"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.14"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.11"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.18"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.6"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.9"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.8"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.17"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.12"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.7"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.10"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.19"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.3"
},
{
"model": "quagga",
"scope": "lte",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.20"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.15"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.6"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.95"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.16"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.2"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "quagga",
"version": null
},
{
"model": "quagga",
"scope": "lt",
"trust": 0.8,
"vendor": "quagga",
"version": "0.99.20.1"
},
{
"model": "seil/b1",
"scope": "eq",
"trust": 0.8,
"vendor": "internet initiative",
"version": "1.00 to 3.70"
},
{
"model": "seil/neu 2fe plus",
"scope": "eq",
"trust": 0.8,
"vendor": "internet initiative",
"version": "1.00 to 2.13"
},
{
"model": "seil/turbo",
"scope": "eq",
"trust": 0.8,
"vendor": "internet initiative",
"version": "1.00 to 2.13"
},
{
"model": "seil/x1",
"scope": "eq",
"trust": 0.8,
"vendor": "internet initiative",
"version": "1.00 to 3.70"
},
{
"model": "seil/x2",
"scope": "eq",
"trust": 0.8,
"vendor": "internet initiative",
"version": "1.00 to 3.70"
},
{
"model": "seil/x86",
"scope": "eq",
"trust": 0.8,
"vendor": "internet initiative",
"version": "1.70 to 2.31"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.10"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.10"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.19"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.17"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.16"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.15"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.11"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.9"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.8"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.7"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.6"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.5"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.4"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.3"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.2"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.1"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.6"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.5"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.3"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.97.3"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.4"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.3"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.2"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5"
},
{
"model": "firewall enterprise 8.2.1p03",
"scope": null,
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "firewall enterprise 7.0.1.03h04",
"scope": null,
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "routing software suite",
"scope": "ne",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.20.1"
},
{
"model": "firewall enterprise 8.2.1p04",
"scope": "ne",
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "firewall enterprise 7.0.1.05.h05",
"scope": "ne",
"trust": 0.3,
"vendor": "mcafee",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#551715"
},
{
"db": "BID",
"id": "52531"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002004"
},
{
"db": "NVD",
"id": "CVE-2012-0249"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-066"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.95:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "0.99.20",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-0249"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MU Dynamics.",
"sources": [
{
"db": "BID",
"id": "52531"
}
],
"trust": 0.3
},
"cve": "CVE-2012-0249",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "ADJACENT NETWORK",
"authentication": "NONE",
"author": "CARNEGIE MELLON",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 6.1,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 4.8,
"exploitability": "PROOF-OF-CONCEPT",
"exploitabilityScore": 6.5,
"id": "VU#551715",
"impactScore": 6.9,
"integrityImpact": "NONE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "OFFICIAL FIX",
"reportConfidence": "CONFIRMED",
"severity": "MEDIUM",
"targetDistribution": "NOT DEFINED",
"trust": 0.8,
"userInterationRequired": null,
"vector_string": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 3.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2012-0249",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-0249",
"trust": 1.8,
"value": "LOW"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#551715",
"trust": 0.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201204-066",
"trust": 0.6,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#551715"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002004"
},
{
"db": "NVD",
"id": "CVE-2012-0249"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-066"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in the ospf_ls_upd_list_lsa function in ospf_packet.c in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a Link State Update (aka LS Update) packet that is smaller than the length specified in its header. Quagga, a routing software suite, contains multiple vulnerabilities that result in a denial-of-service condition. Quagga is prone to multiple remote security vulnerabilities including:\n1. A denial-of-service vulnerability\n2. Multiple buffer-overflow vulnerabilities\nAn attackers can exploit these issues to execute arbitrary code in the context of the application or cause denial-of-service conditions. \nQuagga versions prior to 0.99.20.1 are vulnerable. ============================================================================\nUbuntu Security Notice USN-1441-1\nMay 15, 2012\n\nquagga vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 12.04 LTS\n- Ubuntu 11.10\n- Ubuntu 11.04\n- Ubuntu 10.04 LTS\n\nSummary:\n\nQuagga could be made to crash if it received specially crafted network\ntraffic. (CVE-2012-0249,\nCVE-2012-0250)\n\nIt was discovered that Quagga incorrectly handled messages with a malformed\nFour-octet AS Number Capability. After a standard system update you need to restart Quagga to make\nall the necessary changes. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nDebian update for quagga\n\nSECUNIA ADVISORY ID:\nSA48949\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/48949/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48949\n\nRELEASE DATE:\n2012-04-26\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/48949/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/48949/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48949\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nDebian has issued an update for quagga. This fixes multiple\nvulnerabilities, which can be exploited by malicious people to cause\na DoS (Denial of Service). \n\nFor more information:\nSA48388\n\nSOLUTION:\nApply updated packages via the apt-get package manager. \n\nORIGINAL ADVISORY:\nDSA-2459-1:\nhttp://lists.debian.org/debian-security-announce/2012/msg00092.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201310-08\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Quagga: Multiple vulnerabilities\n Date: October 10, 2013\n Bugs: #408507, #475706\n ID: 201310-08\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Quagga, the worst of which\ncould lead to arbitrary code execution. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Quagga users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/quagga-0.99.22.4\"\n\nReferences\n==========\n\n[ 1 ] CVE-2012-0249\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0249\n[ 2 ] CVE-2012-0250\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0250\n[ 3 ] CVE-2012-0255\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0255\n[ 4 ] CVE-2012-1820\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1820\n[ 5 ] CVE-2013-2236\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2236\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201310-08.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2013 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: quagga security update\nAdvisory ID: RHSA-2012:1259-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2012-1259.html\nIssue date: 2012-09-12\nCVE Names: CVE-2011-3323 CVE-2011-3324 CVE-2011-3325 \n CVE-2011-3326 CVE-2011-3327 CVE-2012-0249 \n CVE-2012-0250 CVE-2012-0255 CVE-2012-1820 \n=====================================================================\n\n1. Summary:\n\nUpdated quagga packages that fix multiple security issues are now available\nfor Red Hat Enterprise Linux 6. \n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. The Quagga bgpd daemon\nimplements the BGP (Border Gateway Protocol) routing protocol. The Quagga\nospfd and ospf6d daemons implement the OSPF (Open Shortest Path First)\nrouting protocol. \n\nA heap-based buffer overflow flaw was found in the way the bgpd daemon\nprocessed malformed Extended Communities path attributes. An attacker could\nsend a specially-crafted BGP message, causing bgpd on a target system to\ncrash or, possibly, execute arbitrary code with the privileges of the user\nrunning bgpd. The UPDATE message would have to arrive from an explicitly\nconfigured BGP peer, but could have originated elsewhere in the BGP\nnetwork. An OSPF router could use\nthis flaw to crash ospf6d on an adjacent router. (CVE-2011-3323)\n\nA flaw was found in the way the ospf6d daemon processed malformed link\nstate advertisements. An OSPF neighbor could use this flaw to crash\nospf6d on a target system. (CVE-2011-3324)\n\nA flaw was found in the way the ospfd daemon processed malformed Hello\npackets. An OSPF neighbor could use this flaw to crash ospfd on a\ntarget system. (CVE-2011-3325)\n\nA flaw was found in the way the ospfd daemon processed malformed link state\nadvertisements. An OSPF router in the autonomous system could use this flaw\nto crash ospfd on a target system. An OSPF router could use this flaw to\ncause ospfd on an adjacent router to abort. An OSPF router could use this flaw to\ncrash ospfd on an adjacent router. (CVE-2012-0250)\n\nTwo flaws were found in the way the bgpd daemon processed certain BGP OPEN\nmessages. A configured BGP peer could cause bgpd on a target system to\nabort via a specially-crafted BGP OPEN message. (CVE-2012-0255,\nCVE-2012-1820)\n\nRed Hat would like to thank CERT-FI for reporting CVE-2011-3327,\nCVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326; and the\nCERT/CC for reporting CVE-2012-0249, CVE-2012-0250, CVE-2012-0255, and\nCVE-2012-1820. CERT-FI acknowledges Riku Hietam\u00e4ki, Tuomo Untinen and Jukka\nTaimisto of the Codenomicon CROSS project as the original reporters of\nCVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and\nCVE-2011-3326. The CERT/CC acknowledges Martin Winter at\nOpenSourceRouting.org as the original reporter of CVE-2012-0249,\nCVE-2012-0250, and CVE-2012-0255, and Denis Ovsienko as the original\nreporter of CVE-2012-1820. \n\nUsers of quagga should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, the bgpd, ospfd, and ospf6d daemons will be restarted\nautomatically. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm\n\ni386:\nquagga-0.99.15-7.el6_3.2.i686.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm\n\nppc64:\nquagga-0.99.15-7.el6_3.2.ppc64.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.ppc64.rpm\n\ns390x:\nquagga-0.99.15-7.el6_3.2.s390x.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.s390x.rpm\n\nx86_64:\nquagga-0.99.15-7.el6_3.2.x86_64.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm\n\ni386:\nquagga-contrib-0.99.15-7.el6_3.2.i686.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm\nquagga-devel-0.99.15-7.el6_3.2.i686.rpm\n\nppc64:\nquagga-contrib-0.99.15-7.el6_3.2.ppc64.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.ppc.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.ppc64.rpm\nquagga-devel-0.99.15-7.el6_3.2.ppc.rpm\nquagga-devel-0.99.15-7.el6_3.2.ppc64.rpm\n\ns390x:\nquagga-contrib-0.99.15-7.el6_3.2.s390x.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.s390.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.s390x.rpm\nquagga-devel-0.99.15-7.el6_3.2.s390.rpm\nquagga-devel-0.99.15-7.el6_3.2.s390x.rpm\n\nx86_64:\nquagga-contrib-0.99.15-7.el6_3.2.x86_64.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm\nquagga-devel-0.99.15-7.el6_3.2.i686.rpm\nquagga-devel-0.99.15-7.el6_3.2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm\n\ni386:\nquagga-0.99.15-7.el6_3.2.i686.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm\n\nx86_64:\nquagga-0.99.15-7.el6_3.2.x86_64.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm\n\ni386:\nquagga-contrib-0.99.15-7.el6_3.2.i686.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm\nquagga-devel-0.99.15-7.el6_3.2.i686.rpm\n\nx86_64:\nquagga-contrib-0.99.15-7.el6_3.2.x86_64.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm\nquagga-devel-0.99.15-7.el6_3.2.i686.rpm\nquagga-devel-0.99.15-7.el6_3.2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-3323.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3324.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3325.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3326.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3327.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0249.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0250.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0255.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-1820.html\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2012 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFQUOxMXlSAg2UNWIIRAspnAKDCd5umtQIWFZYD8vyRPpCkAlgiwwCglw+g\nP4VSjxs4xRnVCtT/IOkBkKQ=\n=VtuC\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce. \n\nThis security update upgrades the quagga package to the most recent\nupstream release. This release includes other corrections, such as\nhardening against unknown BGP path attributes. \n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 0.99.20.1-0+squeeze1. \n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 0.99.20.1-1",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-0249"
},
{
"db": "CERT/CC",
"id": "VU#551715"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002004"
},
{
"db": "BID",
"id": "52531"
},
{
"db": "PACKETSTORM",
"id": "112732"
},
{
"db": "PACKETSTORM",
"id": "112206"
},
{
"db": "PACKETSTORM",
"id": "116468"
},
{
"db": "PACKETSTORM",
"id": "123565"
},
{
"db": "PACKETSTORM",
"id": "116469"
},
{
"db": "PACKETSTORM",
"id": "112209"
}
],
"trust": 3.15
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#551715",
"trust": 3.2
},
{
"db": "NVD",
"id": "CVE-2012-0249",
"trust": 3.2
},
{
"db": "SECUNIA",
"id": "48949",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002004",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "20680",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "20685",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201204-066",
"trust": 0.6
},
{
"db": "BID",
"id": "52531",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "112732",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "112206",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "116468",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "123565",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "116469",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "112209",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#551715"
},
{
"db": "BID",
"id": "52531"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002004"
},
{
"db": "PACKETSTORM",
"id": "112732"
},
{
"db": "PACKETSTORM",
"id": "112206"
},
{
"db": "PACKETSTORM",
"id": "116468"
},
{
"db": "PACKETSTORM",
"id": "123565"
},
{
"db": "PACKETSTORM",
"id": "116469"
},
{
"db": "PACKETSTORM",
"id": "112209"
},
{
"db": "NVD",
"id": "CVE-2012-0249"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-066"
}
]
},
"id": "VAR-201204-0159",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.25897437
},
"last_update_date": "2023-12-18T11:43:21.232000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FEDORA-2012-5436",
"trust": 0.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-april/078926.html"
},
{
"title": "FEDORA-2012-5411",
"trust": 0.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-april/078910.html"
},
{
"title": "FEDORA-2012-5352",
"trust": 0.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-april/078794.html"
},
{
"title": "Bug 705",
"trust": 0.8,
"url": "https://bugzilla.quagga.net/show_bug.cgi?id=705"
},
{
"title": "Quagga Routing Suite",
"trust": 0.8,
"url": "http://www.nongnu.org/quagga/"
},
{
"title": "RHSA-2012:1258",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2012-1258.html"
},
{
"title": "RHSA-2012:1259",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2012-1259.html"
},
{
"title": "Multiple Vulnerabilities in Quagga",
"trust": 0.8,
"url": "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_quagga"
},
{
"title": "\u507d\u88c5\u3055\u308c\u305fOSPFv2\u30d1\u30b1\u30c3\u30c8\u306b\u5bfe\u3059\u308b\u53d7\u4fe1\u51e6\u7406\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "http://www.seil.jp/support/security/a01221.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002004"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002004"
},
{
"db": "NVD",
"id": "CVE-2012-0249"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://bugzilla.quagga.net/show_bug.cgi?id=705"
},
{
"trust": 2.4,
"url": "http://www.kb.cert.org/vuls/id/551715"
},
{
"trust": 1.4,
"url": "http://rhn.redhat.com/errata/rhsa-2012-1258.html"
},
{
"trust": 1.4,
"url": "http://rhn.redhat.com/errata/rhsa-2012-1259.html"
},
{
"trust": 1.1,
"url": "http://www.nongnu.org/quagga/"
},
{
"trust": 1.0,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-april/078794.html"
},
{
"trust": 1.0,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-april/078910.html"
},
{
"trust": 1.0,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-april/078926.html"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/48949"
},
{
"trust": 1.0,
"url": "http://www.debian.org/security/2012/dsa-2459"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0249"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu551715/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0249"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/20685"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/20680"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0250"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0249"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0255"
},
{
"trust": 0.3,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=kb76173"
},
{
"trust": 0.3,
"url": "http://savannah.nongnu.org/forum/forum.php?forum_id=7151"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3323.html"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3325.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3323"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3324.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3326"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3325"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3324"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3327"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0249.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0250.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/knowledge/articles/11258"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3326.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3327.html"
},
{
"trust": 0.2,
"url": "http://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1820"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/quagga/0.99.20.1-0ubuntu0.10.04.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/quagga/0.99.20.1-0ubuntu0.11.04.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/quagga/0.99.20.1-0ubuntu0.11.10.2"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-1441-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/quagga/0.99.20.1-0ubuntu0.12.04.2"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48949"
},
{
"trust": 0.1,
"url": "http://lists.debian.org/debian-security-announce/2012/msg00092.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/psi_30_beta_launch"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48949/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48949/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2010-1674.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1674"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1820"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201310-08.xml"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2236"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2236"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0249"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0250"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0255"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0255.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-1820.html"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#551715"
},
{
"db": "BID",
"id": "52531"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002004"
},
{
"db": "PACKETSTORM",
"id": "112732"
},
{
"db": "PACKETSTORM",
"id": "112206"
},
{
"db": "PACKETSTORM",
"id": "116468"
},
{
"db": "PACKETSTORM",
"id": "123565"
},
{
"db": "PACKETSTORM",
"id": "116469"
},
{
"db": "PACKETSTORM",
"id": "112209"
},
{
"db": "NVD",
"id": "CVE-2012-0249"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-066"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#551715"
},
{
"db": "BID",
"id": "52531"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002004"
},
{
"db": "PACKETSTORM",
"id": "112732"
},
{
"db": "PACKETSTORM",
"id": "112206"
},
{
"db": "PACKETSTORM",
"id": "116468"
},
{
"db": "PACKETSTORM",
"id": "123565"
},
{
"db": "PACKETSTORM",
"id": "116469"
},
{
"db": "PACKETSTORM",
"id": "112209"
},
{
"db": "NVD",
"id": "CVE-2012-0249"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-066"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-03-23T00:00:00",
"db": "CERT/CC",
"id": "VU#551715"
},
{
"date": "2012-03-16T00:00:00",
"db": "BID",
"id": "52531"
},
{
"date": "2012-04-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002004"
},
{
"date": "2012-05-15T21:57:44",
"db": "PACKETSTORM",
"id": "112732"
},
{
"date": "2012-04-26T01:55:38",
"db": "PACKETSTORM",
"id": "112206"
},
{
"date": "2012-09-12T23:06:05",
"db": "PACKETSTORM",
"id": "116468"
},
{
"date": "2013-10-10T12:14:00",
"db": "PACKETSTORM",
"id": "123565"
},
{
"date": "2012-09-12T23:06:22",
"db": "PACKETSTORM",
"id": "116469"
},
{
"date": "2012-04-26T21:55:46",
"db": "PACKETSTORM",
"id": "112209"
},
{
"date": "2012-04-05T13:25:30.553000",
"db": "NVD",
"id": "CVE-2012-0249"
},
{
"date": "2010-04-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201204-066"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-03-28T00:00:00",
"db": "CERT/CC",
"id": "VU#551715"
},
{
"date": "2015-04-13T21:16:00",
"db": "BID",
"id": "52531"
},
{
"date": "2012-11-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002004"
},
{
"date": "2018-01-18T02:29:02.707000",
"db": "NVD",
"id": "CVE-2012-0249"
},
{
"date": "2012-04-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201204-066"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201204-066"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Quagga contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#551715"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201204-066"
}
],
"trust": 0.6
}
}
var-201802-1051
Vulnerability from variot
The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI, causing a denial of service. The Quagga BGP daemon bgpd prior to version 1.2.3 may be vulnerable to multiple issues that may result in denial of service, information disclosure, or remote code execution. Quagga bgpd Contains several vulnerabilities: * Buffer overflow (CWE-119) - CVE-2018-5378 (Quagga-2018-0543) * Double memory release (CWE-415) - CVE-2018-5379 (Quagga-2018-1114) * Out of bounds read (CWE-125) - CVE-2018-5380 (Quagga-2018-1550) * Improper handling of incorrect syntactic constructs (CWE-228) - CVE-2018-5381 (Quagga-2018-1975) Detail is Information provided by the developer Please refer to.The expected impact depends on each vulnerability, but remote code execution, information leakage, service operation interruption by a remote third party (DoS) An attack could be made. Quagga is prone to multiple denial of service vulnerabilities. Attackers can exploit these issues to crash the affected application, denying service to legitimate users. A configured peer can take advantage of this flaw to cause a denial of service (bgpd daemon not responding to any other events; BGP sessions will drop and not be reestablished; unresponsive CLI interface).
https://www.quagga.net/security/Quagga-2018-1975.txt
For the oldstable distribution (jessie), these problems have been fixed in version 0.99.23.1-1+deb8u5.
For the stable distribution (stretch), these problems have been fixed in version 1.1.1-3+deb9u2.
We recommend that you upgrade your quagga packages.
For the detailed security status of quagga please refer to its security tracker page at: https://security-tracker.debian.org/tracker/quagga
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlqGBaVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RpyRAAhVpntFw+LSUUzL2/cx7m+s4fHijhOkU/AjKKmW4a9rAi0iJYW4HNv5BU cKfz6yhngFUzCa+Glhmiwzt77eAoeksJSvxkKio5CTqjV3OxCWbDPPz/iRRHcKvK MGhnqyShMCF8boQU0plmqNbfhnSWNAObbaI2fPmjLOU4A4jPY1T/fbzu4Sd3k5qY ETeHq9+HlVdGnyNEoYnoO0XQH56ueNHy3VlChJ0S2OPtFtoKXkjM/er+yG6413+G 3e90tcbm2xlitmrTyZm9K/Q08UWLJx510n1rxehaO1DTEz+bqSNezySOhyNb8sTA fuadDpgs2ozwgSmxyuWFj0RL3fKvgycw1ZeNiS5nUmRJTobrPlnjyX+A8FEJhPuI 9xyVa8j6wUeBVZdgd9b/EWLQ1Z9oDRiXmHRJeVOtz4JRNPP1KLtBcsPxFW9eCp83 9gFMqk/vMYQSpRqtQdnl5OawEpeurMtusBsnlEV5y9afiHU9jKB8N7RPwxCJgtjP /jmhS4lOvn3F5lNILahaL3lrk/b0EsECajBltbN9YVU0yabWWRWSMrJ3ujamhaXE aUQKmVj1alwDyg90vToiUftdr3R0hPPFuzA0BAK55SJVzjwJ2XInzItr+2y1tMPn dSpd32tzrxpDm86rvmRIiAJbj28n7QnX9I9BlKZqWq2fUUhTkNg= =Gy8j -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201804-17
https://security.gentoo.org/
Severity: High Title: Quagga: Multiple vulnerabilities Date: April 22, 2018 Bugs: #647788 ID: 201804-17
Synopsis
Multiple vulnerabilities have been found in Quagga, the worst of which could allow remote attackers to execute arbitrary code. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All Quagga users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/quagga-1.2.4"
References
[ 1 ] CVE-2018-5378 https://nvd.nist.gov/vuln/detail/CVE-2018-5378 [ 2 ] CVE-2018-5379 https://nvd.nist.gov/vuln/detail/CVE-2018-5379 [ 3 ] CVE-2018-5380 https://nvd.nist.gov/vuln/detail/CVE-2018-5380 [ 4 ] CVE-2018-5381 https://nvd.nist.gov/vuln/detail/CVE-2018-5381
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201804-17
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-3573-1 February 16, 2018
quagga vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Quagga.
Software Description: - quagga: BGP/OSPF/RIP routing daemon
Details:
It was discovered that a double-free vulnerability existed in the Quagga BGP daemon when processing certain forms of UPDATE message. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2018-5379)
It was discovered that the Quagga BGP daemon did not properly bounds check the data sent with a NOTIFY to a peer. An attacker could use this to expose sensitive information or possibly cause a denial of service. This issue only affected Ubuntu 17.10. (CVE-2018-5378)
It was discovered that a table overrun vulnerability existed in the Quagga BGP daemon. An attacker in control of a configured peer could use this to possibly expose sensitive information or possibly cause a denial of service. (CVE-2018-5381)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 17.10: quagga 1.1.1-3ubuntu0.2 quagga-bgpd 1.1.1-3ubuntu0.2
Ubuntu 16.04 LTS: quagga 0.99.24.1-2ubuntu1.4
Ubuntu 14.04 LTS: quagga 0.99.22.4-3ubuntu1.5
After a standard system update you need to restart Quagga to make all the necessary changes.
References: https://www.ubuntu.com/usn/usn-3573-1 CVE-2018-5378, CVE-2018-5379, CVE-2018-5380, CVE-2018-5381
Package Information: https://launchpad.net/ubuntu/+source/quagga/1.1.1-3ubuntu0.2 https://launchpad.net/ubuntu/+source/quagga/0.99.24.1-2ubuntu1.4 https://launchpad.net/ubuntu/+source/quagga/0.99.22.4-3ubuntu1.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201802-1051",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linux",
"scope": "eq",
"trust": 1.6,
"vendor": "debian",
"version": "8.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.6,
"vendor": "debian",
"version": "9.0"
},
{
"model": "ruggedcom rox ii",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.13.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "17.10"
},
{
"model": "quagga",
"scope": "lte",
"trust": 1.0,
"vendor": "quagga",
"version": "1.2.2"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian gnu linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "suse linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubuntu",
"version": null
},
{
"model": "quagga",
"scope": "lt",
"trust": 0.8,
"vendor": "quagga",
"version": "1.2.3 earlier"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "17.10"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "16.04"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "ruggedcom rox ii",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2.9"
},
{
"model": "ruggedcom rox ii",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2.12"
},
{
"model": "ruggedcom rox ii",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2.11"
},
{
"model": "ruggedcom rox ii",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2.10"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "1.2.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "1.2.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "1.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "1.1.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "1.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.24"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.22"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.21"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.17"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.16"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.15"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.14"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.13"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.12"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.11"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.10"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.9"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.8"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.7"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.6"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.6"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.97.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.97.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.97.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.97.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.97"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.22.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.22.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.22.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.20"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.19"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.18"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.97.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.95"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.93"
},
{
"model": "ruggedcom rox ii",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "2.13"
},
{
"model": "quagga",
"scope": "ne",
"trust": 0.3,
"vendor": "quagga",
"version": "1.2.3"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#940439"
},
{
"db": "BID",
"id": "107837"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001492"
},
{
"db": "NVD",
"id": "CVE-2018-5381"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-827"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.2.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_ii_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.13.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_ii:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-5381"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens reported these vulnerabilities to NCCIC.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201802-827"
}
],
"trust": 0.6
},
"cve": "CVE-2018-5381",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "JPCERT/CC",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2018-001492",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-5381",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cret@cert.org",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "JPCERT/CC",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2018-001492",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-5381",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cret@cert.org",
"id": "CVE-2018-5381",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "JPCERT/CC",
"id": "JVNDB-2018-001492",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201802-827",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-5381",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-5381"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001492"
},
{
"db": "NVD",
"id": "CVE-2018-5381"
},
{
"db": "NVD",
"id": "CVE-2018-5381"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-827"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of \"Capabilities\" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI, causing a denial of service. The Quagga BGP daemon bgpd prior to version 1.2.3 may be vulnerable to multiple issues that may result in denial of service, information disclosure, or remote code execution. Quagga bgpd Contains several vulnerabilities: * Buffer overflow (CWE-119) - CVE-2018-5378 (Quagga-2018-0543) * Double memory release (CWE-415) - CVE-2018-5379 (Quagga-2018-1114) * Out of bounds read (CWE-125) - CVE-2018-5380 (Quagga-2018-1550) * Improper handling of incorrect syntactic constructs (CWE-228) - CVE-2018-5381 (Quagga-2018-1975) Detail is \u003ca href=\"https://savannah.nongnu.org/forum/forum.php?forum_id=9095\"target=\"blank\"\u003e Information provided by the developer \u003c/a\u003e Please refer to.The expected impact depends on each vulnerability, but remote code execution, information leakage, service operation interruption by a remote third party (DoS) An attack could be made. Quagga is prone to multiple denial of service vulnerabilities. \nAttackers can exploit these issues to crash the affected application, denying service to legitimate users. \n A configured peer can take advantage of this flaw to cause a denial\n of service (bgpd daemon not responding to any other events; BGP\n sessions will drop and not be reestablished; unresponsive CLI\n interface). \n\n https://www.quagga.net/security/Quagga-2018-1975.txt\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 0.99.23.1-1+deb8u5. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.1.1-3+deb9u2. \n\nWe recommend that you upgrade your quagga packages. \n\nFor the detailed security status of quagga please refer to its security\ntracker page at: https://security-tracker.debian.org/tracker/quagga\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlqGBaVfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0RpyRAAhVpntFw+LSUUzL2/cx7m+s4fHijhOkU/AjKKmW4a9rAi0iJYW4HNv5BU\ncKfz6yhngFUzCa+Glhmiwzt77eAoeksJSvxkKio5CTqjV3OxCWbDPPz/iRRHcKvK\nMGhnqyShMCF8boQU0plmqNbfhnSWNAObbaI2fPmjLOU4A4jPY1T/fbzu4Sd3k5qY\nETeHq9+HlVdGnyNEoYnoO0XQH56ueNHy3VlChJ0S2OPtFtoKXkjM/er+yG6413+G\n3e90tcbm2xlitmrTyZm9K/Q08UWLJx510n1rxehaO1DTEz+bqSNezySOhyNb8sTA\nfuadDpgs2ozwgSmxyuWFj0RL3fKvgycw1ZeNiS5nUmRJTobrPlnjyX+A8FEJhPuI\n9xyVa8j6wUeBVZdgd9b/EWLQ1Z9oDRiXmHRJeVOtz4JRNPP1KLtBcsPxFW9eCp83\n9gFMqk/vMYQSpRqtQdnl5OawEpeurMtusBsnlEV5y9afiHU9jKB8N7RPwxCJgtjP\n/jmhS4lOvn3F5lNILahaL3lrk/b0EsECajBltbN9YVU0yabWWRWSMrJ3ujamhaXE\naUQKmVj1alwDyg90vToiUftdr3R0hPPFuzA0BAK55SJVzjwJ2XInzItr+2y1tMPn\ndSpd32tzrxpDm86rvmRIiAJbj28n7QnX9I9BlKZqWq2fUUhTkNg=\n=Gy8j\n-----END PGP SIGNATURE-----\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201804-17\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Quagga: Multiple vulnerabilities\n Date: April 22, 2018\n Bugs: #647788\n ID: 201804-17\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Quagga, the worst of which\ncould allow remote attackers to execute arbitrary code. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Quagga users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/quagga-1.2.4\"\n\nReferences\n==========\n\n[ 1 ] CVE-2018-5378\n https://nvd.nist.gov/vuln/detail/CVE-2018-5378\n[ 2 ] CVE-2018-5379\n https://nvd.nist.gov/vuln/detail/CVE-2018-5379\n[ 3 ] CVE-2018-5380\n https://nvd.nist.gov/vuln/detail/CVE-2018-5380\n[ 4 ] CVE-2018-5381\n https://nvd.nist.gov/vuln/detail/CVE-2018-5381\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201804-17\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2018 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. ==========================================================================\nUbuntu Security Notice USN-3573-1\nFebruary 16, 2018\n\nquagga vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 17.10\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Quagga. \n\nSoftware Description:\n- quagga: BGP/OSPF/RIP routing daemon\n\nDetails:\n\nIt was discovered that a double-free vulnerability existed in the\nQuagga BGP daemon when processing certain forms of UPDATE message. \nA remote attacker could use this to cause a denial of service or\npossibly execute arbitrary code. (CVE-2018-5379)\n\nIt was discovered that the Quagga BGP daemon did not properly bounds\ncheck the data sent with a NOTIFY to a peer. An attacker could use this\nto expose sensitive information or possibly cause a denial of service. \nThis issue only affected Ubuntu 17.10. (CVE-2018-5378)\n\nIt was discovered that a table overrun vulnerability existed in the\nQuagga BGP daemon. An attacker in control of a configured peer could\nuse this to possibly expose sensitive information or possibly cause\na denial of service. (CVE-2018-5381)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 17.10:\n quagga 1.1.1-3ubuntu0.2\n quagga-bgpd 1.1.1-3ubuntu0.2\n\nUbuntu 16.04 LTS:\n quagga 0.99.24.1-2ubuntu1.4\n\nUbuntu 14.04 LTS:\n quagga 0.99.22.4-3ubuntu1.5\n\nAfter a standard system update you need to restart Quagga to make\nall the necessary changes. \n\nReferences:\n https://www.ubuntu.com/usn/usn-3573-1\n CVE-2018-5378, CVE-2018-5379, CVE-2018-5380, CVE-2018-5381\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/quagga/1.1.1-3ubuntu0.2\n https://launchpad.net/ubuntu/+source/quagga/0.99.24.1-2ubuntu1.4\n https://launchpad.net/ubuntu/+source/quagga/0.99.22.4-3ubuntu1.5\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-5381"
},
{
"db": "CERT/CC",
"id": "VU#940439"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001492"
},
{
"db": "BID",
"id": "107837"
},
{
"db": "VULMON",
"id": "CVE-2018-5381"
},
{
"db": "PACKETSTORM",
"id": "146416"
},
{
"db": "PACKETSTORM",
"id": "147305"
},
{
"db": "PACKETSTORM",
"id": "146410"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#940439",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2018-5381",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSA-19-099-05",
"trust": 1.8
},
{
"db": "SIEMENS",
"id": "SSA-451142",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU95518305",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001492",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.1207",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201802-827",
"trust": 0.6
},
{
"db": "BID",
"id": "107837",
"trust": 0.3
},
{
"db": "VULMON",
"id": "CVE-2018-5381",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "146416",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147305",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "146410",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#940439"
},
{
"db": "VULMON",
"id": "CVE-2018-5381"
},
{
"db": "BID",
"id": "107837"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001492"
},
{
"db": "PACKETSTORM",
"id": "146416"
},
{
"db": "PACKETSTORM",
"id": "147305"
},
{
"db": "PACKETSTORM",
"id": "146410"
},
{
"db": "NVD",
"id": "CVE-2018-5381"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-827"
}
]
},
"id": "VAR-201802-1051",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.52540106
},
"last_update_date": "2023-12-18T12:29:10.809000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AXSA:2018-2582:01",
"trust": 0.8,
"url": "https://tsn.miraclelinux.com/ja/node/9025"
},
{
"title": "Quagga 1.2.3 Release, with significant BGP security fixes",
"trust": 0.8,
"url": "https://savannah.nongnu.org/forum/forum.php?forum_id=9095"
},
{
"title": "\u4e0d\u6b63\u306a\u30e1\u30c3\u30bb\u30fc\u30b8\u306e\u53d7\u4fe1\u306b\u3088\u308aBGP\u6a5f\u80fd\u304c\u505c\u6b62\u3059\u308b\u8106\u5f31\u6027",
"trust": 0.8,
"url": "http://www.seil.jp/support/security/a01864.html"
},
{
"title": "Quagga BGP daemon Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=90580"
},
{
"title": "Ubuntu Security Notice: quagga vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3573-1"
},
{
"title": "Red Hat: CVE-2018-5381",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2018-5381"
},
{
"title": "Debian Security Advisories: DSA-4115-1 quagga -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=60039c87d27a61271ac8cea042fa360d"
},
{
"title": "Amazon Linux AMI: ALAS-2018-957",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2018-957"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=743274c8dcbded6c8c6a2fcbd1f712aa"
},
{
"title": "Debian CVElist Bug Report Logs: quagga: CVE-2018-5378 CVE-2018-5379 CVE-2018-5380 CVE-2018-5381",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=4da9cc5babf3128084a3957af98f57a1"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=72fe5ebf222112c8481815fd7cefc7af"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-5381"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001492"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-827"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-835",
"trust": 1.0
},
{
"problemtype": "CWE-119",
"trust": 0.8
},
{
"problemtype": "CWE-125",
"trust": 0.8
},
{
"problemtype": "CWE-415",
"trust": 0.8
},
{
"problemtype": "CWE-228",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001492"
},
{
"db": "NVD",
"id": "CVE-2018-5381"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://savannah.nongnu.org/forum/forum.php?forum_id=9095"
},
{
"trust": 2.8,
"url": "https://www.debian.org/security/2018/dsa-4115"
},
{
"trust": 2.6,
"url": "http://www.kb.cert.org/vuls/id/940439"
},
{
"trust": 2.1,
"url": "https://usn.ubuntu.com/3573-1/"
},
{
"trust": 2.0,
"url": "https://gogs.quagga.net/quagga/quagga/src/master/doc/security/quagga-2018-1975.txt"
},
{
"trust": 2.0,
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00021.html"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/201804-17"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdf"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5378"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5379"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5380"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5381"
},
{
"trust": 1.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-099-05"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/125.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/228.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/415.html"
},
{
"trust": 0.8,
"url": "http://lists.suse.com/pipermail/sle-security-updates/2018-february/003735.html"
},
{
"trust": 0.8,
"url": "https://usn.ubuntu.com/usn/usn-3573-1/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5381"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5378"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5379"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5380"
},
{
"trust": 0.8,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-099-05"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu95518305/index.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/78746"
},
{
"trust": 0.3,
"url": "http://www.quagga.net/"
},
{
"trust": 0.3,
"url": "https://www.kb.cert.org/vuls/id/940439/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-5380"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-5381"
},
{
"trust": 0.3,
"url": "https://gogs.quagga.net/quagga/quagga/src/master/doc/security/quagga-2018-1550.txt"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/835.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.quagga.net/security/quagga-2018-0543.txt"
},
{
"trust": 0.1,
"url": "https://www.quagga.net/security/quagga-2018-1975.txt"
},
{
"trust": 0.1,
"url": "https://www.quagga.net/security/quagga-2018-1550.txt"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://www.quagga.net/security/quagga-2018-1114.txt"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/quagga"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/quagga/1.1.1-3ubuntu0.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/quagga/0.99.22.4-3ubuntu1.5"
},
{
"trust": 0.1,
"url": "https://www.ubuntu.com/usn/usn-3573-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/quagga/0.99.24.1-2ubuntu1.4"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#940439"
},
{
"db": "VULMON",
"id": "CVE-2018-5381"
},
{
"db": "BID",
"id": "107837"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001492"
},
{
"db": "PACKETSTORM",
"id": "146416"
},
{
"db": "PACKETSTORM",
"id": "147305"
},
{
"db": "PACKETSTORM",
"id": "146410"
},
{
"db": "NVD",
"id": "CVE-2018-5381"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-827"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#940439"
},
{
"db": "VULMON",
"id": "CVE-2018-5381"
},
{
"db": "BID",
"id": "107837"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001492"
},
{
"db": "PACKETSTORM",
"id": "146416"
},
{
"db": "PACKETSTORM",
"id": "147305"
},
{
"db": "PACKETSTORM",
"id": "146410"
},
{
"db": "NVD",
"id": "CVE-2018-5381"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-827"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-15T00:00:00",
"db": "CERT/CC",
"id": "VU#940439"
},
{
"date": "2018-02-19T00:00:00",
"db": "VULMON",
"id": "CVE-2018-5381"
},
{
"date": "2018-02-19T00:00:00",
"db": "BID",
"id": "107837"
},
{
"date": "2018-02-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001492"
},
{
"date": "2018-02-16T14:36:28",
"db": "PACKETSTORM",
"id": "146416"
},
{
"date": "2018-04-23T20:02:00",
"db": "PACKETSTORM",
"id": "147305"
},
{
"date": "2018-02-15T23:25:00",
"db": "PACKETSTORM",
"id": "146410"
},
{
"date": "2018-02-19T13:29:00.583000",
"db": "NVD",
"id": "CVE-2018-5381"
},
{
"date": "2018-02-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201802-827"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-19T00:00:00",
"db": "CERT/CC",
"id": "VU#940439"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2018-5381"
},
{
"date": "2018-02-19T00:00:00",
"db": "BID",
"id": "107837"
},
{
"date": "2019-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001492"
},
{
"date": "2019-10-09T23:41:15.877000",
"db": "NVD",
"id": "CVE-2018-5381"
},
{
"date": "2019-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201802-827"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "147305"
},
{
"db": "PACKETSTORM",
"id": "146410"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-827"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Quagga bgpd is affected by multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#940439"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201802-827"
}
],
"trust": 0.6
}
}
var-201702-0007
Vulnerability from variot
It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size; however, BUFSIZ is system-dependent. Quagga is a routing software suite. The kit implements OSPFv2, OSPFv3, and RIPv1/v2 protocols on multiple platforms, and provides functions such as route redistribution and route mapping. Quagga has a buffer overflow vulnerability that could allow an attacker to execute arbitrary code in the context of a user running an affected application. A failed attempt will result in a denial of service condition. Quagga is prone to a buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed exploit attempts will likely cause denial-of-service conditions.
Gentoo Linux Security Advisory GLSA 201701-48
https://security.gentoo.org/
Severity: Normal Title: Quagga: Multiple vulnerabilities Date: January 21, 2017 Bugs: #581526, #597410 ID: 201701-48
Synopsis
Multiple vulnerabilities have been found in Quagga, the worst of which could allow remote attackers to execute arbitrary code.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/quagga < 1.1.0-r2 >= 1.1.0-r2
Description
Multiple vulnerabilities have been discovered in Quagga. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All Quagga users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/quagga-1.1.0-r2"
References
[ 1 ] CVE-2016-1245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1245 [ 2 ] CVE-2016-4049 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4049
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201701-48
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
Ubuntu Security Notice USN-3110-1 October 25, 2016
quagga vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Quagga could be made to crash if it received specially crafted network traffic.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.10: quagga 1.0.20160315-2ubuntu0.1
Ubuntu 16.04 LTS: quagga 0.99.24.1-2ubuntu1.2
Ubuntu 14.04 LTS: quagga 0.99.22.4-3ubuntu1.3
Ubuntu 12.04 LTS: quagga 0.99.20.1-0ubuntu0.12.04.6
After a standard system update you need to restart Quagga to make all the necessary changes.
For the stable distribution (jessie), this problem has been fixed in version 0.99.23.1-1+deb8u3.
We recommend that you upgrade your quagga packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: quagga security and bug fix update Advisory ID: RHSA-2017:0794-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0794.html Issue date: 2017-03-21 CVE Names: CVE-2013-2236 CVE-2016-1245 CVE-2016-2342 CVE-2016-4049 CVE-2017-5495 =====================================================================
- Summary:
An update for quagga is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
-
Quagga supports the BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng protocols, and is intended to be used as a Route Server and Route Reflector. A remote attacker could use this flaw to crash the zebra daemon resulting in denial of service. A remote attacker could use this flaw to crash the bgpd daemon resulting in denial of service. (CVE-2016-2342)
-
A denial of service flaw was found in the Quagga BGP routing daemon (bgpd). Under certain circumstances, a remote attacker could send a crafted packet to crash the bgpd daemon resulting in denial of service. (CVE-2016-4049)
-
A denial of service flaw affecting various daemons in Quagga was found. A remote attacker could use this flaw to cause the various Quagga daemons, which expose their telnet interface, to crash. A remote attacker could use this flaw to crash the ospfd daemon resulting in denial of service. (CVE-2013-2236)
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the bgpd daemon must be restarted for the update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
674862 - Add missing man pages in quagga package 770731 - Interface prefix advertisement declaration prevents ospf6d from starting 839620 - /etc/sysconfig/quagga defines QCONFDIR, init scripts do not use it 842308 - quagga daemon pidfiles remain after daemons are stopped 862826 - Correct spec to add watchquagga 981124 - CVE-2013-2236 Quagga: OSPFD Potential remote code exec (stack based buffer overflow) 1316571 - CVE-2016-2342 quagga: VPNv4 NLRI parser memcpys to stack on unchecked length 1331372 - CVE-2016-4049 quagga: denial of service vulnerability in BGP routing daemon 1386109 - CVE-2016-1245 quagga: Buffer Overflow in IPv6 RA handling 1416013 - CVE-2017-5495 quagga: Telnet interface input buffer allocates unbounded amounts of memory
- Package List:
Red Hat Enterprise Linux Server (v. 6):
Source: quagga-0.99.15-14.el6.src.rpm
i386: quagga-0.99.15-14.el6.i686.rpm quagga-debuginfo-0.99.15-14.el6.i686.rpm
ppc64: quagga-0.99.15-14.el6.ppc64.rpm quagga-debuginfo-0.99.15-14.el6.ppc64.rpm
s390x: quagga-0.99.15-14.el6.s390x.rpm quagga-debuginfo-0.99.15-14.el6.s390x.rpm
x86_64: quagga-0.99.15-14.el6.x86_64.rpm quagga-debuginfo-0.99.15-14.el6.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386: quagga-contrib-0.99.15-14.el6.i686.rpm quagga-debuginfo-0.99.15-14.el6.i686.rpm quagga-devel-0.99.15-14.el6.i686.rpm
ppc64: quagga-contrib-0.99.15-14.el6.ppc64.rpm quagga-debuginfo-0.99.15-14.el6.ppc.rpm quagga-debuginfo-0.99.15-14.el6.ppc64.rpm quagga-devel-0.99.15-14.el6.ppc.rpm quagga-devel-0.99.15-14.el6.ppc64.rpm
s390x: quagga-contrib-0.99.15-14.el6.s390x.rpm quagga-debuginfo-0.99.15-14.el6.s390.rpm quagga-debuginfo-0.99.15-14.el6.s390x.rpm quagga-devel-0.99.15-14.el6.s390.rpm quagga-devel-0.99.15-14.el6.s390x.rpm
x86_64: quagga-contrib-0.99.15-14.el6.x86_64.rpm quagga-debuginfo-0.99.15-14.el6.i686.rpm quagga-debuginfo-0.99.15-14.el6.x86_64.rpm quagga-devel-0.99.15-14.el6.i686.rpm quagga-devel-0.99.15-14.el6.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: quagga-0.99.15-14.el6.src.rpm
i386: quagga-0.99.15-14.el6.i686.rpm quagga-debuginfo-0.99.15-14.el6.i686.rpm
x86_64: quagga-0.99.15-14.el6.x86_64.rpm quagga-debuginfo-0.99.15-14.el6.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386: quagga-contrib-0.99.15-14.el6.i686.rpm quagga-debuginfo-0.99.15-14.el6.i686.rpm quagga-devel-0.99.15-14.el6.i686.rpm
x86_64: quagga-contrib-0.99.15-14.el6.x86_64.rpm quagga-debuginfo-0.99.15-14.el6.i686.rpm quagga-debuginfo-0.99.15-14.el6.x86_64.rpm quagga-devel-0.99.15-14.el6.i686.rpm quagga-devel-0.99.15-14.el6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2013-2236 https://access.redhat.com/security/cve/CVE-2016-1245 https://access.redhat.com/security/cve/CVE-2016-2342 https://access.redhat.com/security/cve/CVE-2016-4049 https://access.redhat.com/security/cve/CVE-2017-5495 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFY0PZlXlSAg2UNWIIRAk04AJ9quLI5264pSVvfyo8UnOkIRLPkxgCePk5v hgFzQjA6W9PSi1maCzaBHug= =Wvx0 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0007",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quagga",
"scope": "lte",
"trust": 1.0,
"vendor": "quagga",
"version": "1.0.20160315"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "gnu/linux",
"scope": "eq",
"trust": 0.8,
"vendor": "debian",
"version": "8.0"
},
{
"model": "quagga",
"scope": "lt",
"trust": 0.8,
"vendor": "quagga",
"version": "1.0.20161017"
},
{
"model": "quagga",
"scope": null,
"trust": 0.6,
"vendor": "quagga",
"version": null
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.6,
"vendor": "quagga",
"version": "1.0.20160315"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "16.10"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "16.04"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux enterprise software development kit sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "12"
},
{
"model": "linux enterprise software development kit sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "12"
},
{
"model": "linux enterprise server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise debuginfo sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "13.2"
},
{
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.22"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.21"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.17"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.16"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.15"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.14"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.13"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.12"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.11"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.10"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.9"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.8"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.7"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.6"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.6"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.97.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.97.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.97.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.97"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.22.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.22.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.20.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.20"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.19"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.18"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.97.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.3"
},
{
"model": "quagga",
"scope": "ne",
"trust": 0.3,
"vendor": "quagga",
"version": "1.0.20161017"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10247"
},
{
"db": "BID",
"id": "93775"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007819"
},
{
"db": "NVD",
"id": "CVE-2016-1245"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-680"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.20160315",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1245"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "David Lamparter",
"sources": [
{
"db": "BID",
"id": "93775"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-680"
}
],
"trust": 0.9
},
"cve": "CVE-2016-1245",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-1245",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-10247",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-1245",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-1245",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2016-10247",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201610-680",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-1245",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10247"
},
{
"db": "VULMON",
"id": "CVE-2016-1245"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007819"
},
{
"db": "NVD",
"id": "CVE-2016-1245"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-680"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size; however, BUFSIZ is system-dependent. Quagga is a routing software suite. The kit implements OSPFv2, OSPFv3, and RIPv1/v2 protocols on multiple platforms, and provides functions such as route redistribution and route mapping. Quagga has a buffer overflow vulnerability that could allow an attacker to execute arbitrary code in the context of a user running an affected application. A failed attempt will result in a denial of service condition. Quagga is prone to a buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed exploit attempts will likely cause denial-of-service conditions. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201701-48\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Quagga: Multiple vulnerabilities\n Date: January 21, 2017\n Bugs: #581526, #597410\n ID: 201701-48\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Quagga, the worst of which\ncould allow remote attackers to execute arbitrary code. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/quagga \u003c 1.1.0-r2 \u003e= 1.1.0-r2\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Quagga. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Quagga users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/quagga-1.1.0-r2\"\n\nReferences\n==========\n\n[ 1 ] CVE-2016-1245\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1245\n[ 2 ] CVE-2016-4049\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4049\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201701-48\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2017 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. \n===========================================================================\nUbuntu Security Notice USN-3110-1\nOctober 25, 2016\n\nquagga vulnerability\n===========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.10\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nQuagga could be made to crash if it received specially crafted network\ntraffic. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.10:\n quagga 1.0.20160315-2ubuntu0.1\n\nUbuntu 16.04 LTS:\n quagga 0.99.24.1-2ubuntu1.2\n\nUbuntu 14.04 LTS:\n quagga 0.99.22.4-3ubuntu1.3\n\nUbuntu 12.04 LTS:\n quagga 0.99.20.1-0ubuntu0.12.04.6\n\nAfter a standard system update you need to restart Quagga to make all the\nnecessary changes. \n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 0.99.23.1-1+deb8u3. \n\nWe recommend that you upgrade your quagga packages. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: quagga security and bug fix update\nAdvisory ID: RHSA-2017:0794-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2017-0794.html\nIssue date: 2017-03-21\nCVE Names: CVE-2013-2236 CVE-2016-1245 CVE-2016-2342 \n CVE-2016-4049 CVE-2017-5495 \n=====================================================================\n\n1. Summary:\n\nAn update for quagga is now available for Red Hat Enterprise Linux 6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. Quagga supports the BGP4, BGP4+,\nOSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng protocols, and is intended to be\nused as a Route Server and Route Reflector. A remote attacker could use this flaw\nto crash the zebra daemon resulting in denial of service. A remote\nattacker could use this flaw to crash the bgpd daemon resulting in denial\nof service. (CVE-2016-2342)\n\n* A denial of service flaw was found in the Quagga BGP routing daemon\n(bgpd). Under certain circumstances, a remote attacker could send a crafted\npacket to crash the bgpd daemon resulting in denial of service. \n(CVE-2016-4049)\n\n* A denial of service flaw affecting various daemons in Quagga was found. A\nremote attacker could use this flaw to cause the various Quagga daemons,\nwhich expose their telnet interface, to crash. A remote attacker\ncould use this flaw to crash the ospfd daemon resulting in denial of\nservice. (CVE-2013-2236)\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9\nTechnical Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the bgpd daemon must be restarted\nfor the update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n674862 - Add missing man pages in quagga package\n770731 - Interface prefix advertisement declaration prevents ospf6d from starting\n839620 - /etc/sysconfig/quagga defines QCONFDIR, init scripts do not use it\n842308 - quagga daemon pidfiles remain after daemons are stopped\n862826 - Correct spec to add watchquagga\n981124 - CVE-2013-2236 Quagga: OSPFD Potential remote code exec (stack based buffer overflow)\n1316571 - CVE-2016-2342 quagga: VPNv4 NLRI parser memcpys to stack on unchecked length\n1331372 - CVE-2016-4049 quagga: denial of service vulnerability in BGP routing daemon\n1386109 - CVE-2016-1245 quagga: Buffer Overflow in IPv6 RA handling\n1416013 - CVE-2017-5495 quagga: Telnet interface input buffer allocates unbounded amounts of memory\n\n6. Package List:\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nquagga-0.99.15-14.el6.src.rpm\n\ni386:\nquagga-0.99.15-14.el6.i686.rpm\nquagga-debuginfo-0.99.15-14.el6.i686.rpm\n\nppc64:\nquagga-0.99.15-14.el6.ppc64.rpm\nquagga-debuginfo-0.99.15-14.el6.ppc64.rpm\n\ns390x:\nquagga-0.99.15-14.el6.s390x.rpm\nquagga-debuginfo-0.99.15-14.el6.s390x.rpm\n\nx86_64:\nquagga-0.99.15-14.el6.x86_64.rpm\nquagga-debuginfo-0.99.15-14.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nquagga-contrib-0.99.15-14.el6.i686.rpm\nquagga-debuginfo-0.99.15-14.el6.i686.rpm\nquagga-devel-0.99.15-14.el6.i686.rpm\n\nppc64:\nquagga-contrib-0.99.15-14.el6.ppc64.rpm\nquagga-debuginfo-0.99.15-14.el6.ppc.rpm\nquagga-debuginfo-0.99.15-14.el6.ppc64.rpm\nquagga-devel-0.99.15-14.el6.ppc.rpm\nquagga-devel-0.99.15-14.el6.ppc64.rpm\n\ns390x:\nquagga-contrib-0.99.15-14.el6.s390x.rpm\nquagga-debuginfo-0.99.15-14.el6.s390.rpm\nquagga-debuginfo-0.99.15-14.el6.s390x.rpm\nquagga-devel-0.99.15-14.el6.s390.rpm\nquagga-devel-0.99.15-14.el6.s390x.rpm\n\nx86_64:\nquagga-contrib-0.99.15-14.el6.x86_64.rpm\nquagga-debuginfo-0.99.15-14.el6.i686.rpm\nquagga-debuginfo-0.99.15-14.el6.x86_64.rpm\nquagga-devel-0.99.15-14.el6.i686.rpm\nquagga-devel-0.99.15-14.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nquagga-0.99.15-14.el6.src.rpm\n\ni386:\nquagga-0.99.15-14.el6.i686.rpm\nquagga-debuginfo-0.99.15-14.el6.i686.rpm\n\nx86_64:\nquagga-0.99.15-14.el6.x86_64.rpm\nquagga-debuginfo-0.99.15-14.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nquagga-contrib-0.99.15-14.el6.i686.rpm\nquagga-debuginfo-0.99.15-14.el6.i686.rpm\nquagga-devel-0.99.15-14.el6.i686.rpm\n\nx86_64:\nquagga-contrib-0.99.15-14.el6.x86_64.rpm\nquagga-debuginfo-0.99.15-14.el6.i686.rpm\nquagga-debuginfo-0.99.15-14.el6.x86_64.rpm\nquagga-devel-0.99.15-14.el6.i686.rpm\nquagga-devel-0.99.15-14.el6.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2013-2236\nhttps://access.redhat.com/security/cve/CVE-2016-1245\nhttps://access.redhat.com/security/cve/CVE-2016-2342\nhttps://access.redhat.com/security/cve/CVE-2016-4049\nhttps://access.redhat.com/security/cve/CVE-2017-5495\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2017 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFY0PZlXlSAg2UNWIIRAk04AJ9quLI5264pSVvfyo8UnOkIRLPkxgCePk5v\nhgFzQjA6W9PSi1maCzaBHug=\n=Wvx0\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1245"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007819"
},
{
"db": "CNVD",
"id": "CNVD-2016-10247"
},
{
"db": "BID",
"id": "93775"
},
{
"db": "VULMON",
"id": "CVE-2016-1245"
},
{
"db": "PACKETSTORM",
"id": "140655"
},
{
"db": "PACKETSTORM",
"id": "139326"
},
{
"db": "PACKETSTORM",
"id": "139206"
},
{
"db": "PACKETSTORM",
"id": "141746"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1245",
"trust": 3.8
},
{
"db": "BID",
"id": "93775",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007819",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2016-10247",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201610-680",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2016-1245",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "140655",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139326",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139206",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "141746",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10247"
},
{
"db": "VULMON",
"id": "CVE-2016-1245"
},
{
"db": "BID",
"id": "93775"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007819"
},
{
"db": "PACKETSTORM",
"id": "140655"
},
{
"db": "PACKETSTORM",
"id": "139326"
},
{
"db": "PACKETSTORM",
"id": "139206"
},
{
"db": "PACKETSTORM",
"id": "141746"
},
{
"db": "NVD",
"id": "CVE-2016-1245"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-680"
}
]
},
"id": "VAR-201702-0007",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10247"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10247"
}
]
},
"last_update_date": "2023-12-18T11:37:26.848000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-3695",
"trust": 0.8,
"url": "https://www.debian.org/security/2016/dsa-3695"
},
{
"title": "zebra: stack overrun in IPv6 RA receive code (CVE-2016-1245) ",
"trust": 0.8,
"url": "https://github.com/quagga/quagga/commit/cfb1fae25f8c092e0d17073eaf7bd428ce1cd546"
},
{
"title": "Bug 1386109",
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1386109"
},
{
"title": "Patch for Quagga Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/83201"
},
{
"title": "Quagga Buffer Overflow Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=65047"
},
{
"title": "Red Hat: Moderate: quagga security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20170794 - security advisory"
},
{
"title": "Ubuntu Security Notice: quagga vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3110-1"
},
{
"title": "Debian CVElist Bug Report Logs: quagga: CVE-2016-1245: zebra: stack overrun in IPv6 RA receive code",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=67c6738bd97bceb481d77b89673c929d"
},
{
"title": "Debian Security Advisories: DSA-3695-1 quagga -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=e2e7e6f24de827eccc995df834778cb0"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - April 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=d78b3379ca364568964f30138964c7e7"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=72fe5ebf222112c8481815fd7cefc7af"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10247"
},
{
"db": "VULMON",
"id": "CVE-2016-1245"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007819"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-680"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007819"
},
{
"db": "NVD",
"id": "CVE-2016-1245"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/93775"
},
{
"trust": 2.0,
"url": "https://github.com/quagga/quagga/commit/cfb1fae25f8c092e0d17073eaf7bd428ce1cd546"
},
{
"trust": 2.0,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1386109"
},
{
"trust": 2.0,
"url": "http://www.gossamer-threads.com/lists/quagga/users/31952"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2016/dsa-3695"
},
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/201701-48"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2017-0794.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1245"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1245"
},
{
"trust": 0.8,
"url": "https://lists.gt.net/quagga/users/31952"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1245"
},
{
"trust": 0.3,
"url": "https://www.oracle.com/technetwork/topics/security/bulletinapr2018-4443185.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4049"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2017:0794"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/3110-1/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4049"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1245"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/quagga/1.0.20160315-2ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/quagga/0.99.22.4-3ubuntu1.3"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-3110-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/quagga/0.99.20.1-0ubuntu0.12.04.6"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/quagga/0.99.24.1-2ubuntu1.2"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4049"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2236"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5495"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1245"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-5495"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2342"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2013-2236"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-2342"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10247"
},
{
"db": "VULMON",
"id": "CVE-2016-1245"
},
{
"db": "BID",
"id": "93775"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007819"
},
{
"db": "PACKETSTORM",
"id": "140655"
},
{
"db": "PACKETSTORM",
"id": "139326"
},
{
"db": "PACKETSTORM",
"id": "139206"
},
{
"db": "PACKETSTORM",
"id": "141746"
},
{
"db": "NVD",
"id": "CVE-2016-1245"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-680"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-10247"
},
{
"db": "VULMON",
"id": "CVE-2016-1245"
},
{
"db": "BID",
"id": "93775"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007819"
},
{
"db": "PACKETSTORM",
"id": "140655"
},
{
"db": "PACKETSTORM",
"id": "139326"
},
{
"db": "PACKETSTORM",
"id": "139206"
},
{
"db": "PACKETSTORM",
"id": "141746"
},
{
"db": "NVD",
"id": "CVE-2016-1245"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-680"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-10247"
},
{
"date": "2017-02-22T00:00:00",
"db": "VULMON",
"id": "CVE-2016-1245"
},
{
"date": "2016-10-18T00:00:00",
"db": "BID",
"id": "93775"
},
{
"date": "2017-03-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007819"
},
{
"date": "2017-01-21T15:17:02",
"db": "PACKETSTORM",
"id": "140655"
},
{
"date": "2016-10-25T14:25:17",
"db": "PACKETSTORM",
"id": "139326"
},
{
"date": "2016-10-19T00:50:19",
"db": "PACKETSTORM",
"id": "139206"
},
{
"date": "2017-03-21T14:49:53",
"db": "PACKETSTORM",
"id": "141746"
},
{
"date": "2017-02-22T23:59:00.143000",
"db": "NVD",
"id": "CVE-2016-1245"
},
{
"date": "2016-10-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-680"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-10247"
},
{
"date": "2018-01-05T00:00:00",
"db": "VULMON",
"id": "CVE-2016-1245"
},
{
"date": "2018-05-01T08:00:00",
"db": "BID",
"id": "93775"
},
{
"date": "2017-03-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007819"
},
{
"date": "2018-01-05T02:30:33.727000",
"db": "NVD",
"id": "CVE-2016-1245"
},
{
"date": "2017-02-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-680"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "140655"
},
{
"db": "PACKETSTORM",
"id": "139326"
},
{
"db": "PACKETSTORM",
"id": "141746"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-680"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Quagga Buffer Overflow Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10247"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-680"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-680"
}
],
"trust": 0.6
}
}
var-201802-1050
Vulnerability from variot
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input. Quagga bgpd Contains several vulnerabilities: * Buffer overflow (CWE-119) - CVE-2018-5378 (Quagga-2018-0543) * Double memory release (CWE-415) - CVE-2018-5379 (Quagga-2018-1114) * Out of bounds read (CWE-125) - CVE-2018-5380 (Quagga-2018-1550) * Improper handling of incorrect syntactic constructs (CWE-228) - CVE-2018-5381 (Quagga-2018-1975) Detail is Information provided by the developer Please refer to.The expected impact depends on each vulnerability, but remote code execution, information leakage, service operation interruption by a remote third party (DoS) An attack could be made. Quagga is prone to multiple denial of service vulnerabilities. Attackers can exploit these issues to crash the affected application, denying service to legitimate users. A configured peer can take advantage of this flaw to cause a denial of service (bgpd daemon not responding to any other events; BGP sessions will drop and not be reestablished; unresponsive CLI interface).
https://www.quagga.net/security/Quagga-2018-1975.txt
For the oldstable distribution (jessie), these problems have been fixed in version 0.99.23.1-1+deb8u5.
For the stable distribution (stretch), these problems have been fixed in version 1.1.1-3+deb9u2.
We recommend that you upgrade your quagga packages.
For the detailed security status of quagga please refer to its security tracker page at: https://security-tracker.debian.org/tracker/quagga
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlqGBaVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RpyRAAhVpntFw+LSUUzL2/cx7m+s4fHijhOkU/AjKKmW4a9rAi0iJYW4HNv5BU cKfz6yhngFUzCa+Glhmiwzt77eAoeksJSvxkKio5CTqjV3OxCWbDPPz/iRRHcKvK MGhnqyShMCF8boQU0plmqNbfhnSWNAObbaI2fPmjLOU4A4jPY1T/fbzu4Sd3k5qY ETeHq9+HlVdGnyNEoYnoO0XQH56ueNHy3VlChJ0S2OPtFtoKXkjM/er+yG6413+G 3e90tcbm2xlitmrTyZm9K/Q08UWLJx510n1rxehaO1DTEz+bqSNezySOhyNb8sTA fuadDpgs2ozwgSmxyuWFj0RL3fKvgycw1ZeNiS5nUmRJTobrPlnjyX+A8FEJhPuI 9xyVa8j6wUeBVZdgd9b/EWLQ1Z9oDRiXmHRJeVOtz4JRNPP1KLtBcsPxFW9eCp83 9gFMqk/vMYQSpRqtQdnl5OawEpeurMtusBsnlEV5y9afiHU9jKB8N7RPwxCJgtjP /jmhS4lOvn3F5lNILahaL3lrk/b0EsECajBltbN9YVU0yabWWRWSMrJ3ujamhaXE aUQKmVj1alwDyg90vToiUftdr3R0hPPFuzA0BAK55SJVzjwJ2XInzItr+2y1tMPn dSpd32tzrxpDm86rvmRIiAJbj28n7QnX9I9BlKZqWq2fUUhTkNg= =Gy8j -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201804-17
https://security.gentoo.org/
Severity: High Title: Quagga: Multiple vulnerabilities Date: April 22, 2018 Bugs: #647788 ID: 201804-17
Synopsis
Multiple vulnerabilities have been found in Quagga, the worst of which could allow remote attackers to execute arbitrary code. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All Quagga users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/quagga-1.2.4"
References
[ 1 ] CVE-2018-5378 https://nvd.nist.gov/vuln/detail/CVE-2018-5378 [ 2 ] CVE-2018-5379 https://nvd.nist.gov/vuln/detail/CVE-2018-5379 [ 3 ] CVE-2018-5380 https://nvd.nist.gov/vuln/detail/CVE-2018-5380 [ 4 ] CVE-2018-5381 https://nvd.nist.gov/vuln/detail/CVE-2018-5381
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201804-17
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-3573-1 February 16, 2018
quagga vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Quagga.
Software Description: - quagga: BGP/OSPF/RIP routing daemon
Details:
It was discovered that a double-free vulnerability existed in the Quagga BGP daemon when processing certain forms of UPDATE message. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2018-5379)
It was discovered that the Quagga BGP daemon did not properly bounds check the data sent with a NOTIFY to a peer. An attacker could use this to expose sensitive information or possibly cause a denial of service. This issue only affected Ubuntu 17.10. An attacker in control of a configured peer could use this to possibly expose sensitive information or possibly cause a denial of service. (CVE-2018-5380)
It was discovered that the Quagga BGP daemon in some configurations did not properly handle invalid OPEN messages. An attacker in control of a configured peer could use this to cause a denial of service (infinite loop). (CVE-2018-5381)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 17.10: quagga 1.1.1-3ubuntu0.2 quagga-bgpd 1.1.1-3ubuntu0.2
Ubuntu 16.04 LTS: quagga 0.99.24.1-2ubuntu1.4
Ubuntu 14.04 LTS: quagga 0.99.22.4-3ubuntu1.5
After a standard system update you need to restart Quagga to make all the necessary changes.
References: https://www.ubuntu.com/usn/usn-3573-1 CVE-2018-5378, CVE-2018-5379, CVE-2018-5380, CVE-2018-5381
Package Information: https://launchpad.net/ubuntu/+source/quagga/1.1.1-3ubuntu0.2 https://launchpad.net/ubuntu/+source/quagga/0.99.24.1-2ubuntu1.4 https://launchpad.net/ubuntu/+source/quagga/0.99.22.4-3ubuntu1.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201802-1050",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linux",
"scope": "eq",
"trust": 1.6,
"vendor": "debian",
"version": "8.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.6,
"vendor": "debian",
"version": "9.0"
},
{
"model": "ruggedcom rox ii",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.13.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "17.10"
},
{
"model": "quagga",
"scope": "lte",
"trust": 1.0,
"vendor": "quagga",
"version": "1.2.2"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian gnu linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "suse linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubuntu",
"version": null
},
{
"model": "quagga",
"scope": "lt",
"trust": 0.8,
"vendor": "quagga",
"version": "1.2.3 earlier"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "17.10"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "16.04"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "ruggedcom rox ii",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2.9"
},
{
"model": "ruggedcom rox ii",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2.12"
},
{
"model": "ruggedcom rox ii",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2.11"
},
{
"model": "ruggedcom rox ii",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2.10"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "1.2.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "1.2.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "1.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "1.1.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "1.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.24"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.22"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.21"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.17"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.16"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.15"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.14"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.13"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.12"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.11"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.10"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.9"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.8"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.7"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.6"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.6"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.97.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.97.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.97.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.97.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.97"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.22.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.22.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.22.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.20"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.19"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.18"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.97.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.95"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.93"
},
{
"model": "ruggedcom rox ii",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "2.13"
},
{
"model": "quagga",
"scope": "ne",
"trust": 0.3,
"vendor": "quagga",
"version": "1.2.3"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#940439"
},
{
"db": "BID",
"id": "107837"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001492"
},
{
"db": "NVD",
"id": "CVE-2018-5380"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-828"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.2.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_ii_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.13.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_ii:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-5380"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens reported these vulnerabilities to NCCIC.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201802-828"
}
],
"trust": 0.6
},
"cve": "CVE-2018-5380",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "JPCERT/CC",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2018-001492",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2018-5380",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "JPCERT/CC",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2018-001492",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-5380",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cret@cert.org",
"id": "CVE-2018-5380",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "JPCERT/CC",
"id": "JVNDB-2018-001492",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201802-828",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-5380",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-5380"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001492"
},
{
"db": "NVD",
"id": "CVE-2018-5380"
},
{
"db": "NVD",
"id": "CVE-2018-5380"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-828"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input. Quagga bgpd Contains several vulnerabilities: * Buffer overflow (CWE-119) - CVE-2018-5378 (Quagga-2018-0543) * Double memory release (CWE-415) - CVE-2018-5379 (Quagga-2018-1114) * Out of bounds read (CWE-125) - CVE-2018-5380 (Quagga-2018-1550) * Improper handling of incorrect syntactic constructs (CWE-228) - CVE-2018-5381 (Quagga-2018-1975) Detail is \u003ca href=\"https://savannah.nongnu.org/forum/forum.php?forum_id=9095\"target=\"blank\"\u003e Information provided by the developer \u003c/a\u003e Please refer to.The expected impact depends on each vulnerability, but remote code execution, information leakage, service operation interruption by a remote third party (DoS) An attack could be made. Quagga is prone to multiple denial of service vulnerabilities. \nAttackers can exploit these issues to crash the affected application, denying service to legitimate users. \n A configured peer can take advantage of this flaw to cause a denial\n of service (bgpd daemon not responding to any other events; BGP\n sessions will drop and not be reestablished; unresponsive CLI\n interface). \n\n https://www.quagga.net/security/Quagga-2018-1975.txt\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 0.99.23.1-1+deb8u5. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.1.1-3+deb9u2. \n\nWe recommend that you upgrade your quagga packages. \n\nFor the detailed security status of quagga please refer to its security\ntracker page at: https://security-tracker.debian.org/tracker/quagga\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlqGBaVfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0RpyRAAhVpntFw+LSUUzL2/cx7m+s4fHijhOkU/AjKKmW4a9rAi0iJYW4HNv5BU\ncKfz6yhngFUzCa+Glhmiwzt77eAoeksJSvxkKio5CTqjV3OxCWbDPPz/iRRHcKvK\nMGhnqyShMCF8boQU0plmqNbfhnSWNAObbaI2fPmjLOU4A4jPY1T/fbzu4Sd3k5qY\nETeHq9+HlVdGnyNEoYnoO0XQH56ueNHy3VlChJ0S2OPtFtoKXkjM/er+yG6413+G\n3e90tcbm2xlitmrTyZm9K/Q08UWLJx510n1rxehaO1DTEz+bqSNezySOhyNb8sTA\nfuadDpgs2ozwgSmxyuWFj0RL3fKvgycw1ZeNiS5nUmRJTobrPlnjyX+A8FEJhPuI\n9xyVa8j6wUeBVZdgd9b/EWLQ1Z9oDRiXmHRJeVOtz4JRNPP1KLtBcsPxFW9eCp83\n9gFMqk/vMYQSpRqtQdnl5OawEpeurMtusBsnlEV5y9afiHU9jKB8N7RPwxCJgtjP\n/jmhS4lOvn3F5lNILahaL3lrk/b0EsECajBltbN9YVU0yabWWRWSMrJ3ujamhaXE\naUQKmVj1alwDyg90vToiUftdr3R0hPPFuzA0BAK55SJVzjwJ2XInzItr+2y1tMPn\ndSpd32tzrxpDm86rvmRIiAJbj28n7QnX9I9BlKZqWq2fUUhTkNg=\n=Gy8j\n-----END PGP SIGNATURE-----\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201804-17\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Quagga: Multiple vulnerabilities\n Date: April 22, 2018\n Bugs: #647788\n ID: 201804-17\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Quagga, the worst of which\ncould allow remote attackers to execute arbitrary code. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Quagga users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/quagga-1.2.4\"\n\nReferences\n==========\n\n[ 1 ] CVE-2018-5378\n https://nvd.nist.gov/vuln/detail/CVE-2018-5378\n[ 2 ] CVE-2018-5379\n https://nvd.nist.gov/vuln/detail/CVE-2018-5379\n[ 3 ] CVE-2018-5380\n https://nvd.nist.gov/vuln/detail/CVE-2018-5380\n[ 4 ] CVE-2018-5381\n https://nvd.nist.gov/vuln/detail/CVE-2018-5381\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201804-17\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2018 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. ==========================================================================\nUbuntu Security Notice USN-3573-1\nFebruary 16, 2018\n\nquagga vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 17.10\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Quagga. \n\nSoftware Description:\n- quagga: BGP/OSPF/RIP routing daemon\n\nDetails:\n\nIt was discovered that a double-free vulnerability existed in the\nQuagga BGP daemon when processing certain forms of UPDATE message. \nA remote attacker could use this to cause a denial of service or\npossibly execute arbitrary code. (CVE-2018-5379)\n\nIt was discovered that the Quagga BGP daemon did not properly bounds\ncheck the data sent with a NOTIFY to a peer. An attacker could use this\nto expose sensitive information or possibly cause a denial of service. \nThis issue only affected Ubuntu 17.10. An attacker in control of a configured peer could\nuse this to possibly expose sensitive information or possibly cause\na denial of service. (CVE-2018-5380)\n\nIt was discovered that the Quagga BGP daemon in some configurations\ndid not properly handle invalid OPEN messages. An attacker in control\nof a configured peer could use this to cause a denial of service\n(infinite loop). (CVE-2018-5381)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 17.10:\n quagga 1.1.1-3ubuntu0.2\n quagga-bgpd 1.1.1-3ubuntu0.2\n\nUbuntu 16.04 LTS:\n quagga 0.99.24.1-2ubuntu1.4\n\nUbuntu 14.04 LTS:\n quagga 0.99.22.4-3ubuntu1.5\n\nAfter a standard system update you need to restart Quagga to make\nall the necessary changes. \n\nReferences:\n https://www.ubuntu.com/usn/usn-3573-1\n CVE-2018-5378, CVE-2018-5379, CVE-2018-5380, CVE-2018-5381\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/quagga/1.1.1-3ubuntu0.2\n https://launchpad.net/ubuntu/+source/quagga/0.99.24.1-2ubuntu1.4\n https://launchpad.net/ubuntu/+source/quagga/0.99.22.4-3ubuntu1.5\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-5380"
},
{
"db": "CERT/CC",
"id": "VU#940439"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001492"
},
{
"db": "BID",
"id": "107837"
},
{
"db": "VULMON",
"id": "CVE-2018-5380"
},
{
"db": "PACKETSTORM",
"id": "146416"
},
{
"db": "PACKETSTORM",
"id": "147305"
},
{
"db": "PACKETSTORM",
"id": "146410"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#940439",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2018-5380",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSA-19-099-05",
"trust": 1.8
},
{
"db": "SIEMENS",
"id": "SSA-451142",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU95518305",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001492",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.1207",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201802-828",
"trust": 0.6
},
{
"db": "BID",
"id": "107837",
"trust": 0.3
},
{
"db": "VULMON",
"id": "CVE-2018-5380",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "146416",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147305",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "146410",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#940439"
},
{
"db": "VULMON",
"id": "CVE-2018-5380"
},
{
"db": "BID",
"id": "107837"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001492"
},
{
"db": "PACKETSTORM",
"id": "146416"
},
{
"db": "PACKETSTORM",
"id": "147305"
},
{
"db": "PACKETSTORM",
"id": "146410"
},
{
"db": "NVD",
"id": "CVE-2018-5380"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-828"
}
]
},
"id": "VAR-201802-1050",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.52540106
},
"last_update_date": "2023-12-18T12:29:10.942000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AXSA:2018-2582:01",
"trust": 0.8,
"url": "https://tsn.miraclelinux.com/ja/node/9025"
},
{
"title": "Quagga 1.2.3 Release, with significant BGP security fixes",
"trust": 0.8,
"url": "https://savannah.nongnu.org/forum/forum.php?forum_id=9095"
},
{
"title": "\u4e0d\u6b63\u306a\u30e1\u30c3\u30bb\u30fc\u30b8\u306e\u53d7\u4fe1\u306b\u3088\u308aBGP\u6a5f\u80fd\u304c\u505c\u6b62\u3059\u308b\u8106\u5f31\u6027",
"trust": 0.8,
"url": "http://www.seil.jp/support/security/a01864.html"
},
{
"title": "Quagga BGP daemon Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=90581"
},
{
"title": "Ubuntu Security Notice: quagga vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3573-1"
},
{
"title": "Red Hat: CVE-2018-5380",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2018-5380"
},
{
"title": "Debian Security Advisories: DSA-4115-1 quagga -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=60039c87d27a61271ac8cea042fa360d"
},
{
"title": "Amazon Linux AMI: ALAS-2018-957",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2018-957"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=743274c8dcbded6c8c6a2fcbd1f712aa"
},
{
"title": "Debian CVElist Bug Report Logs: quagga: CVE-2018-5378 CVE-2018-5379 CVE-2018-5380 CVE-2018-5381",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=4da9cc5babf3128084a3957af98f57a1"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-5380"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001492"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-828"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.8
},
{
"problemtype": "CWE-119",
"trust": 0.8
},
{
"problemtype": "CWE-415",
"trust": 0.8
},
{
"problemtype": "CWE-228",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001492"
},
{
"db": "NVD",
"id": "CVE-2018-5380"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://savannah.nongnu.org/forum/forum.php?forum_id=9095"
},
{
"trust": 2.8,
"url": "https://www.debian.org/security/2018/dsa-4115"
},
{
"trust": 2.6,
"url": "http://www.kb.cert.org/vuls/id/940439"
},
{
"trust": 2.1,
"url": "https://usn.ubuntu.com/3573-1/"
},
{
"trust": 2.0,
"url": "https://gogs.quagga.net/quagga/quagga/src/master/doc/security/quagga-2018-1550.txt"
},
{
"trust": 2.0,
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00021.html"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/201804-17"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdf"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5378"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5379"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5380"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5381"
},
{
"trust": 1.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-099-05"
},
{
"trust": 0.9,
"url": "http://cwe.mitre.org/data/definitions/125.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/228.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/415.html"
},
{
"trust": 0.8,
"url": "http://lists.suse.com/pipermail/sle-security-updates/2018-february/003735.html"
},
{
"trust": 0.8,
"url": "https://usn.ubuntu.com/usn/usn-3573-1/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5381"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5378"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5379"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5380"
},
{
"trust": 0.8,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-099-05"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu95518305/index.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/78746"
},
{
"trust": 0.3,
"url": "http://www.quagga.net/"
},
{
"trust": 0.3,
"url": "https://www.kb.cert.org/vuls/id/940439/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-5380"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-5381"
},
{
"trust": 0.3,
"url": "https://gogs.quagga.net/quagga/quagga/src/master/doc/security/quagga-2018-1975.txt"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.quagga.net/security/quagga-2018-0543.txt"
},
{
"trust": 0.1,
"url": "https://www.quagga.net/security/quagga-2018-1975.txt"
},
{
"trust": 0.1,
"url": "https://www.quagga.net/security/quagga-2018-1550.txt"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://www.quagga.net/security/quagga-2018-1114.txt"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/quagga"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/quagga/1.1.1-3ubuntu0.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/quagga/0.99.22.4-3ubuntu1.5"
},
{
"trust": 0.1,
"url": "https://www.ubuntu.com/usn/usn-3573-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/quagga/0.99.24.1-2ubuntu1.4"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#940439"
},
{
"db": "VULMON",
"id": "CVE-2018-5380"
},
{
"db": "BID",
"id": "107837"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001492"
},
{
"db": "PACKETSTORM",
"id": "146416"
},
{
"db": "PACKETSTORM",
"id": "147305"
},
{
"db": "PACKETSTORM",
"id": "146410"
},
{
"db": "NVD",
"id": "CVE-2018-5380"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-828"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#940439"
},
{
"db": "VULMON",
"id": "CVE-2018-5380"
},
{
"db": "BID",
"id": "107837"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001492"
},
{
"db": "PACKETSTORM",
"id": "146416"
},
{
"db": "PACKETSTORM",
"id": "147305"
},
{
"db": "PACKETSTORM",
"id": "146410"
},
{
"db": "NVD",
"id": "CVE-2018-5380"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-828"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-15T00:00:00",
"db": "CERT/CC",
"id": "VU#940439"
},
{
"date": "2018-02-19T00:00:00",
"db": "VULMON",
"id": "CVE-2018-5380"
},
{
"date": "2018-02-19T00:00:00",
"db": "BID",
"id": "107837"
},
{
"date": "2018-02-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001492"
},
{
"date": "2018-02-16T14:36:28",
"db": "PACKETSTORM",
"id": "146416"
},
{
"date": "2018-04-23T20:02:00",
"db": "PACKETSTORM",
"id": "147305"
},
{
"date": "2018-02-15T23:25:00",
"db": "PACKETSTORM",
"id": "146410"
},
{
"date": "2018-02-19T13:29:00.473000",
"db": "NVD",
"id": "CVE-2018-5380"
},
{
"date": "2018-02-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201802-828"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-19T00:00:00",
"db": "CERT/CC",
"id": "VU#940439"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2018-5380"
},
{
"date": "2018-02-19T00:00:00",
"db": "BID",
"id": "107837"
},
{
"date": "2019-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001492"
},
{
"date": "2019-10-09T23:41:15.627000",
"db": "NVD",
"id": "CVE-2018-5380"
},
{
"date": "2019-04-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201802-828"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "147305"
},
{
"db": "PACKETSTORM",
"id": "146410"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-828"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Quagga bgpd is affected by multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#940439"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201802-828"
}
],
"trust": 0.6
}
}
var-201911-0137
Vulnerability from variot
quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon performs routes removal. quagga (ospf6d) Contains a vulnerability with reachable assertions.Service operation interruption (DoS) There is a possibility of being put into a state. Quagga is a routing software suite that implements multiple routing protocols on Unix platforms. A remote denial of service vulnerability exists in Quagga that affects the open shortest path priority of the IPv6 daemon (‘ospf6d’). A remote attacker could exploit the vulnerability to cause the daemon to crash and refuse to further serve legitimate users. There are vulnerabilities in Quagga 0.99.21 and other versions may be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-0137",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quagga",
"scope": "eq",
"trust": 2.7,
"vendor": "quagga",
"version": "0.99.21"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "enterprise linux",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-7900"
},
{
"db": "BID",
"id": "56530"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006494"
},
{
"db": "NVD",
"id": "CVE-2012-5521"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-5521"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Marco d\u0027Itri",
"sources": [
{
"db": "BID",
"id": "56530"
},
{
"db": "CNNVD",
"id": "CNNVD-201211-301"
}
],
"trust": 0.9
},
"cve": "CVE-2012-5521",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 3.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2012-5521",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2012-7900",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2012-5521",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-5521",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2012-7900",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201211-301",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-7900"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006494"
},
{
"db": "NVD",
"id": "CVE-2012-5521"
},
{
"db": "CNNVD",
"id": "CNNVD-201211-301"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon performs routes removal. quagga (ospf6d) Contains a vulnerability with reachable assertions.Service operation interruption (DoS) There is a possibility of being put into a state. Quagga is a routing software suite that implements multiple routing protocols on Unix platforms. A remote denial of service vulnerability exists in Quagga that affects the open shortest path priority of the IPv6 daemon (\u0026lsquo;ospf6d\u0026rsquo;). A remote attacker could exploit the vulnerability to cause the daemon to crash and refuse to further serve legitimate users. There are vulnerabilities in Quagga 0.99.21 and other versions may be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-5521"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006494"
},
{
"db": "CNVD",
"id": "CNVD-2012-7900"
},
{
"db": "BID",
"id": "56530"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-5521",
"trust": 3.3
},
{
"db": "BID",
"id": "56530",
"trust": 2.5
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2012/11/13/14",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006494",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2012-7900",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201211-301",
"trust": 0.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2012/11/13/7",
"trust": 0.3
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-7900"
},
{
"db": "BID",
"id": "56530"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006494"
},
{
"db": "NVD",
"id": "CVE-2012-5521"
},
{
"db": "CNNVD",
"id": "CNNVD-201211-301"
}
]
},
"id": "VAR-201911-0137",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-7900"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-7900"
}
]
},
"last_update_date": "2023-12-18T14:00:46.771000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2012-5521",
"trust": 0.8,
"url": "https://security-tracker.debian.org/tracker/cve-2012-5521"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.quagga.net/"
},
{
"title": "Bug 876197",
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2012-5521"
},
{
"title": "CVE-2012-5521",
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2012-5521"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-006494"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-617",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-006494"
},
{
"db": "NVD",
"id": "CVE-2012-5521"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/56530"
},
{
"trust": 1.6,
"url": "http://www.openwall.com/lists/oss-security/2012/11/13/14"
},
{
"trust": 1.6,
"url": "https://access.redhat.com/security/cve/cve-2012-5521"
},
{
"trust": 1.6,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2012-5521"
},
{
"trust": 1.6,
"url": "https://bugzilla.suse.com/show_bug.cgi?id=cve-2012-5521"
},
{
"trust": 1.6,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80096"
},
{
"trust": 1.6,
"url": "https://security-tracker.debian.org/tracker/cve-2012-5521"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-5521"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-5521"
},
{
"trust": 0.3,
"url": "https://bugzilla.quagga.net/show_bug.cgi?id=747"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=876197"
},
{
"trust": 0.3,
"url": "http://www.openwall.com/lists/oss-security/2012/11/13/7"
},
{
"trust": 0.3,
"url": "http://www.quagga.net/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-7900"
},
{
"db": "BID",
"id": "56530"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006494"
},
{
"db": "NVD",
"id": "CVE-2012-5521"
},
{
"db": "CNNVD",
"id": "CNNVD-201211-301"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2012-7900"
},
{
"db": "BID",
"id": "56530"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006494"
},
{
"db": "NVD",
"id": "CVE-2012-5521"
},
{
"db": "CNNVD",
"id": "CNNVD-201211-301"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-11-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-7900"
},
{
"date": "2012-11-13T00:00:00",
"db": "BID",
"id": "56530"
},
{
"date": "2019-12-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-006494"
},
{
"date": "2019-11-25T14:15:11.147000",
"db": "NVD",
"id": "CVE-2012-5521"
},
{
"date": "2012-11-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201211-301"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-11-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-7900"
},
{
"date": "2012-11-13T00:00:00",
"db": "BID",
"id": "56530"
},
{
"date": "2019-12-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-006494"
},
{
"date": "2020-08-18T15:05:57.593000",
"db": "NVD",
"id": "CVE-2012-5521"
},
{
"date": "2019-12-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201211-301"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201211-301"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "quagga Reachable vulnerability in reachable",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-006494"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201211-301"
}
],
"trust": 0.6
}
}
var-201802-1049
Vulnerability from variot
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code. Quagga bgpd Contains several vulnerabilities: * Buffer overflow (CWE-119) - CVE-2018-5378 (Quagga-2018-0543) * Double memory release (CWE-415) - CVE-2018-5379 (Quagga-2018-1114) * Out of bounds read (CWE-125) - CVE-2018-5380 (Quagga-2018-1550) * Improper handling of incorrect syntactic constructs (CWE-228) - CVE-2018-5381 (Quagga-2018-1975) Detail is Information provided by the developer Please refer to.The expected impact depends on each vulnerability, but remote code execution, information leakage, service operation interruption by a remote third party (DoS) An attack could be made. Quagga is prone to a remote code-execution vulnerability. Failed exploit attempts will likely cause a denial-of-service condition. Versions prior to Quagga 1.2.3 are vulnerable. A configured peer can take advantage of this flaw to cause a denial of service (bgpd daemon not responding to any other events; BGP sessions will drop and not be reestablished; unresponsive CLI interface).
https://www.quagga.net/security/Quagga-2018-1975.txt
For the oldstable distribution (jessie), these problems have been fixed in version 0.99.23.1-1+deb8u5.
For the stable distribution (stretch), these problems have been fixed in version 1.1.1-3+deb9u2.
We recommend that you upgrade your quagga packages.
For the detailed security status of quagga please refer to its security tracker page at: https://security-tracker.debian.org/tracker/quagga
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlqGBaVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RpyRAAhVpntFw+LSUUzL2/cx7m+s4fHijhOkU/AjKKmW4a9rAi0iJYW4HNv5BU cKfz6yhngFUzCa+Glhmiwzt77eAoeksJSvxkKio5CTqjV3OxCWbDPPz/iRRHcKvK MGhnqyShMCF8boQU0plmqNbfhnSWNAObbaI2fPmjLOU4A4jPY1T/fbzu4Sd3k5qY ETeHq9+HlVdGnyNEoYnoO0XQH56ueNHy3VlChJ0S2OPtFtoKXkjM/er+yG6413+G 3e90tcbm2xlitmrTyZm9K/Q08UWLJx510n1rxehaO1DTEz+bqSNezySOhyNb8sTA fuadDpgs2ozwgSmxyuWFj0RL3fKvgycw1ZeNiS5nUmRJTobrPlnjyX+A8FEJhPuI 9xyVa8j6wUeBVZdgd9b/EWLQ1Z9oDRiXmHRJeVOtz4JRNPP1KLtBcsPxFW9eCp83 9gFMqk/vMYQSpRqtQdnl5OawEpeurMtusBsnlEV5y9afiHU9jKB8N7RPwxCJgtjP /jmhS4lOvn3F5lNILahaL3lrk/b0EsECajBltbN9YVU0yabWWRWSMrJ3ujamhaXE aUQKmVj1alwDyg90vToiUftdr3R0hPPFuzA0BAK55SJVzjwJ2XInzItr+2y1tMPn dSpd32tzrxpDm86rvmRIiAJbj28n7QnX9I9BlKZqWq2fUUhTkNg= =Gy8j -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: quagga security update Advisory ID: RHSA-2018:0377-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:0377 Issue date: 2018-02-28 CVE Names: CVE-2018-5379 =====================================================================
- Summary:
An update for quagga is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le
- Description:
The quagga packages contain Quagga, the free network-routing software suite that manages TCP/IP based protocols. Quagga supports the BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng protocols, and is intended to be used as a Route Server and Route Reflector.
Security Fix(es):
- quagga: Double free vulnerability in bgpd when processing certain forms of UPDATE message allowing to crash or potentially execute arbitrary code (CVE-2018-5379)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank the Quagga project for reporting this issue.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the bgpd daemon must be restarted for the update to take effect.
- Package List:
Red Hat Enterprise Linux Server (v. 7):
Source: quagga-0.99.22.4-5.el7_4.src.rpm
ppc64: quagga-0.99.22.4-5.el7_4.ppc.rpm quagga-0.99.22.4-5.el7_4.ppc64.rpm quagga-debuginfo-0.99.22.4-5.el7_4.ppc.rpm quagga-debuginfo-0.99.22.4-5.el7_4.ppc64.rpm
ppc64le: quagga-0.99.22.4-5.el7_4.ppc64le.rpm quagga-debuginfo-0.99.22.4-5.el7_4.ppc64le.rpm
s390x: quagga-0.99.22.4-5.el7_4.s390.rpm quagga-0.99.22.4-5.el7_4.s390x.rpm quagga-debuginfo-0.99.22.4-5.el7_4.s390.rpm quagga-debuginfo-0.99.22.4-5.el7_4.s390x.rpm
x86_64: quagga-0.99.22.4-5.el7_4.i686.rpm quagga-0.99.22.4-5.el7_4.x86_64.rpm quagga-debuginfo-0.99.22.4-5.el7_4.i686.rpm quagga-debuginfo-0.99.22.4-5.el7_4.x86_64.rpm
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):
Source: quagga-0.99.22.4-5.el7_4.src.rpm
aarch64: quagga-0.99.22.4-5.el7_4.aarch64.rpm quagga-debuginfo-0.99.22.4-5.el7_4.aarch64.rpm
ppc64le: quagga-0.99.22.4-5.el7_4.ppc64le.rpm quagga-debuginfo-0.99.22.4-5.el7_4.ppc64le.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: quagga-contrib-0.99.22.4-5.el7_4.ppc64.rpm quagga-debuginfo-0.99.22.4-5.el7_4.ppc.rpm quagga-debuginfo-0.99.22.4-5.el7_4.ppc64.rpm quagga-devel-0.99.22.4-5.el7_4.ppc.rpm quagga-devel-0.99.22.4-5.el7_4.ppc64.rpm
ppc64le: quagga-contrib-0.99.22.4-5.el7_4.ppc64le.rpm quagga-debuginfo-0.99.22.4-5.el7_4.ppc64le.rpm quagga-devel-0.99.22.4-5.el7_4.ppc64le.rpm
s390x: quagga-contrib-0.99.22.4-5.el7_4.s390x.rpm quagga-debuginfo-0.99.22.4-5.el7_4.s390.rpm quagga-debuginfo-0.99.22.4-5.el7_4.s390x.rpm quagga-devel-0.99.22.4-5.el7_4.s390.rpm quagga-devel-0.99.22.4-5.el7_4.s390x.rpm
x86_64: quagga-contrib-0.99.22.4-5.el7_4.x86_64.rpm quagga-debuginfo-0.99.22.4-5.el7_4.i686.rpm quagga-debuginfo-0.99.22.4-5.el7_4.x86_64.rpm quagga-devel-0.99.22.4-5.el7_4.i686.rpm quagga-devel-0.99.22.4-5.el7_4.x86_64.rpm
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):
aarch64: quagga-contrib-0.99.22.4-5.el7_4.aarch64.rpm quagga-debuginfo-0.99.22.4-5.el7_4.aarch64.rpm quagga-devel-0.99.22.4-5.el7_4.aarch64.rpm
ppc64le: quagga-contrib-0.99.22.4-5.el7_4.ppc64le.rpm quagga-debuginfo-0.99.22.4-5.el7_4.ppc64le.rpm quagga-devel-0.99.22.4-5.el7_4.ppc64le.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: quagga-0.99.22.4-5.el7_4.src.rpm
x86_64: quagga-0.99.22.4-5.el7_4.i686.rpm quagga-0.99.22.4-5.el7_4.x86_64.rpm quagga-debuginfo-0.99.22.4-5.el7_4.i686.rpm quagga-debuginfo-0.99.22.4-5.el7_4.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: quagga-contrib-0.99.22.4-5.el7_4.x86_64.rpm quagga-debuginfo-0.99.22.4-5.el7_4.i686.rpm quagga-debuginfo-0.99.22.4-5.el7_4.x86_64.rpm quagga-devel-0.99.22.4-5.el7_4.i686.rpm quagga-devel-0.99.22.4-5.el7_4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-5379 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFalvS5XlSAg2UNWIIRAt2VAJoDHq+b03wv2cXdpBivxT/zOAniAQCgkE2/ WD9+DkKEg1eZpmyT0FyyN8s= =NOHT -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201804-17
https://security.gentoo.org/
Severity: High Title: Quagga: Multiple vulnerabilities Date: April 22, 2018 Bugs: #647788 ID: 201804-17
Synopsis
Multiple vulnerabilities have been found in Quagga, the worst of which could allow remote attackers to execute arbitrary code.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/quagga < 1.2.4 >= 1.2.4
Description
Multiple vulnerabilities have been discovered in Quagga. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All Quagga users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/quagga-1.2.4"
References
[ 1 ] CVE-2018-5378 https://nvd.nist.gov/vuln/detail/CVE-2018-5378 [ 2 ] CVE-2018-5379 https://nvd.nist.gov/vuln/detail/CVE-2018-5379 [ 3 ] CVE-2018-5380 https://nvd.nist.gov/vuln/detail/CVE-2018-5380 [ 4 ] CVE-2018-5381 https://nvd.nist.gov/vuln/detail/CVE-2018-5381
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201804-17
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-3573-1 February 16, 2018
quagga vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Quagga. (CVE-2018-5379)
It was discovered that the Quagga BGP daemon did not properly bounds check the data sent with a NOTIFY to a peer. This issue only affected Ubuntu 17.10. (CVE-2018-5378)
It was discovered that a table overrun vulnerability existed in the Quagga BGP daemon. (CVE-2018-5380)
It was discovered that the Quagga BGP daemon in some configurations did not properly handle invalid OPEN messages. (CVE-2018-5381)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 17.10: quagga 1.1.1-3ubuntu0.2 quagga-bgpd 1.1.1-3ubuntu0.2
Ubuntu 16.04 LTS: quagga 0.99.24.1-2ubuntu1.4
Ubuntu 14.04 LTS: quagga 0.99.22.4-3ubuntu1.5
After a standard system update you need to restart Quagga to make all the necessary changes
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201802-1049",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linux",
"scope": "eq",
"trust": 1.6,
"vendor": "debian",
"version": "9.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.6,
"vendor": "debian",
"version": "8.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "17.10"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.5"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.0"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "ruggedcom rox ii",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.13.0"
},
{
"model": "quagga",
"scope": "lte",
"trust": 1.0,
"vendor": "quagga",
"version": "1.2.2"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian gnu linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "suse linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubuntu",
"version": null
},
{
"model": "quagga",
"scope": "lt",
"trust": 0.8,
"vendor": "quagga",
"version": "1.2.3 earlier"
},
{
"model": "ruggedcom rox ii",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2.9"
},
{
"model": "ruggedcom rox ii",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2.12"
},
{
"model": "ruggedcom rox ii",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2.11"
},
{
"model": "ruggedcom rox ii",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2.10"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "1.2.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "1.2.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "1.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "1.1.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "1.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "1.0.20160309"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.24"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.22"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.21"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.17"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.16"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.15"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.14"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.13"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.12"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.11"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.10"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.9"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.8"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.7"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.6"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.6"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.97.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.97.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.97.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.97.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.97"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "1.0.20161017"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "1.0"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.24.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.22.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.22.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.22.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.20.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.20"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.19"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.18"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.97.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.95"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.93"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.3"
},
{
"model": "ruggedcom rox ii",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "2.13"
},
{
"model": "quagga",
"scope": "ne",
"trust": 0.3,
"vendor": "quagga",
"version": "1.2.3"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#940439"
},
{
"db": "BID",
"id": "103105"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001492"
},
{
"db": "NVD",
"id": "CVE-2018-5379"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-829"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.2.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_ii_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.13.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_ii:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-5379"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.,Siemens reported these vulnerabilities to NCCIC.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201802-829"
}
],
"trust": 0.6
},
"cve": "CVE-2018-5379",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "JPCERT/CC",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2018-001492",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-5379",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "cret@cert.org",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "JPCERT/CC",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2018-001492",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-5379",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "cret@cert.org",
"id": "CVE-2018-5379",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "JPCERT/CC",
"id": "JVNDB-2018-001492",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201802-829",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2018-5379",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-5379"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001492"
},
{
"db": "NVD",
"id": "CVE-2018-5379"
},
{
"db": "NVD",
"id": "CVE-2018-5379"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-829"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code. Quagga bgpd Contains several vulnerabilities: * Buffer overflow (CWE-119) - CVE-2018-5378 (Quagga-2018-0543) * Double memory release (CWE-415) - CVE-2018-5379 (Quagga-2018-1114) * Out of bounds read (CWE-125) - CVE-2018-5380 (Quagga-2018-1550) * Improper handling of incorrect syntactic constructs (CWE-228) - CVE-2018-5381 (Quagga-2018-1975) Detail is \u003ca href=\"https://savannah.nongnu.org/forum/forum.php?forum_id=9095\"target=\"blank\"\u003e Information provided by the developer \u003c/a\u003e Please refer to.The expected impact depends on each vulnerability, but remote code execution, information leakage, service operation interruption by a remote third party (DoS) An attack could be made. Quagga is prone to a remote code-execution vulnerability. Failed exploit attempts will likely cause a denial-of-service condition. \nVersions prior to Quagga 1.2.3 are vulnerable. \n A configured peer can take advantage of this flaw to cause a denial\n of service (bgpd daemon not responding to any other events; BGP\n sessions will drop and not be reestablished; unresponsive CLI\n interface). \n\n https://www.quagga.net/security/Quagga-2018-1975.txt\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 0.99.23.1-1+deb8u5. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.1.1-3+deb9u2. \n\nWe recommend that you upgrade your quagga packages. \n\nFor the detailed security status of quagga please refer to its security\ntracker page at: https://security-tracker.debian.org/tracker/quagga\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlqGBaVfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0RpyRAAhVpntFw+LSUUzL2/cx7m+s4fHijhOkU/AjKKmW4a9rAi0iJYW4HNv5BU\ncKfz6yhngFUzCa+Glhmiwzt77eAoeksJSvxkKio5CTqjV3OxCWbDPPz/iRRHcKvK\nMGhnqyShMCF8boQU0plmqNbfhnSWNAObbaI2fPmjLOU4A4jPY1T/fbzu4Sd3k5qY\nETeHq9+HlVdGnyNEoYnoO0XQH56ueNHy3VlChJ0S2OPtFtoKXkjM/er+yG6413+G\n3e90tcbm2xlitmrTyZm9K/Q08UWLJx510n1rxehaO1DTEz+bqSNezySOhyNb8sTA\nfuadDpgs2ozwgSmxyuWFj0RL3fKvgycw1ZeNiS5nUmRJTobrPlnjyX+A8FEJhPuI\n9xyVa8j6wUeBVZdgd9b/EWLQ1Z9oDRiXmHRJeVOtz4JRNPP1KLtBcsPxFW9eCp83\n9gFMqk/vMYQSpRqtQdnl5OawEpeurMtusBsnlEV5y9afiHU9jKB8N7RPwxCJgtjP\n/jmhS4lOvn3F5lNILahaL3lrk/b0EsECajBltbN9YVU0yabWWRWSMrJ3ujamhaXE\naUQKmVj1alwDyg90vToiUftdr3R0hPPFuzA0BAK55SJVzjwJ2XInzItr+2y1tMPn\ndSpd32tzrxpDm86rvmRIiAJbj28n7QnX9I9BlKZqWq2fUUhTkNg=\n=Gy8j\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: quagga security update\nAdvisory ID: RHSA-2018:0377-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2018:0377\nIssue date: 2018-02-28\nCVE Names: CVE-2018-5379 \n=====================================================================\n\n1. Summary:\n\nAn update for quagga is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le\n\n3. Description:\n\nThe quagga packages contain Quagga, the free network-routing software suite\nthat manages TCP/IP based protocols. Quagga supports the BGP4, BGP4+,\nOSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng protocols, and is intended to be\nused as a Route Server and Route Reflector. \n\nSecurity Fix(es):\n\n* quagga: Double free vulnerability in bgpd when processing certain forms\nof UPDATE message allowing to crash or potentially execute arbitrary code\n(CVE-2018-5379)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nRed Hat would like to thank the Quagga project for reporting this issue. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the bgpd daemon must be restarted\nfor the update to take effect. \n\n5. Package List:\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nquagga-0.99.22.4-5.el7_4.src.rpm\n\nppc64:\nquagga-0.99.22.4-5.el7_4.ppc.rpm\nquagga-0.99.22.4-5.el7_4.ppc64.rpm\nquagga-debuginfo-0.99.22.4-5.el7_4.ppc.rpm\nquagga-debuginfo-0.99.22.4-5.el7_4.ppc64.rpm\n\nppc64le:\nquagga-0.99.22.4-5.el7_4.ppc64le.rpm\nquagga-debuginfo-0.99.22.4-5.el7_4.ppc64le.rpm\n\ns390x:\nquagga-0.99.22.4-5.el7_4.s390.rpm\nquagga-0.99.22.4-5.el7_4.s390x.rpm\nquagga-debuginfo-0.99.22.4-5.el7_4.s390.rpm\nquagga-debuginfo-0.99.22.4-5.el7_4.s390x.rpm\n\nx86_64:\nquagga-0.99.22.4-5.el7_4.i686.rpm\nquagga-0.99.22.4-5.el7_4.x86_64.rpm\nquagga-debuginfo-0.99.22.4-5.el7_4.i686.rpm\nquagga-debuginfo-0.99.22.4-5.el7_4.x86_64.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):\n\nSource:\nquagga-0.99.22.4-5.el7_4.src.rpm\n\naarch64:\nquagga-0.99.22.4-5.el7_4.aarch64.rpm\nquagga-debuginfo-0.99.22.4-5.el7_4.aarch64.rpm\n\nppc64le:\nquagga-0.99.22.4-5.el7_4.ppc64le.rpm\nquagga-debuginfo-0.99.22.4-5.el7_4.ppc64le.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nquagga-contrib-0.99.22.4-5.el7_4.ppc64.rpm\nquagga-debuginfo-0.99.22.4-5.el7_4.ppc.rpm\nquagga-debuginfo-0.99.22.4-5.el7_4.ppc64.rpm\nquagga-devel-0.99.22.4-5.el7_4.ppc.rpm\nquagga-devel-0.99.22.4-5.el7_4.ppc64.rpm\n\nppc64le:\nquagga-contrib-0.99.22.4-5.el7_4.ppc64le.rpm\nquagga-debuginfo-0.99.22.4-5.el7_4.ppc64le.rpm\nquagga-devel-0.99.22.4-5.el7_4.ppc64le.rpm\n\ns390x:\nquagga-contrib-0.99.22.4-5.el7_4.s390x.rpm\nquagga-debuginfo-0.99.22.4-5.el7_4.s390.rpm\nquagga-debuginfo-0.99.22.4-5.el7_4.s390x.rpm\nquagga-devel-0.99.22.4-5.el7_4.s390.rpm\nquagga-devel-0.99.22.4-5.el7_4.s390x.rpm\n\nx86_64:\nquagga-contrib-0.99.22.4-5.el7_4.x86_64.rpm\nquagga-debuginfo-0.99.22.4-5.el7_4.i686.rpm\nquagga-debuginfo-0.99.22.4-5.el7_4.x86_64.rpm\nquagga-devel-0.99.22.4-5.el7_4.i686.rpm\nquagga-devel-0.99.22.4-5.el7_4.x86_64.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):\n\naarch64:\nquagga-contrib-0.99.22.4-5.el7_4.aarch64.rpm\nquagga-debuginfo-0.99.22.4-5.el7_4.aarch64.rpm\nquagga-devel-0.99.22.4-5.el7_4.aarch64.rpm\n\nppc64le:\nquagga-contrib-0.99.22.4-5.el7_4.ppc64le.rpm\nquagga-debuginfo-0.99.22.4-5.el7_4.ppc64le.rpm\nquagga-devel-0.99.22.4-5.el7_4.ppc64le.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nquagga-0.99.22.4-5.el7_4.src.rpm\n\nx86_64:\nquagga-0.99.22.4-5.el7_4.i686.rpm\nquagga-0.99.22.4-5.el7_4.x86_64.rpm\nquagga-debuginfo-0.99.22.4-5.el7_4.i686.rpm\nquagga-debuginfo-0.99.22.4-5.el7_4.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nquagga-contrib-0.99.22.4-5.el7_4.x86_64.rpm\nquagga-debuginfo-0.99.22.4-5.el7_4.i686.rpm\nquagga-debuginfo-0.99.22.4-5.el7_4.x86_64.rpm\nquagga-devel-0.99.22.4-5.el7_4.i686.rpm\nquagga-devel-0.99.22.4-5.el7_4.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-5379\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFalvS5XlSAg2UNWIIRAt2VAJoDHq+b03wv2cXdpBivxT/zOAniAQCgkE2/\nWD9+DkKEg1eZpmyT0FyyN8s=\n=NOHT\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201804-17\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Quagga: Multiple vulnerabilities\n Date: April 22, 2018\n Bugs: #647788\n ID: 201804-17\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Quagga, the worst of which\ncould allow remote attackers to execute arbitrary code. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/quagga \u003c 1.2.4 \u003e= 1.2.4 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Quagga. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Quagga users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/quagga-1.2.4\"\n\nReferences\n==========\n\n[ 1 ] CVE-2018-5378\n https://nvd.nist.gov/vuln/detail/CVE-2018-5378\n[ 2 ] CVE-2018-5379\n https://nvd.nist.gov/vuln/detail/CVE-2018-5379\n[ 3 ] CVE-2018-5380\n https://nvd.nist.gov/vuln/detail/CVE-2018-5380\n[ 4 ] CVE-2018-5381\n https://nvd.nist.gov/vuln/detail/CVE-2018-5381\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201804-17\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2018 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. ==========================================================================\nUbuntu Security Notice USN-3573-1\nFebruary 16, 2018\n\nquagga vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 17.10\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Quagga. (CVE-2018-5379)\n\nIt was discovered that the Quagga BGP daemon did not properly bounds\ncheck the data sent with a NOTIFY to a peer. \nThis issue only affected Ubuntu 17.10. (CVE-2018-5378)\n\nIt was discovered that a table overrun vulnerability existed in the\nQuagga BGP daemon. (CVE-2018-5380)\n\nIt was discovered that the Quagga BGP daemon in some configurations\ndid not properly handle invalid OPEN messages. (CVE-2018-5381)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 17.10:\n quagga 1.1.1-3ubuntu0.2\n quagga-bgpd 1.1.1-3ubuntu0.2\n\nUbuntu 16.04 LTS:\n quagga 0.99.24.1-2ubuntu1.4\n\nUbuntu 14.04 LTS:\n quagga 0.99.22.4-3ubuntu1.5\n\nAfter a standard system update you need to restart Quagga to make\nall the necessary changes",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-5379"
},
{
"db": "CERT/CC",
"id": "VU#940439"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001492"
},
{
"db": "BID",
"id": "103105"
},
{
"db": "VULMON",
"id": "CVE-2018-5379"
},
{
"db": "PACKETSTORM",
"id": "146416"
},
{
"db": "PACKETSTORM",
"id": "146610"
},
{
"db": "PACKETSTORM",
"id": "147305"
},
{
"db": "PACKETSTORM",
"id": "146410"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#940439",
"trust": 3.3
},
{
"db": "NVD",
"id": "CVE-2018-5379",
"trust": 3.2
},
{
"db": "BID",
"id": "103105",
"trust": 2.0
},
{
"db": "ICS CERT",
"id": "ICSA-19-099-05",
"trust": 1.8
},
{
"db": "SIEMENS",
"id": "SSA-451142",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU95518305",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001492",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.1207",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201802-829",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2018-5379",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "146416",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "146610",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147305",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "146410",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#940439"
},
{
"db": "VULMON",
"id": "CVE-2018-5379"
},
{
"db": "BID",
"id": "103105"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001492"
},
{
"db": "PACKETSTORM",
"id": "146416"
},
{
"db": "PACKETSTORM",
"id": "146610"
},
{
"db": "PACKETSTORM",
"id": "147305"
},
{
"db": "PACKETSTORM",
"id": "146410"
},
{
"db": "NVD",
"id": "CVE-2018-5379"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-829"
}
]
},
"id": "VAR-201802-1049",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.52540106
},
"last_update_date": "2023-12-18T12:29:10.855000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AXSA:2018-2582:01",
"trust": 0.8,
"url": "https://tsn.miraclelinux.com/ja/node/9025"
},
{
"title": "Quagga 1.2.3 Release, with significant BGP security fixes",
"trust": 0.8,
"url": "https://savannah.nongnu.org/forum/forum.php?forum_id=9095"
},
{
"title": "\u4e0d\u6b63\u306a\u30e1\u30c3\u30bb\u30fc\u30b8\u306e\u53d7\u4fe1\u306b\u3088\u308aBGP\u6a5f\u80fd\u304c\u505c\u6b62\u3059\u308b\u8106\u5f31\u6027",
"trust": 0.8,
"url": "http://www.seil.jp/support/security/a01864.html"
},
{
"title": "Quagga BGP daemon Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=90582"
},
{
"title": "Red Hat: Important: quagga security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20180377 - security advisory"
},
{
"title": "Ubuntu Security Notice: quagga vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3573-1"
},
{
"title": "Red Hat: CVE-2018-5379",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2018-5379"
},
{
"title": "Debian Security Advisories: DSA-4115-1 quagga -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=60039c87d27a61271ac8cea042fa360d"
},
{
"title": "Amazon Linux AMI: ALAS-2018-957",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2018-957"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=743274c8dcbded6c8c6a2fcbd1f712aa"
},
{
"title": "Debian CVElist Bug Report Logs: quagga: CVE-2018-5378 CVE-2018-5379 CVE-2018-5380 CVE-2018-5381",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=4da9cc5babf3128084a3957af98f57a1"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - January 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=f20bc19459353e30190c7e47d9da0c23"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=72fe5ebf222112c8481815fd7cefc7af"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-5379"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001492"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-829"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-415",
"trust": 1.8
},
{
"problemtype": "CWE-119",
"trust": 0.8
},
{
"problemtype": "CWE-125",
"trust": 0.8
},
{
"problemtype": "CWE-228",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001492"
},
{
"db": "NVD",
"id": "CVE-2018-5379"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.kb.cert.org/vuls/id/940439"
},
{
"trust": 2.5,
"url": "http://savannah.nongnu.org/forum/forum.php?forum_id=9095"
},
{
"trust": 2.5,
"url": "https://www.debian.org/security/2018/dsa-4115"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/103105"
},
{
"trust": 2.0,
"url": "https://gogs.quagga.net/quagga/quagga/src/master/doc/security/quagga-2018-1114.txt"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2018:0377"
},
{
"trust": 1.8,
"url": "https://usn.ubuntu.com/3573-1/"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/201804-17"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00021.html"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdf"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5379"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5378"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5380"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5381"
},
{
"trust": 1.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-099-05"
},
{
"trust": 1.0,
"url": "https://access.redhat.com/security/cve/cve-2018-5379"
},
{
"trust": 0.9,
"url": "http://cwe.mitre.org/data/definitions/415.html"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1542985"
},
{
"trust": 0.9,
"url": "https://www.oracle.com/technetwork/topics/security/bulletinapr2018-4443185.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/125.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/228.html"
},
{
"trust": 0.8,
"url": "http://lists.suse.com/pipermail/sle-security-updates/2018-february/003735.html"
},
{
"trust": 0.8,
"url": "https://usn.ubuntu.com/usn/usn-3573-1/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5381"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5378"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5379"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5380"
},
{
"trust": 0.8,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-099-05"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu95518305/index.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/78746"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=57162"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.quagga.net/security/quagga-2018-0543.txt"
},
{
"trust": 0.1,
"url": "https://www.quagga.net/security/quagga-2018-1975.txt"
},
{
"trust": 0.1,
"url": "https://www.quagga.net/security/quagga-2018-1550.txt"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://www.quagga.net/security/quagga-2018-1114.txt"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/quagga"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/quagga/1.1.1-3ubuntu0.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/quagga/0.99.22.4-3ubuntu1.5"
},
{
"trust": 0.1,
"url": "https://www.ubuntu.com/usn/usn-3573-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/quagga/0.99.24.1-2ubuntu1.4"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#940439"
},
{
"db": "VULMON",
"id": "CVE-2018-5379"
},
{
"db": "BID",
"id": "103105"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001492"
},
{
"db": "PACKETSTORM",
"id": "146416"
},
{
"db": "PACKETSTORM",
"id": "146610"
},
{
"db": "PACKETSTORM",
"id": "147305"
},
{
"db": "PACKETSTORM",
"id": "146410"
},
{
"db": "NVD",
"id": "CVE-2018-5379"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-829"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#940439"
},
{
"db": "VULMON",
"id": "CVE-2018-5379"
},
{
"db": "BID",
"id": "103105"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001492"
},
{
"db": "PACKETSTORM",
"id": "146416"
},
{
"db": "PACKETSTORM",
"id": "146610"
},
{
"db": "PACKETSTORM",
"id": "147305"
},
{
"db": "PACKETSTORM",
"id": "146410"
},
{
"db": "NVD",
"id": "CVE-2018-5379"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-829"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-15T00:00:00",
"db": "CERT/CC",
"id": "VU#940439"
},
{
"date": "2018-02-19T00:00:00",
"db": "VULMON",
"id": "CVE-2018-5379"
},
{
"date": "2018-02-15T00:00:00",
"db": "BID",
"id": "103105"
},
{
"date": "2018-02-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001492"
},
{
"date": "2018-02-16T14:36:28",
"db": "PACKETSTORM",
"id": "146416"
},
{
"date": "2018-02-28T23:24:22",
"db": "PACKETSTORM",
"id": "146610"
},
{
"date": "2018-04-23T20:02:00",
"db": "PACKETSTORM",
"id": "147305"
},
{
"date": "2018-02-15T23:25:00",
"db": "PACKETSTORM",
"id": "146410"
},
{
"date": "2018-02-19T13:29:00.413000",
"db": "NVD",
"id": "CVE-2018-5379"
},
{
"date": "2018-02-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201802-829"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-19T00:00:00",
"db": "CERT/CC",
"id": "VU#940439"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2018-5379"
},
{
"date": "2019-04-10T11:00:00",
"db": "BID",
"id": "103105"
},
{
"date": "2019-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001492"
},
{
"date": "2019-10-09T23:41:15.437000",
"db": "NVD",
"id": "CVE-2018-5379"
},
{
"date": "2019-04-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201802-829"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "147305"
},
{
"db": "PACKETSTORM",
"id": "146410"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-829"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Quagga bgpd is affected by multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#940439"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201802-829"
}
],
"trust": 0.6
}
}
var-201103-0201
Vulnerability from variot
bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (session reset) via a malformed AS_PATHLIMIT path attribute. Quagga is prone to a remote denial-of-service vulnerability in the Border Gateway Protocol daemon (bgpd). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201202-02
http://security.gentoo.org/
Severity: High Title: Quagga: Multiple vulnerabilities Date: February 21, 2012 Bugs: #334303, #359903, #384651 ID: 201202-02
Synopsis
Multiple vulnerabilities were found in Quagga, the worst of which leading to remote execution of arbitrary code.
Background
Quagga is a free routing daemon replacing Zebra supporting RIP, OSPF and BGP.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/quagga < 0.99.20 >= 0.99.20
Description
Multiple vulnerabilities have been discovered in Quagga. Please review the CVE identifiers referenced below for details.
Impact
A BGP peer could send a Route-Refresh message with specially-crafted ORF record, which can cause Quagga's bgpd to crash or possibly execute arbitrary code with the privileges of the user running Quagga's bgpd; a BGP update AS path request with unknown AS type, or malformed AS-Pathlimit or Extended-Community attributes could lead to Denial of Service (daemon crash), an error in bgpd when handling AS_PATH attributes within UPDATE messages can be exploited to cause a heap-based buffer overflow resulting in a crash of the daemon and disruption of IPv4 routing, two errors in ospf6d and ospfd can each be exploited to crash the daemon and disrupt IP routing.
Workaround
There is no known workaround at this time.
Resolution
All Quagga users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/quagga-0.99.20 "
References
[ 1 ] CVE-2010-1674 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1674 [ 2 ] CVE-2010-1675 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1675 [ 3 ] CVE-2010-2948 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2948 [ 4 ] CVE-2010-2949 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2949 [ 5 ] CVE-2011-3323 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3323 [ 6 ] CVE-2011-3324 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3324 [ 7 ] CVE-2011-3325 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3325 [ 8 ] CVE-2011-3326 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3326 [ 9 ] CVE-2011-3327 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3327
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201202-02.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . =========================================================== Ubuntu Security Notice USN-1095-1 March 29, 2011 quagga vulnerabilities CVE-2010-1674, CVE-2010-1675 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 9.10 Ubuntu 10.04 LTS Ubuntu 10.10
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 6.06 LTS: quagga 0.99.2-1ubuntu3.8
Ubuntu 8.04 LTS: quagga 0.99.9-2ubuntu1.5
Ubuntu 9.10: quagga 0.99.13-1ubuntu0.2
Ubuntu 10.04 LTS: quagga 0.99.15-1ubuntu0.2
Ubuntu 10.10: quagga 0.99.17-1ubuntu0.1
In general, a standard system update will make all the necessary changes.
Details follow:
It was discovered that Quagga incorrectly parsed certain malformed extended communities. This issue only affected Ubuntu 8.04 LTS, 9.10, 10.04 LTS and 10.10. (CVE-2010-1675)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.8.diff.gz
Size/MD5: 36113 1eb66fc5a3782ce0589f2b282e696be2
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.8.dsc
Size/MD5: 1411 87fd7a9171f7c4a4783ad4dc0805f1e1
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2.orig.tar.gz
Size/MD5: 2185137 88087d90697fcf5fe192352634f340b3
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.2-1ubuntu3.8_all.deb
Size/MD5: 664436 d8113a629e9b671fc0bb82464673039d
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.8_amd64.deb
Size/MD5: 1401410 014fe0299907e363b1ffb42c75c89ee1
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.8_i386.deb
Size/MD5: 1199776 21c7bb4881d3ba04dfc33e862571307f
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.8_powerpc.deb
Size/MD5: 1351840 38aed9b6353cb4726cede9f8ec9316b0
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.8_sparc.deb
Size/MD5: 1322762 acb31557865b45c8f66cec902472f18f
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.5.diff.gz
Size/MD5: 39262 3c6096477f97056af0838c3408b04f35
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.5.dsc
Size/MD5: 1620 80f65b3b497f46ec444fa32c2162bbc4
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9.orig.tar.gz
Size/MD5: 2341067 4dbdaf91bf6609803819d97d5fccc4c9
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.9-2ubuntu1.5_all.deb
Size/MD5: 662098 1c1e9e6549bb08f0a35b67f0d3912b9d
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.5_amd64.deb
Size/MD5: 1620432 1951c3240090d233607c5e89bd1225db
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.5_i386.deb
Size/MD5: 1463056 15eddb43ab310e96ef948547469e72a5
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.5_lpia.deb
Size/MD5: 1462096 ed77eba019eb94648d3fa9511f5a66b1
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.5_powerpc.deb
Size/MD5: 1659220 0b0d9f9d494bd351004c24deba1486e5
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.5_sparc.deb
Size/MD5: 1521800 69d72391cb794ea1aff05a3c027d1d0b
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.2.diff.gz
Size/MD5: 36744 ca2b7bc99044a0cd3a9dca3074092d7e
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.2.dsc
Size/MD5: 2062 f56ce9074d4b944d1ac402917751c8d2
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.13.orig.tar.gz
Size/MD5: 2172551 55a7d2dcf016580a7c7412b3518cd942
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.13-1ubuntu0.2_all.deb
Size/MD5: 661830 d317a74df29d0d9d2b29d8125901fbdc
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.2_amd64.deb
Size/MD5: 1704898 517cf7575403cc3d8dfad3919cc94222
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.2_i386.deb
Size/MD5: 1565536 2b55c6c86db3e7975532beb621cdf2d1
armel architecture (ARM Architecture):
http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.2_armel.deb
Size/MD5: 1494646 8e7bb17883bb8b330631ce1940ca1325
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.2_lpia.deb
Size/MD5: 1550538 90aecebc5d3e040b4f39cde032254e4e
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.2_powerpc.deb
Size/MD5: 1646082 0dbfc717390f284b00b373eb9c8eddc1
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.2_sparc.deb
Size/MD5: 1624232 0ad27739f04adebb1041175ba59ac9db
Updated packages for Ubuntu 10.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.2.diff.gz
Size/MD5: 38186 c160867f187579266c7e9e2530901c46
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.2.dsc
Size/MD5: 2043 2782c599e61e924024bac7c91bf625dc
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.15.orig.tar.gz
Size/MD5: 2191159 8975414c76a295f4855a417af0b5ddce
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.15-1ubuntu0.2_all.deb
Size/MD5: 764192 21b1009ec5cfa212cfb67b510de43195
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.2_amd64.deb
Size/MD5: 1713668 9437d1d013562e9d5d1f63f13e793076
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.2_i386.deb
Size/MD5: 1570952 c5d82ca896668c53ef9677f0fee9eaa5
armel architecture (ARM Architecture):
http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.2_armel.deb
Size/MD5: 1514696 16e37adb96dc8598618197de47acd024
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.2_powerpc.deb
Size/MD5: 1653666 6003dce9a240f5fa898c3998d427bb25
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.2_sparc.deb
Size/MD5: 1669528 9b6a52df93c0b1df44b96c3d3bf0981b
Updated packages for Ubuntu 10.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.17-1ubuntu0.1.diff.gz
Size/MD5: 36082 0ea8c4782b542282bc7df2802f946901
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.17-1ubuntu0.1.dsc
Size/MD5: 2052 472f8f02bc416bf043867b062434dba1
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.17.orig.tar.gz
Size/MD5: 2202151 37b9022adca04b03863d2d79787e643f
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.17-1ubuntu0.1_all.deb
Size/MD5: 608746 60d0be23780e4b79af1e9eece53ddb89
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.17-1ubuntu0.1_amd64.deb
Size/MD5: 1693118 512b7d6309cfaee4beb2196bf47c56be
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.17-1ubuntu0.1_i386.deb
Size/MD5: 1546418 e6a2d015781c42db6ce07c5a17f0bfea
armel architecture (ARM Architecture):
http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.17-1ubuntu0.1_armel.deb
Size/MD5: 1580728 7aa4098e017a8c5e721e91712d13d7b2
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.17-1ubuntu0.1_powerpc.deb
Size/MD5: 1626462 21bd8343d8d5753b08b581b93e158f93
. ----------------------------------------------------------------------
Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March).
http://secunia.com/company/events/mms_2011/
TITLE: Quagga Two Denial of Service Vulnerabilities
SECUNIA ADVISORY ID: SA43770
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43770/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43770
RELEASE DATE: 2011-03-23
DISCUSS ADVISORY: http://secunia.com/advisories/43770/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/43770/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=43770
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Two vulnerabilities have been reported in Quagga, which can be exploited by malicious people to cause a DoS (Denial of Service).
1) A NULL-pointer dereference error when parsing certain extended community attributes can be exploited to crash the "bgpd" daemon via specially crafted extended community attributes.
Note: Successful exploitation may require that the attacker is a directly configured peer.
2) An error within the AS path limit/TTL functionality when parsing certain AS_PATHLIMIT attributes can be exploited to reset BGP sessions by sending specially crafted AS_PATHLIMIT attributes.
The vulnerabilities are reported in versions prior to 0.99.18.
SOLUTION: Update to version 0.99.18.
Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
ORIGINAL ADVISORY: Quagga: http://www.quagga.net/news2.php?y=2011&m=3&d=21#id1300723200
DSA-2197-1: http://lists.debian.org/debian-security-announce/2011/msg00065.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. ----------------------------------------------------------------------
Secunia presentations @ RSA Conference 2012, San Francisco, USA, 27 Feb-02 March Listen to our Chief Security Specialist, Research Analyst Director, and Director Product Management & Quality Assurance discuss the industry's key topics. Also, visit the Secunia stand #817. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
Updated packages are available that bring Quagga to version 0.99.18 which provides numerous bugfixes over the previous 0.99.17 version, and also corrects these issues. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Debian Security Advisory DSA-2197-1 security@debian.org http://www.debian.org/security/ Florian Weimer March 21, 2011 http://www.debian.org/security/faq
Package : quagga Vulnerability : denial of service Problem type : remote Debian-specific: no CVE ID : CVE-2010-1674 CVE-2010-1675
It has been discovered that the Quagga routing daemon contains two denial-of-service vulnerabilities in its BGP implementation:
CVE-2010-1674 A crafted Extended Communities attribute triggers a null pointer dereference which causes the BGP daemon to crash. The crafted attributes are not propagated by the Internet core, so only explicitly configured direct peers are able to exploit this vulnerability in typical configurations.
CVE-2010-1675 The BGP daemon resets BGP sessions when it encounters malformed AS_PATHLIMIT attributes, introducing a distributed BGP session reset vulnerability which disrupts packet forwarding. Such malformed attributes are propagated by the Internet core, and exploitation of this vulnerability is not restricted to directly configured BGP peers.
This security update removes AS_PATHLIMIT processing from the BGP implementation, preserving the configuration statements for backwards compatibility. (Standardization of this BGP extension was abandoned long ago.)
For the oldstable distribution (lenny), these problems have been fixed in version 0.99.10-1lenny5.
For the stable distribution (squeeze), these problems have been fixed in version 0.99.17-2+squeeze2.
For the testing distribution (wheezy) and the unstable distribution (sid), these problems will fixed soon.
We recommend that you upgrade your quagga packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBAgAGBQJNh6YIAAoJEL97/wQC1SS+NM8IAKIkTfjywBL7reUL+qfnDQuE Lp7/0vs/NpT3X4emH8dJiALXQkjzfr1CmyeCB+ZHxhuctr4lTCmJbcng6NPv9bxq m3RmwgBuawsqZhkAjqXJQd72zNftrGgt6kYnCk9SkgezeRkfUxZTa6QMwm/ykLAW 2WzkdXkb9CqPVIOD7Drr6gz077u3qqIAsJjgbtExNPWAgYszjCMMDb+idcI9jfAZ GdSQwsGZxqlqKbYp0DTkv7a8Q59cS8bLMZzNag+mY3wlJq1u+eAVuvplDDhU6/cx Nr6Y14LkiRGiZJ8a4j52XfJ/69HsX1TeedVDf5Z6icBa+FIoL252da0Lo1lGNgw= =5Ue5 -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201103-0201",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.15"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.97.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.11"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.16"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.13"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.14"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.97.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.97.0"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.12"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.10"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.8"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.2"
},
{
"model": "quagga",
"scope": "lte",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.17"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.9"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.0"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.6"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.6"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.7"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.95"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.5"
},
{
"model": "quagga",
"scope": "lt",
"trust": 0.8,
"vendor": "quagga",
"version": "0.99.18"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.6,
"vendor": "quagga",
"version": "0.99.17"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux enterprise server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11.4"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11.3"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.2"
},
{
"model": "hat enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "hat enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "hat enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.17"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.16"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.15"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.11"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.9"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.8"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.7"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.6"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.5"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.4"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.3"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.2"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.1"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.6"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.5"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.3"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.97.3"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.4"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.3"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.2"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
}
],
"sources": [
{
"db": "BID",
"id": "46943"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001444"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-333"
},
{
"db": "NVD",
"id": "CVE-2010-1675"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.95:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "0.99.17",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2010-1675"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Debian",
"sources": [
{
"db": "BID",
"id": "46943"
},
{
"db": "PACKETSTORM",
"id": "99562"
}
],
"trust": 0.4
},
"cve": "CVE-2010-1675",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2010-1675",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 1.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2010-1675",
"trust": 1.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201103-333",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-001444"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-333"
},
{
"db": "NVD",
"id": "CVE-2010-1675"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (session reset) via a malformed AS_PATHLIMIT path attribute. Quagga is prone to a remote denial-of-service vulnerability in the Border Gateway Protocol daemon (bgpd). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201202-02\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Quagga: Multiple vulnerabilities\n Date: February 21, 2012\n Bugs: #334303, #359903, #384651\n ID: 201202-02\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities were found in Quagga, the worst of which\nleading to remote execution of arbitrary code. \n\nBackground\n==========\n\nQuagga is a free routing daemon replacing Zebra supporting RIP, OSPF\nand BGP. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/quagga \u003c 0.99.20 \u003e= 0.99.20\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Quagga. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nA BGP peer could send a Route-Refresh message with specially-crafted\nORF record, which can cause Quagga\u0027s bgpd to crash or possibly execute\narbitrary code with the privileges of the user running Quagga\u0027s bgpd; a\nBGP update AS path request with unknown AS type, or malformed\nAS-Pathlimit or Extended-Community attributes could lead to Denial of\nService (daemon crash), an error in bgpd when handling AS_PATH\nattributes within UPDATE messages can\nbe exploited to cause a heap-based buffer overflow resulting in a crash\nof the\ndaemon and disruption of IPv4 routing, two errors in ospf6d and ospfd\ncan each be exploited to crash the daemon and disrupt IP routing. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Quagga users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/quagga-0.99.20 \"\n\nReferences\n==========\n\n[ 1 ] CVE-2010-1674\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1674\n[ 2 ] CVE-2010-1675\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1675\n[ 3 ] CVE-2010-2948\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2948\n[ 4 ] CVE-2010-2949\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2949\n[ 5 ] CVE-2011-3323\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3323\n[ 6 ] CVE-2011-3324\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3324\n[ 7 ] CVE-2011-3325\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3325\n[ 8 ] CVE-2011-3326\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3326\n[ 9 ] CVE-2011-3327\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3327\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201202-02.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ===========================================================\nUbuntu Security Notice USN-1095-1 March 29, 2011\nquagga vulnerabilities\nCVE-2010-1674, CVE-2010-1675\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 6.06 LTS\nUbuntu 8.04 LTS\nUbuntu 9.10\nUbuntu 10.04 LTS\nUbuntu 10.10\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 6.06 LTS:\n quagga 0.99.2-1ubuntu3.8\n\nUbuntu 8.04 LTS:\n quagga 0.99.9-2ubuntu1.5\n\nUbuntu 9.10:\n quagga 0.99.13-1ubuntu0.2\n\nUbuntu 10.04 LTS:\n quagga 0.99.15-1ubuntu0.2\n\nUbuntu 10.10:\n quagga 0.99.17-1ubuntu0.1\n\nIn general, a standard system update will make all the necessary changes. \n\nDetails follow:\n\nIt was discovered that Quagga incorrectly parsed certain malformed extended\ncommunities. This issue only affected Ubuntu 8.04 LTS,\n9.10, 10.04 LTS and 10.10. (CVE-2010-1675)\n\n\nUpdated packages for Ubuntu 6.06 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.8.diff.gz\n Size/MD5: 36113 1eb66fc5a3782ce0589f2b282e696be2\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.8.dsc\n Size/MD5: 1411 87fd7a9171f7c4a4783ad4dc0805f1e1\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2.orig.tar.gz\n Size/MD5: 2185137 88087d90697fcf5fe192352634f340b3\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.2-1ubuntu3.8_all.deb\n Size/MD5: 664436 d8113a629e9b671fc0bb82464673039d\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.8_amd64.deb\n Size/MD5: 1401410 014fe0299907e363b1ffb42c75c89ee1\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.8_i386.deb\n Size/MD5: 1199776 21c7bb4881d3ba04dfc33e862571307f\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.8_powerpc.deb\n Size/MD5: 1351840 38aed9b6353cb4726cede9f8ec9316b0\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.8_sparc.deb\n Size/MD5: 1322762 acb31557865b45c8f66cec902472f18f\n\nUpdated packages for Ubuntu 8.04 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.5.diff.gz\n Size/MD5: 39262 3c6096477f97056af0838c3408b04f35\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.5.dsc\n Size/MD5: 1620 80f65b3b497f46ec444fa32c2162bbc4\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9.orig.tar.gz\n Size/MD5: 2341067 4dbdaf91bf6609803819d97d5fccc4c9\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.9-2ubuntu1.5_all.deb\n Size/MD5: 662098 1c1e9e6549bb08f0a35b67f0d3912b9d\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.5_amd64.deb\n Size/MD5: 1620432 1951c3240090d233607c5e89bd1225db\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.5_i386.deb\n Size/MD5: 1463056 15eddb43ab310e96ef948547469e72a5\n\n lpia architecture (Low Power Intel Architecture):\n\n http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.5_lpia.deb\n Size/MD5: 1462096 ed77eba019eb94648d3fa9511f5a66b1\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.5_powerpc.deb\n Size/MD5: 1659220 0b0d9f9d494bd351004c24deba1486e5\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.5_sparc.deb\n Size/MD5: 1521800 69d72391cb794ea1aff05a3c027d1d0b\n\nUpdated packages for Ubuntu 9.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.2.diff.gz\n Size/MD5: 36744 ca2b7bc99044a0cd3a9dca3074092d7e\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.2.dsc\n Size/MD5: 2062 f56ce9074d4b944d1ac402917751c8d2\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.13.orig.tar.gz\n Size/MD5: 2172551 55a7d2dcf016580a7c7412b3518cd942\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.13-1ubuntu0.2_all.deb\n Size/MD5: 661830 d317a74df29d0d9d2b29d8125901fbdc\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.2_amd64.deb\n Size/MD5: 1704898 517cf7575403cc3d8dfad3919cc94222\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.2_i386.deb\n Size/MD5: 1565536 2b55c6c86db3e7975532beb621cdf2d1\n\n armel architecture (ARM Architecture):\n\n http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.2_armel.deb\n Size/MD5: 1494646 8e7bb17883bb8b330631ce1940ca1325\n\n lpia architecture (Low Power Intel Architecture):\n\n http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.2_lpia.deb\n Size/MD5: 1550538 90aecebc5d3e040b4f39cde032254e4e\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.2_powerpc.deb\n Size/MD5: 1646082 0dbfc717390f284b00b373eb9c8eddc1\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.2_sparc.deb\n Size/MD5: 1624232 0ad27739f04adebb1041175ba59ac9db\n\nUpdated packages for Ubuntu 10.04 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.2.diff.gz\n Size/MD5: 38186 c160867f187579266c7e9e2530901c46\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.2.dsc\n Size/MD5: 2043 2782c599e61e924024bac7c91bf625dc\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.15.orig.tar.gz\n Size/MD5: 2191159 8975414c76a295f4855a417af0b5ddce\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.15-1ubuntu0.2_all.deb\n Size/MD5: 764192 21b1009ec5cfa212cfb67b510de43195\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.2_amd64.deb\n Size/MD5: 1713668 9437d1d013562e9d5d1f63f13e793076\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.2_i386.deb\n Size/MD5: 1570952 c5d82ca896668c53ef9677f0fee9eaa5\n\n armel architecture (ARM Architecture):\n\n http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.2_armel.deb\n Size/MD5: 1514696 16e37adb96dc8598618197de47acd024\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.2_powerpc.deb\n Size/MD5: 1653666 6003dce9a240f5fa898c3998d427bb25\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.2_sparc.deb\n Size/MD5: 1669528 9b6a52df93c0b1df44b96c3d3bf0981b\n\nUpdated packages for Ubuntu 10.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.17-1ubuntu0.1.diff.gz\n Size/MD5: 36082 0ea8c4782b542282bc7df2802f946901\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.17-1ubuntu0.1.dsc\n Size/MD5: 2052 472f8f02bc416bf043867b062434dba1\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.17.orig.tar.gz\n Size/MD5: 2202151 37b9022adca04b03863d2d79787e643f\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.17-1ubuntu0.1_all.deb\n Size/MD5: 608746 60d0be23780e4b79af1e9eece53ddb89\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.17-1ubuntu0.1_amd64.deb\n Size/MD5: 1693118 512b7d6309cfaee4beb2196bf47c56be\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.17-1ubuntu0.1_i386.deb\n Size/MD5: 1546418 e6a2d015781c42db6ce07c5a17f0bfea\n\n armel architecture (ARM Architecture):\n\n http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.17-1ubuntu0.1_armel.deb\n Size/MD5: 1580728 7aa4098e017a8c5e721e91712d13d7b2\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.17-1ubuntu0.1_powerpc.deb\n Size/MD5: 1626462 21bd8343d8d5753b08b581b93e158f93\n\n\n\n. ----------------------------------------------------------------------\n\n\nMeet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). \n\nhttp://secunia.com/company/events/mms_2011/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nQuagga Two Denial of Service Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA43770\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/43770/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43770\n\nRELEASE DATE:\n2011-03-23\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/43770/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/43770/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43770\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nTwo vulnerabilities have been reported in Quagga, which can be\nexploited by malicious people to cause a DoS (Denial of Service). \n\n1) A NULL-pointer dereference error when parsing certain extended\ncommunity attributes can be exploited to crash the \"bgpd\" daemon via\nspecially crafted extended community attributes. \n\nNote: Successful exploitation may require that the attacker is a\ndirectly configured peer. \n\n2) An error within the AS path limit/TTL functionality when parsing\ncertain AS_PATHLIMIT attributes can be exploited to reset BGP\nsessions by sending specially crafted AS_PATHLIMIT attributes. \n\nThe vulnerabilities are reported in versions prior to 0.99.18. \n\nSOLUTION:\nUpdate to version 0.99.18. \n\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nQuagga:\nhttp://www.quagga.net/news2.php?y=2011\u0026m=3\u0026d=21#id1300723200\n\nDSA-2197-1:\nhttp://lists.debian.org/debian-security-announce/2011/msg00065.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. ----------------------------------------------------------------------\n\nSecunia presentations @ RSA Conference 2012, San Francisco, USA, 27 Feb-02 March\nListen to our Chief Security Specialist, Research Analyst Director, and Director Product Management \u0026 Quality Assurance discuss the industry\u0027s key topics. Also, visit the Secunia stand #817. This fixes multiple\nvulnerabilities, which can be exploited by malicious people to cause\na DoS (Denial of Service) and potentially compromise a vulnerable\nsystem. \n \n Updated packages are available that bring Quagga to version 0.99.18\n which provides numerous bugfixes over the previous 0.99.17 version,\n and also corrects these issues. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2197-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nMarch 21, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : quagga\nVulnerability : denial of service\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2010-1674 CVE-2010-1675\n\nIt has been discovered that the Quagga routing daemon contains two\ndenial-of-service vulnerabilities in its BGP implementation:\n\nCVE-2010-1674\n\tA crafted Extended Communities attribute triggers a null\n pointer dereference which causes the BGP daemon to crash. \n\tThe crafted attributes are not propagated by the Internet\n\tcore, so only explicitly configured direct peers are able\n\tto exploit this vulnerability in typical configurations. \n\nCVE-2010-1675\n\tThe BGP daemon resets BGP sessions when it encounters\n\tmalformed AS_PATHLIMIT attributes, introducing a distributed\n\tBGP session reset vulnerability which disrupts packet\n\tforwarding. Such malformed attributes are propagated by the\n\tInternet core, and exploitation of this vulnerability is not\n\trestricted to directly configured BGP peers. \n\nThis security update removes AS_PATHLIMIT processing from the BGP\nimplementation, preserving the configuration statements for backwards\ncompatibility. (Standardization of this BGP extension was abandoned\nlong ago.)\n\nFor the oldstable distribution (lenny), these problems have been fixed\nin version 0.99.10-1lenny5. \n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 0.99.17-2+squeeze2. \n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), these problems will fixed soon. \n\nWe recommend that you upgrade your quagga packages. \n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niQEcBAEBAgAGBQJNh6YIAAoJEL97/wQC1SS+NM8IAKIkTfjywBL7reUL+qfnDQuE\nLp7/0vs/NpT3X4emH8dJiALXQkjzfr1CmyeCB+ZHxhuctr4lTCmJbcng6NPv9bxq\nm3RmwgBuawsqZhkAjqXJQd72zNftrGgt6kYnCk9SkgezeRkfUxZTa6QMwm/ykLAW\n2WzkdXkb9CqPVIOD7Drr6gz077u3qqIAsJjgbtExNPWAgYszjCMMDb+idcI9jfAZ\nGdSQwsGZxqlqKbYp0DTkv7a8Q59cS8bLMZzNag+mY3wlJq1u+eAVuvplDDhU6/cx\nNr6Y14LkiRGiZJ8a4j52XfJ/69HsX1TeedVDf5Z6icBa+FIoL252da0Lo1lGNgw=\n=5Ue5\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-1675"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001444"
},
{
"db": "BID",
"id": "46943"
},
{
"db": "PACKETSTORM",
"id": "110033"
},
{
"db": "PACKETSTORM",
"id": "99844"
},
{
"db": "PACKETSTORM",
"id": "99624"
},
{
"db": "PACKETSTORM",
"id": "110122"
},
{
"db": "PACKETSTORM",
"id": "99619"
},
{
"db": "PACKETSTORM",
"id": "99955"
},
{
"db": "PACKETSTORM",
"id": "99562"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-1675",
"trust": 3.1
},
{
"db": "BID",
"id": "46943",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "43770",
"trust": 2.5
},
{
"db": "OSVDB",
"id": "71258",
"trust": 2.4
},
{
"db": "VUPEN",
"id": "ADV-2011-0711",
"trust": 2.4
},
{
"db": "SECUNIA",
"id": "43499",
"trust": 1.7
},
{
"db": "XF",
"id": "66212",
"trust": 1.4
},
{
"db": "SECUNIA",
"id": "48106",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001444",
"trust": 0.8
},
{
"db": "DEBIAN",
"id": "DSA-2197",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "16656",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201103-333",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "110033",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "99844",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "99624",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "110122",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "99619",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "99955",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "99562",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "46943"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001444"
},
{
"db": "PACKETSTORM",
"id": "110033"
},
{
"db": "PACKETSTORM",
"id": "99844"
},
{
"db": "PACKETSTORM",
"id": "99624"
},
{
"db": "PACKETSTORM",
"id": "110122"
},
{
"db": "PACKETSTORM",
"id": "99619"
},
{
"db": "PACKETSTORM",
"id": "99955"
},
{
"db": "PACKETSTORM",
"id": "99562"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-333"
},
{
"db": "NVD",
"id": "CVE-2010-1675"
}
]
},
"id": "VAR-201103-0201",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.1590909
},
"last_update_date": "2022-05-05T07:02:32.167000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Index of /releases/quagga",
"trust": 0.8,
"url": "http://download.savannah.gnu.org/releases/quagga/"
},
{
"title": "RHSA-2011:0406",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2011-0406.html"
},
{
"title": "Multiple Denial of Service vulnerabilities in Quagga",
"trust": 0.8,
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_denial_of_service_vulnerabilities4"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-001444"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-001444"
},
{
"db": "NVD",
"id": "CVE-2010-1675"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://secunia.com/advisories/43770"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/46943"
},
{
"trust": 2.4,
"url": "http://www.vupen.com/english/advisories/2011/0711"
},
{
"trust": 1.7,
"url": "http://www.quagga.net/news2.php?y=2011\u0026m=3\u0026d=21#id1300723200"
},
{
"trust": 1.7,
"url": "http://www.debian.org/security/2011/dsa-2197"
},
{
"trust": 1.6,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=654614"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/71258"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/43499"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/66212"
},
{
"trust": 1.1,
"url": "http://security.gentoo.org/glsa/glsa-201202-02.xml"
},
{
"trust": 1.0,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2011:058"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66212"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/48106"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1675"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1675"
},
{
"trust": 0.8,
"url": "http://osvdb.org/71258"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/16656"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1675"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1674"
},
{
"trust": 0.3,
"url": "http://www.quagga.net/"
},
{
"trust": 0.3,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.3,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.3,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.3,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.3,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.2,
"url": "http://secunia.com/company/events/mms_2011/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1674"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3323"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2949"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3326"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3325"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3325"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3324"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3324"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1675"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2948"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3327"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3326"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3327"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3323"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2948"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2949"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.13-1ubuntu0.2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.2.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.17-1ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.15-1ubuntu0.2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.8_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.13.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.2_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.8.diff.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.17-1ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.2_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.17-1ubuntu0.1_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.2.dsc"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.17.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.5.diff.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.2_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.8_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.17-1ubuntu0.1.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.8.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.5.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.17-1ubuntu0.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.9.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.9-2ubuntu1.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.2.diff.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/q/quagga/quagga_0.99.15-1ubuntu0.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.13-1ubuntu0.2.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.17-1ubuntu0.1.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.2-1ubuntu3.8_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.8_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.2-1ubuntu3.8_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga-doc_0.99.9-2ubuntu1.5_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.17-1ubuntu0.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/q/quagga/quagga_0.99.15.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://lists.debian.org/debian-security-announce/2011/msg00065.html"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43770"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/43770/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/43770/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48106"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48106/#comments"
},
{
"trust": 0.1,
"url": "http://www.gentoo.org/security/en/glsa/glsa-201202-02.xml"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://www.rsaconference.com/events/2012/usa/index.htm"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48106/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43499"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/43499/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/43499/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1674"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
}
],
"sources": [
{
"db": "BID",
"id": "46943"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001444"
},
{
"db": "PACKETSTORM",
"id": "110033"
},
{
"db": "PACKETSTORM",
"id": "99844"
},
{
"db": "PACKETSTORM",
"id": "99624"
},
{
"db": "PACKETSTORM",
"id": "110122"
},
{
"db": "PACKETSTORM",
"id": "99619"
},
{
"db": "PACKETSTORM",
"id": "99955"
},
{
"db": "PACKETSTORM",
"id": "99562"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-333"
},
{
"db": "NVD",
"id": "CVE-2010-1675"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "46943"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001444"
},
{
"db": "PACKETSTORM",
"id": "110033"
},
{
"db": "PACKETSTORM",
"id": "99844"
},
{
"db": "PACKETSTORM",
"id": "99624"
},
{
"db": "PACKETSTORM",
"id": "110122"
},
{
"db": "PACKETSTORM",
"id": "99619"
},
{
"db": "PACKETSTORM",
"id": "99955"
},
{
"db": "PACKETSTORM",
"id": "99562"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-333"
},
{
"db": "NVD",
"id": "CVE-2010-1675"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-03-21T00:00:00",
"db": "BID",
"id": "46943"
},
{
"date": "2011-04-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001444"
},
{
"date": "2012-02-22T02:10:03",
"db": "PACKETSTORM",
"id": "110033"
},
{
"date": "2011-03-29T20:28:13",
"db": "PACKETSTORM",
"id": "99844"
},
{
"date": "2011-03-22T09:26:03",
"db": "PACKETSTORM",
"id": "99624"
},
{
"date": "2012-02-23T07:47:50",
"db": "PACKETSTORM",
"id": "110122"
},
{
"date": "2011-03-22T09:25:50",
"db": "PACKETSTORM",
"id": "99619"
},
{
"date": "2011-04-01T20:57:12",
"db": "PACKETSTORM",
"id": "99955"
},
{
"date": "2011-03-21T19:39:00",
"db": "PACKETSTORM",
"id": "99562"
},
{
"date": "2011-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201103-333"
},
{
"date": "2011-03-29T18:55:00",
"db": "NVD",
"id": "CVE-2010-1675"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-16T17:43:00",
"db": "BID",
"id": "46943"
},
{
"date": "2012-04-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001444"
},
{
"date": "2011-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201103-333"
},
{
"date": "2018-01-06T02:29:00",
"db": "NVD",
"id": "CVE-2010-1675"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "110033"
},
{
"db": "PACKETSTORM",
"id": "99844"
},
{
"db": "PACKETSTORM",
"id": "99955"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-333"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Quagga of bgpd Service disruption in ( Session reset ) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-001444"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201103-333"
}
],
"trust": 0.6
}
}
var-201206-0262
Vulnerability from variot
The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering (ORF) capability TLV in an OPEN message. Quagga, a routing software suite, contains a BGP OPEN vulnerability that result in a denial-of-service condition. Quagga There is a service disruption (DoS) Vulnerabilities exist. Routing software Quagga Is bgp_capability_orf() By function BGP OPEN There is a problem with message processing and service operation is interrupted (DoS) Vulnerabilities exist.Service disruption by a remote third party (DoS) There is a possibility of being attacked. Exploiting this issue allows remote attackers to cause the vulnerable daemon to crash, denying further service to legitimate users. Quagga 0.99.20.1 and prior versions are vulnerable.
For the stable distribution (squeeze), this problem has been fixed in version 0.99.20.1-0+squeeze3.
For the testing distribution (wheezy) and the unstable distribution (sid), this problem has been fixed in version 0.99.21-3. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: Quagga "bgp_capability_orf()" Denial of Service Vulnerability
SECUNIA ADVISORY ID: SA49401
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49401/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49401
RELEASE DATE: 2012-06-08
DISCUSS ADVISORY: http://secunia.com/advisories/49401/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/49401/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49401
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Quagga, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error in the "bgp_capability_orf()" function when parsing OPEN messages containing an ORF capability TLV. This can be exploited to cause a buffer overflow via a specially crafted packet.
Successful exploitation requires control of a pre-configured BGP peer.
SOLUTION: Restrict access to trusted BGP peers only.
PROVIDED AND/OR DISCOVERED BY: US-CERT credits Denis Ovsienko.
ORIGINAL ADVISORY: US-CERT: http://www.kb.cert.org/vuls/id/962587
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201310-08
http://security.gentoo.org/
Severity: Normal Title: Quagga: Multiple vulnerabilities Date: October 10, 2013 Bugs: #408507, #475706 ID: 201310-08
Synopsis
Multiple vulnerabilities have been found in Quagga, the worst of which could lead to arbitrary code execution.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/quagga < 0.99.22.4 >= 0.99.22.4
Description
Multiple vulnerabilities have been discovered in Quagga. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker may be able to cause arbitrary code execution or a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All Quagga users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/quagga-0.99.22.4"
References
[ 1 ] CVE-2012-0249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0249 [ 2 ] CVE-2012-0250 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0250 [ 3 ] CVE-2012-0255 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0255 [ 4 ] CVE-2012-1820 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1820 [ 5 ] CVE-2013-2236 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2236
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201310-08.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: quagga security update Advisory ID: RHSA-2012:1259-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1259.html Issue date: 2012-09-12 CVE Names: CVE-2011-3323 CVE-2011-3324 CVE-2011-3325 CVE-2011-3326 CVE-2011-3327 CVE-2012-0249 CVE-2012-0250 CVE-2012-0255 CVE-2012-1820 =====================================================================
- Summary:
Updated quagga packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
- The Quagga ospfd and ospf6d daemons implement the OSPF (Open Shortest Path First) routing protocol.
A heap-based buffer overflow flaw was found in the way the bgpd daemon processed malformed Extended Communities path attributes. An attacker could send a specially-crafted BGP message, causing bgpd on a target system to crash or, possibly, execute arbitrary code with the privileges of the user running bgpd. The UPDATE message would have to arrive from an explicitly configured BGP peer, but could have originated elsewhere in the BGP network. (CVE-2011-3327)
A stack-based buffer overflow flaw was found in the way the ospf6d daemon processed malformed Link State Update packets. An OSPF router could use this flaw to crash ospf6d on an adjacent router. (CVE-2011-3323)
A flaw was found in the way the ospf6d daemon processed malformed link state advertisements. An OSPF neighbor could use this flaw to crash ospf6d on a target system. (CVE-2011-3324)
A flaw was found in the way the ospfd daemon processed malformed Hello packets. An OSPF neighbor could use this flaw to crash ospfd on a target system. (CVE-2011-3325)
A flaw was found in the way the ospfd daemon processed malformed link state advertisements. An OSPF router in the autonomous system could use this flaw to crash ospfd on a target system. (CVE-2011-3326)
An assertion failure was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to cause ospfd on an adjacent router to abort. (CVE-2012-0249)
A buffer overflow flaw was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to crash ospfd on an adjacent router. (CVE-2012-0250)
Two flaws were found in the way the bgpd daemon processed certain BGP OPEN messages. A configured BGP peer could cause bgpd on a target system to abort via a specially-crafted BGP OPEN message. (CVE-2012-0255, CVE-2012-1820)
Red Hat would like to thank CERT-FI for reporting CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326; and the CERT/CC for reporting CVE-2012-0249, CVE-2012-0250, CVE-2012-0255, and CVE-2012-1820. CERT-FI acknowledges Riku Hietamäki, Tuomo Untinen and Jukka Taimisto of the Codenomicon CROSS project as the original reporters of CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326. The CERT/CC acknowledges Martin Winter at OpenSourceRouting.org as the original reporter of CVE-2012-0249, CVE-2012-0250, and CVE-2012-0255, and Denis Ovsienko as the original reporter of CVE-2012-1820.
Users of quagga should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the bgpd, ospfd, and ospf6d daemons will be restarted automatically.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258
- Package List:
Red Hat Enterprise Linux Server (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm
i386: quagga-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm
ppc64: quagga-0.99.15-7.el6_3.2.ppc64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.ppc64.rpm
s390x: quagga-0.99.15-7.el6_3.2.s390x.rpm quagga-debuginfo-0.99.15-7.el6_3.2.s390x.rpm
x86_64: quagga-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm
i386: quagga-contrib-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm
ppc64: quagga-contrib-0.99.15-7.el6_3.2.ppc64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.ppc.rpm quagga-debuginfo-0.99.15-7.el6_3.2.ppc64.rpm quagga-devel-0.99.15-7.el6_3.2.ppc.rpm quagga-devel-0.99.15-7.el6_3.2.ppc64.rpm
s390x: quagga-contrib-0.99.15-7.el6_3.2.s390x.rpm quagga-debuginfo-0.99.15-7.el6_3.2.s390.rpm quagga-debuginfo-0.99.15-7.el6_3.2.s390x.rpm quagga-devel-0.99.15-7.el6_3.2.s390.rpm quagga-devel-0.99.15-7.el6_3.2.s390x.rpm
x86_64: quagga-contrib-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm
i386: quagga-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm
x86_64: quagga-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm
i386: quagga-contrib-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm
x86_64: quagga-contrib-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2011-3323.html https://www.redhat.com/security/data/cve/CVE-2011-3324.html https://www.redhat.com/security/data/cve/CVE-2011-3325.html https://www.redhat.com/security/data/cve/CVE-2011-3326.html https://www.redhat.com/security/data/cve/CVE-2011-3327.html https://www.redhat.com/security/data/cve/CVE-2012-0249.html https://www.redhat.com/security/data/cve/CVE-2012-0250.html https://www.redhat.com/security/data/cve/CVE-2012-0255.html https://www.redhat.com/security/data/cve/CVE-2012-1820.html https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFQUOxMXlSAg2UNWIIRAspnAKDCd5umtQIWFZYD8vyRPpCkAlgiwwCglw+g P4VSjxs4xRnVCtT/IOkBkKQ= =VtuC -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce. ============================================================================ Ubuntu Security Notice USN-1605-1 October 11, 2012
quagga vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
Summary:
Quagga could be made to crash if it received specially crafted network traffic.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.04 LTS: quagga 0.99.20.1-0ubuntu0.12.04.3
Ubuntu 11.10: quagga 0.99.20.1-0ubuntu0.11.10.3
Ubuntu 11.04: quagga 0.99.20.1-0ubuntu0.11.04.3
Ubuntu 10.04 LTS: quagga 0.99.20.1-0ubuntu0.10.04.3
After a standard system update you need to restart Quagga to make all the necessary changes
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201206-0262",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quagga",
"scope": "eq",
"trust": 1.9,
"vendor": "quagga",
"version": "0.99.17"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.9,
"vendor": "quagga",
"version": "0.99.11"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.9,
"vendor": "quagga",
"version": "0.99.9"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.9,
"vendor": "quagga",
"version": "0.99.8"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.9,
"vendor": "quagga",
"version": "0.99.7"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.9,
"vendor": "quagga",
"version": "0.99.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.9,
"vendor": "quagga",
"version": "0.99.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.9,
"vendor": "quagga",
"version": "0.99.1"
},
{
"model": "quagga",
"scope": "lte",
"trust": 1.8,
"vendor": "quagga",
"version": "0.99.20.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.19"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.18"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.3,
"vendor": "quagga",
"version": "0.99.16"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.3,
"vendor": "quagga",
"version": "0.99.15"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.3,
"vendor": "quagga",
"version": "0.99.14"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.3,
"vendor": "quagga",
"version": "0.99.13"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.3,
"vendor": "quagga",
"version": "0.99.12"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.3,
"vendor": "quagga",
"version": "0.99.10"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.3,
"vendor": "quagga",
"version": "0.99.6"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.3,
"vendor": "quagga",
"version": "0.99.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.3,
"vendor": "quagga",
"version": "0.99.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.0"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.0"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.6"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.20"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.95"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian gnu linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "infoblox",
"version": null
},
{
"model": "seil/b1",
"scope": "eq",
"trust": 0.8,
"vendor": "internet initiative",
"version": "3.70 to 3.75"
},
{
"model": "seil/x1",
"scope": "eq",
"trust": 0.8,
"vendor": "internet initiative",
"version": "3.70 to 3.75"
},
{
"model": "seil/x2",
"scope": "eq",
"trust": 0.8,
"vendor": "internet initiative",
"version": "3.70 to 3.75"
},
{
"model": "seil/x86",
"scope": "eq",
"trust": 0.8,
"vendor": "internet initiative",
"version": "2.20 to 2.35"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.10"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.10"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "hat enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.20.1"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#962587"
},
{
"db": "BID",
"id": "53775"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002699"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-020"
},
{
"db": "NVD",
"id": "CVE-2012-1820"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.95:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "0.99.20.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-1820"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Denis Ovsienko",
"sources": [
{
"db": "BID",
"id": "53775"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-020"
}
],
"trust": 0.9
},
"cve": "CVE-2012-1820",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/severity#"
},
"@id": "https://www.variotdbs.pl/ref/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 2.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 5.5,
"id": "CVE-2012-1820",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.8,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "ADJACENT NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 5.5,
"collateralDamagePotential": "LOW",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 5.0,
"exploitability": "FUNCTIONAL",
"exploitabilityScore": 5.1,
"id": "CVE-2012-1820",
"impactScore": 6.9,
"integrityImpact": "NONE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "OFFICIAL FIX",
"reportConfidence": "CONFIRMED",
"severity": "MEDIUM",
"targetDistribution": "HIGH",
"trust": 0.8,
"userInterationRequired": null,
"vector_string": "AV:A/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-1820",
"trust": 1.8,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2012-1820",
"trust": 0.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201206-020",
"trust": 0.6,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#962587"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002699"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-020"
},
{
"db": "NVD",
"id": "CVE-2012-1820"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering (ORF) capability TLV in an OPEN message. Quagga, a routing software suite, contains a BGP OPEN vulnerability that result in a denial-of-service condition. Quagga There is a service disruption (DoS) Vulnerabilities exist. Routing software Quagga Is bgp_capability_orf() By function BGP OPEN There is a problem with message processing and service operation is interrupted (DoS) Vulnerabilities exist.Service disruption by a remote third party (DoS) There is a possibility of being attacked. \nExploiting this issue allows remote attackers to cause the vulnerable daemon to crash, denying further service to legitimate users. \nQuagga 0.99.20.1 and prior versions are vulnerable. \n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 0.99.20.1-0+squeeze3. \n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), this problem has been fixed in version 0.99.21-3. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nQuagga \"bgp_capability_orf()\" Denial of Service Vulnerability\n\nSECUNIA ADVISORY ID:\nSA49401\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/49401/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49401\n\nRELEASE DATE:\n2012-06-08\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/49401/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/49401/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49401\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Quagga, which can be exploited\nby malicious people to cause a DoS (Denial of Service). \n\nThe vulnerability is caused due to an error in the\n\"bgp_capability_orf()\" function when parsing OPEN messages containing\nan ORF capability TLV. This can be exploited to cause a buffer\noverflow via a specially crafted packet. \n\nSuccessful exploitation requires control of a pre-configured BGP\npeer. \n\nSOLUTION:\nRestrict access to trusted BGP peers only. \n\nPROVIDED AND/OR DISCOVERED BY:\nUS-CERT credits Denis Ovsienko. \n\nORIGINAL ADVISORY:\nUS-CERT:\nhttp://www.kb.cert.org/vuls/id/962587\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. ----------------------------------------------------------------------\n\nThe final version of the CSI 6.0 has been released. This fixes a vulnerability,\nwhich can be exploited by malicious people to cause a DoS (Denial of\nService). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201310-08\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Quagga: Multiple vulnerabilities\n Date: October 10, 2013\n Bugs: #408507, #475706\n ID: 201310-08\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Quagga, the worst of which\ncould lead to arbitrary code execution. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/quagga \u003c 0.99.22.4 \u003e= 0.99.22.4\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Quagga. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker may be able to cause arbitrary code execution or a\nDenial of Service condition. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Quagga users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/quagga-0.99.22.4\"\n\nReferences\n==========\n\n[ 1 ] CVE-2012-0249\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0249\n[ 2 ] CVE-2012-0250\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0250\n[ 3 ] CVE-2012-0255\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0255\n[ 4 ] CVE-2012-1820\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1820\n[ 5 ] CVE-2013-2236\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2236\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201310-08.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2013 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: quagga security update\nAdvisory ID: RHSA-2012:1259-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2012-1259.html\nIssue date: 2012-09-12\nCVE Names: CVE-2011-3323 CVE-2011-3324 CVE-2011-3325 \n CVE-2011-3326 CVE-2011-3327 CVE-2012-0249 \n CVE-2012-0250 CVE-2012-0255 CVE-2012-1820 \n=====================================================================\n\n1. Summary:\n\nUpdated quagga packages that fix multiple security issues are now available\nfor Red Hat Enterprise Linux 6. \n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. The Quagga\nospfd and ospf6d daemons implement the OSPF (Open Shortest Path First)\nrouting protocol. \n\nA heap-based buffer overflow flaw was found in the way the bgpd daemon\nprocessed malformed Extended Communities path attributes. An attacker could\nsend a specially-crafted BGP message, causing bgpd on a target system to\ncrash or, possibly, execute arbitrary code with the privileges of the user\nrunning bgpd. The UPDATE message would have to arrive from an explicitly\nconfigured BGP peer, but could have originated elsewhere in the BGP\nnetwork. (CVE-2011-3327)\n\nA stack-based buffer overflow flaw was found in the way the ospf6d daemon\nprocessed malformed Link State Update packets. An OSPF router could use\nthis flaw to crash ospf6d on an adjacent router. (CVE-2011-3323)\n\nA flaw was found in the way the ospf6d daemon processed malformed link\nstate advertisements. An OSPF neighbor could use this flaw to crash\nospf6d on a target system. (CVE-2011-3324)\n\nA flaw was found in the way the ospfd daemon processed malformed Hello\npackets. An OSPF neighbor could use this flaw to crash ospfd on a\ntarget system. (CVE-2011-3325)\n\nA flaw was found in the way the ospfd daemon processed malformed link state\nadvertisements. An OSPF router in the autonomous system could use this flaw\nto crash ospfd on a target system. (CVE-2011-3326)\n\nAn assertion failure was found in the way the ospfd daemon processed\ncertain Link State Update packets. An OSPF router could use this flaw to\ncause ospfd on an adjacent router to abort. (CVE-2012-0249)\n\nA buffer overflow flaw was found in the way the ospfd daemon processed\ncertain Link State Update packets. An OSPF router could use this flaw to\ncrash ospfd on an adjacent router. (CVE-2012-0250)\n\nTwo flaws were found in the way the bgpd daemon processed certain BGP OPEN\nmessages. A configured BGP peer could cause bgpd on a target system to\nabort via a specially-crafted BGP OPEN message. (CVE-2012-0255,\nCVE-2012-1820)\n\nRed Hat would like to thank CERT-FI for reporting CVE-2011-3327,\nCVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326; and the\nCERT/CC for reporting CVE-2012-0249, CVE-2012-0250, CVE-2012-0255, and\nCVE-2012-1820. CERT-FI acknowledges Riku Hietam\u00e4ki, Tuomo Untinen and Jukka\nTaimisto of the Codenomicon CROSS project as the original reporters of\nCVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and\nCVE-2011-3326. The CERT/CC acknowledges Martin Winter at\nOpenSourceRouting.org as the original reporter of CVE-2012-0249,\nCVE-2012-0250, and CVE-2012-0255, and Denis Ovsienko as the original\nreporter of CVE-2012-1820. \n\nUsers of quagga should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, the bgpd, ospfd, and ospf6d daemons will be restarted\nautomatically. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm\n\ni386:\nquagga-0.99.15-7.el6_3.2.i686.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm\n\nppc64:\nquagga-0.99.15-7.el6_3.2.ppc64.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.ppc64.rpm\n\ns390x:\nquagga-0.99.15-7.el6_3.2.s390x.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.s390x.rpm\n\nx86_64:\nquagga-0.99.15-7.el6_3.2.x86_64.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm\n\ni386:\nquagga-contrib-0.99.15-7.el6_3.2.i686.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm\nquagga-devel-0.99.15-7.el6_3.2.i686.rpm\n\nppc64:\nquagga-contrib-0.99.15-7.el6_3.2.ppc64.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.ppc.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.ppc64.rpm\nquagga-devel-0.99.15-7.el6_3.2.ppc.rpm\nquagga-devel-0.99.15-7.el6_3.2.ppc64.rpm\n\ns390x:\nquagga-contrib-0.99.15-7.el6_3.2.s390x.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.s390.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.s390x.rpm\nquagga-devel-0.99.15-7.el6_3.2.s390.rpm\nquagga-devel-0.99.15-7.el6_3.2.s390x.rpm\n\nx86_64:\nquagga-contrib-0.99.15-7.el6_3.2.x86_64.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm\nquagga-devel-0.99.15-7.el6_3.2.i686.rpm\nquagga-devel-0.99.15-7.el6_3.2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm\n\ni386:\nquagga-0.99.15-7.el6_3.2.i686.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm\n\nx86_64:\nquagga-0.99.15-7.el6_3.2.x86_64.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm\n\ni386:\nquagga-contrib-0.99.15-7.el6_3.2.i686.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm\nquagga-devel-0.99.15-7.el6_3.2.i686.rpm\n\nx86_64:\nquagga-contrib-0.99.15-7.el6_3.2.x86_64.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm\nquagga-devel-0.99.15-7.el6_3.2.i686.rpm\nquagga-devel-0.99.15-7.el6_3.2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-3323.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3324.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3325.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3326.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3327.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0249.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0250.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0255.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-1820.html\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2012 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFQUOxMXlSAg2UNWIIRAspnAKDCd5umtQIWFZYD8vyRPpCkAlgiwwCglw+g\nP4VSjxs4xRnVCtT/IOkBkKQ=\n=VtuC\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce. ============================================================================\nUbuntu Security Notice USN-1605-1\nOctober 11, 2012\n\nquagga vulnerability\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 12.04 LTS\n- Ubuntu 11.10\n- Ubuntu 11.04\n- Ubuntu 10.04 LTS\n\nSummary:\n\nQuagga could be made to crash if it received specially crafted network\ntraffic. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 12.04 LTS:\n quagga 0.99.20.1-0ubuntu0.12.04.3\n\nUbuntu 11.10:\n quagga 0.99.20.1-0ubuntu0.11.10.3\n\nUbuntu 11.04:\n quagga 0.99.20.1-0ubuntu0.11.04.3\n\nUbuntu 10.04 LTS:\n quagga 0.99.20.1-0ubuntu0.10.04.3\n\nAfter a standard system update you need to restart Quagga to make all the\nnecessary changes",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-1820"
},
{
"db": "CERT/CC",
"id": "VU#962587"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002699"
},
{
"db": "BID",
"id": "53775"
},
{
"db": "PACKETSTORM",
"id": "113978"
},
{
"db": "PACKETSTORM",
"id": "113463"
},
{
"db": "PACKETSTORM",
"id": "121263"
},
{
"db": "PACKETSTORM",
"id": "117365"
},
{
"db": "PACKETSTORM",
"id": "123565"
},
{
"db": "PACKETSTORM",
"id": "116469"
},
{
"db": "PACKETSTORM",
"id": "117327"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-1820",
"trust": 4.0
},
{
"db": "CERT/CC",
"id": "VU#962587",
"trust": 3.6
},
{
"db": "BID",
"id": "53775",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "50941",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002699",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "49401",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "20678",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "20685",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201206-020",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "113978",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "113463",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "121263",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "117365",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "123565",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "116469",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "117327",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#962587"
},
{
"db": "BID",
"id": "53775"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002699"
},
{
"db": "PACKETSTORM",
"id": "113978"
},
{
"db": "PACKETSTORM",
"id": "113463"
},
{
"db": "PACKETSTORM",
"id": "121263"
},
{
"db": "PACKETSTORM",
"id": "117365"
},
{
"db": "PACKETSTORM",
"id": "123565"
},
{
"db": "PACKETSTORM",
"id": "116469"
},
{
"db": "PACKETSTORM",
"id": "117327"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-020"
},
{
"db": "NVD",
"id": "CVE-2012-1820"
}
]
},
"id": "VAR-201206-0262",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.1590909
},
"last_update_date": "2022-05-29T21:29:09.586000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-2497",
"trust": 0.8,
"url": "http://www.debian.org/security/2012/dsa-2497"
},
{
"title": "Quagga Routing Suite",
"trust": 0.8,
"url": "http://www.nongnu.org/quagga/"
},
{
"title": "RHSA-2012:1259",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2012-1259.html"
},
{
"title": "CVE-2012-1820 Denial of Service (DoS) vulnerability in Quagga",
"trust": 0.8,
"url": "http://blogs.oracle.com/sunsecurity/entry/cve_2012_1820_denial_of"
},
{
"title": "\u507d\u9020\u3055\u308c\u305fBGP\u30d1\u30b1\u30c3\u30c8\u306b\u5bfe\u3059\u308b\u53d7\u4fe1\u51e6\u7406\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "http://www.seil.jp/support/security/a01241.html"
},
{
"title": "USN-1605-1",
"trust": 0.8,
"url": "http://www.ubuntu.com/usn/usn-1605-1/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002699"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002699"
},
{
"db": "NVD",
"id": "CVE-2012-1820"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/962587"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/53775"
},
{
"trust": 1.4,
"url": "http://rhn.redhat.com/errata/rhsa-2012-1259.html"
},
{
"trust": 1.1,
"url": "http://www.ubuntu.com/usn/usn-1605-1"
},
{
"trust": 1.0,
"url": "http://www.debian.org/security/2012/dsa-2497"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/50941"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1820"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu962587/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1820"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/49401"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/20685"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/20678"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1820"
},
{
"trust": 0.3,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=kb76173"
},
{
"trust": 0.3,
"url": "http://www.quagga.net/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0250"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0255"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0249"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/psi_30_beta_launch"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49401/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49401"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49401/"
},
{
"trust": 0.1,
"url": "https://wiki.mageia.org/en/support/advisories/mgasa-2012-0133"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50941/#comments"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-1605-1/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50941/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50941"
},
{
"trust": 0.1,
"url": "http://secunia.com/blog/325/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1820"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201310-08.xml"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2236"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2236"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0249"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0250"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0255"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3323.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3325.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3323"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3324.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3326"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3325"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0255.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-1820.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3324"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3327"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0249.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0250.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/knowledge/articles/11258"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3326.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3327.html"
},
{
"trust": 0.1,
"url": "http://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/quagga/0.99.20.1-0ubuntu0.10.04.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/quagga/0.99.20.1-0ubuntu0.12.04.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/quagga/0.99.20.1-0ubuntu0.11.04.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/quagga/0.99.20.1-0ubuntu0.11.10.3"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#962587"
},
{
"db": "BID",
"id": "53775"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002699"
},
{
"db": "PACKETSTORM",
"id": "113978"
},
{
"db": "PACKETSTORM",
"id": "113463"
},
{
"db": "PACKETSTORM",
"id": "121263"
},
{
"db": "PACKETSTORM",
"id": "117365"
},
{
"db": "PACKETSTORM",
"id": "123565"
},
{
"db": "PACKETSTORM",
"id": "116469"
},
{
"db": "PACKETSTORM",
"id": "117327"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-020"
},
{
"db": "NVD",
"id": "CVE-2012-1820"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#962587"
},
{
"db": "BID",
"id": "53775"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002699"
},
{
"db": "PACKETSTORM",
"id": "113978"
},
{
"db": "PACKETSTORM",
"id": "113463"
},
{
"db": "PACKETSTORM",
"id": "121263"
},
{
"db": "PACKETSTORM",
"id": "117365"
},
{
"db": "PACKETSTORM",
"id": "123565"
},
{
"db": "PACKETSTORM",
"id": "116469"
},
{
"db": "PACKETSTORM",
"id": "117327"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-020"
},
{
"db": "NVD",
"id": "CVE-2012-1820"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-06-04T00:00:00",
"db": "CERT/CC",
"id": "VU#962587"
},
{
"date": "2012-06-04T00:00:00",
"db": "BID",
"id": "53775"
},
{
"date": "2012-06-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002699"
},
{
"date": "2012-06-21T04:39:27",
"db": "PACKETSTORM",
"id": "113978"
},
{
"date": "2012-06-11T01:01:20",
"db": "PACKETSTORM",
"id": "113463"
},
{
"date": "2013-04-11T15:44:46",
"db": "PACKETSTORM",
"id": "121263"
},
{
"date": "2012-10-15T07:09:06",
"db": "PACKETSTORM",
"id": "117365"
},
{
"date": "2013-10-10T12:14:00",
"db": "PACKETSTORM",
"id": "123565"
},
{
"date": "2012-09-12T23:06:22",
"db": "PACKETSTORM",
"id": "116469"
},
{
"date": "2012-10-12T06:07:20",
"db": "PACKETSTORM",
"id": "117327"
},
{
"date": "2012-06-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201206-020"
},
{
"date": "2012-06-13T15:55:00",
"db": "NVD",
"id": "CVE-2012-1820"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-06-11T00:00:00",
"db": "CERT/CC",
"id": "VU#962587"
},
{
"date": "2015-04-13T21:46:00",
"db": "BID",
"id": "53775"
},
{
"date": "2012-11-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002699"
},
{
"date": "2012-07-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201206-020"
},
{
"date": "2013-03-02T04:40:00",
"db": "NVD",
"id": "CVE-2012-1820"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201206-020"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Quagga BGP OPEN denial of service vulnerability",
"sources": [
{
"db": "CERT/CC",
"id": "VU#962587"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201206-020"
}
],
"trust": 0.6
}
}
var-201605-0066
Vulnerability from variot
The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to cause a denial of service (assertion failure and daemon crash) via a large BGP packet. ( Statement violations and daemon crashes ) There are vulnerabilities that are put into a state.Overly large by a third party BGP Service disruption via packets ( Statement violations and daemon crashes ) There is a possibility of being put into a state. QuaggaBGPRoutingDaemon is a collection of daemons managed by the core daemon zebra, which is mainly used to exchange routing information with peer nodes running the same routing protocol. Quagga Routing Software Suite is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause a denial-of-service condition.
Gentoo Linux Security Advisory GLSA 201701-48
https://security.gentoo.org/
Severity: Normal Title: Quagga: Multiple vulnerabilities Date: January 21, 2017 Bugs: #581526, #597410 ID: 201701-48
Synopsis
Multiple vulnerabilities have been found in Quagga, the worst of which could allow remote attackers to execute arbitrary code.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/quagga < 1.1.0-r2 >= 1.1.0-r2
Description
Multiple vulnerabilities have been discovered in Quagga. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All Quagga users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/quagga-1.1.0-r2"
References
[ 1 ] CVE-2016-1245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1245 [ 2 ] CVE-2016-4049 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4049
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201701-48
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
CVE-2016-4036
TamA!s NA(c)meth discovered that sensitive configuration files in
/etc/quagga were world-readable despite containing sensitive
information.
CVE-2016-4049
Evgeny Uskov discovered that a bgpd instance handling many peers
could be crashed by a malicious user when requesting a route dump.
For the stable distribution (jessie), these problems have been fixed in version 0.99.23.1-1+deb8u2.
We recommend that you upgrade your quagga packages.
Ubuntu Security Notice USN-3102-1 October 13, 2016
quagga vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in Quagga. A local user could use this issue to possibly obtain sensitive information. (CVE-2016-4036)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: quagga 0.99.24.1-2ubuntu1.1
Ubuntu 14.04 LTS: quagga 0.99.22.4-3ubuntu1.2
Ubuntu 12.04 LTS: quagga 0.99.20.1-0ubuntu0.12.04.5
After a standard system update you need to restart Quagga to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: quagga security and bug fix update Advisory ID: RHSA-2017:0794-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0794.html Issue date: 2017-03-21 CVE Names: CVE-2013-2236 CVE-2016-1245 CVE-2016-2342 CVE-2016-4049 CVE-2017-5495 =====================================================================
- Summary:
An update for quagga is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
- Description:
The quagga packages contain Quagga, the free network-routing software suite that manages TCP/IP based protocols. Quagga supports the BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng protocols, and is intended to be used as a Route Server and Route Reflector.
Security Fix(es):
-
A stack-based buffer overflow flaw was found in the way Quagga handled IPv6 router advertisement messages. (CVE-2016-1245)
-
A stack-based buffer overflow flaw was found in the way the Quagga BGP routing daemon (bgpd) handled Labeled-VPN SAFI routes data. (CVE-2016-2342)
-
A denial of service flaw was found in the Quagga BGP routing daemon (bgpd). (CVE-2016-4049)
-
A denial of service flaw affecting various daemons in Quagga was found. A remote attacker could use this flaw to cause the various Quagga daemons, which expose their telnet interface, to crash. (CVE-2017-5495)
-
A stack-based buffer overflow flaw was found in the way the Quagga OSPFD daemon handled LSA (link-state advertisement) packets. (CVE-2013-2236)
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the bgpd daemon must be restarted for the update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
674862 - Add missing man pages in quagga package 770731 - Interface prefix advertisement declaration prevents ospf6d from starting 839620 - /etc/sysconfig/quagga defines QCONFDIR, init scripts do not use it 842308 - quagga daemon pidfiles remain after daemons are stopped 862826 - Correct spec to add watchquagga 981124 - CVE-2013-2236 Quagga: OSPFD Potential remote code exec (stack based buffer overflow) 1316571 - CVE-2016-2342 quagga: VPNv4 NLRI parser memcpys to stack on unchecked length 1331372 - CVE-2016-4049 quagga: denial of service vulnerability in BGP routing daemon 1386109 - CVE-2016-1245 quagga: Buffer Overflow in IPv6 RA handling 1416013 - CVE-2017-5495 quagga: Telnet interface input buffer allocates unbounded amounts of memory
- Package List:
Red Hat Enterprise Linux Server (v. 6):
Source: quagga-0.99.15-14.el6.src.rpm
i386: quagga-0.99.15-14.el6.i686.rpm quagga-debuginfo-0.99.15-14.el6.i686.rpm
ppc64: quagga-0.99.15-14.el6.ppc64.rpm quagga-debuginfo-0.99.15-14.el6.ppc64.rpm
s390x: quagga-0.99.15-14.el6.s390x.rpm quagga-debuginfo-0.99.15-14.el6.s390x.rpm
x86_64: quagga-0.99.15-14.el6.x86_64.rpm quagga-debuginfo-0.99.15-14.el6.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386: quagga-contrib-0.99.15-14.el6.i686.rpm quagga-debuginfo-0.99.15-14.el6.i686.rpm quagga-devel-0.99.15-14.el6.i686.rpm
ppc64: quagga-contrib-0.99.15-14.el6.ppc64.rpm quagga-debuginfo-0.99.15-14.el6.ppc.rpm quagga-debuginfo-0.99.15-14.el6.ppc64.rpm quagga-devel-0.99.15-14.el6.ppc.rpm quagga-devel-0.99.15-14.el6.ppc64.rpm
s390x: quagga-contrib-0.99.15-14.el6.s390x.rpm quagga-debuginfo-0.99.15-14.el6.s390.rpm quagga-debuginfo-0.99.15-14.el6.s390x.rpm quagga-devel-0.99.15-14.el6.s390.rpm quagga-devel-0.99.15-14.el6.s390x.rpm
x86_64: quagga-contrib-0.99.15-14.el6.x86_64.rpm quagga-debuginfo-0.99.15-14.el6.i686.rpm quagga-debuginfo-0.99.15-14.el6.x86_64.rpm quagga-devel-0.99.15-14.el6.i686.rpm quagga-devel-0.99.15-14.el6.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: quagga-0.99.15-14.el6.src.rpm
i386: quagga-0.99.15-14.el6.i686.rpm quagga-debuginfo-0.99.15-14.el6.i686.rpm
x86_64: quagga-0.99.15-14.el6.x86_64.rpm quagga-debuginfo-0.99.15-14.el6.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386: quagga-contrib-0.99.15-14.el6.i686.rpm quagga-debuginfo-0.99.15-14.el6.i686.rpm quagga-devel-0.99.15-14.el6.i686.rpm
x86_64: quagga-contrib-0.99.15-14.el6.x86_64.rpm quagga-debuginfo-0.99.15-14.el6.i686.rpm quagga-debuginfo-0.99.15-14.el6.x86_64.rpm quagga-devel-0.99.15-14.el6.i686.rpm quagga-devel-0.99.15-14.el6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2013-2236 https://access.redhat.com/security/cve/CVE-2016-1245 https://access.redhat.com/security/cve/CVE-2016-2342 https://access.redhat.com/security/cve/CVE-2016-4049 https://access.redhat.com/security/cve/CVE-2017-5495 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFY0PZlXlSAg2UNWIIRAk04AJ9quLI5264pSVvfyo8UnOkIRLPkxgCePk5v hgFzQjA6W9PSi1maCzaBHug= =Wvx0 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201605-0066",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "opensuse",
"scope": "eq",
"trust": 1.8,
"vendor": "opensuse",
"version": "13.2"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.8,
"vendor": "opensuse",
"version": "42.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": null
},
{
"model": "quagga",
"scope": null,
"trust": 0.8,
"vendor": "quagga",
"version": null
},
{
"model": "bgp routing daemon",
"scope": null,
"trust": 0.6,
"vendor": "quagga",
"version": null
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "-0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02746"
},
{
"db": "BID",
"id": "88561"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002913"
},
{
"db": "NVD",
"id": "CVE-2016-4049"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-612"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4049"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Evgeny Uskov",
"sources": [
{
"db": "BID",
"id": "88561"
}
],
"trust": 0.3
},
"cve": "CVE-2016-4049",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-4049",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-02746",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-4049",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-4049",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2016-02746",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-612",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2016-4049",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02746"
},
{
"db": "VULMON",
"id": "CVE-2016-4049"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002913"
},
{
"db": "NVD",
"id": "CVE-2016-4049"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-612"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to cause a denial of service (assertion failure and daemon crash) via a large BGP packet. ( Statement violations and daemon crashes ) There are vulnerabilities that are put into a state.Overly large by a third party BGP Service disruption via packets ( Statement violations and daemon crashes ) There is a possibility of being put into a state. QuaggaBGPRoutingDaemon is a collection of daemons managed by the core daemon zebra, which is mainly used to exchange routing information with peer nodes running the same routing protocol. Quagga Routing Software Suite is prone to a remote denial-of-service vulnerability. \nAttackers can exploit this issue to cause a denial-of-service condition. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201701-48\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Quagga: Multiple vulnerabilities\n Date: January 21, 2017\n Bugs: #581526, #597410\n ID: 201701-48\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Quagga, the worst of which\ncould allow remote attackers to execute arbitrary code. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/quagga \u003c 1.1.0-r2 \u003e= 1.1.0-r2\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Quagga. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Quagga users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/quagga-1.1.0-r2\"\n\nReferences\n==========\n\n[ 1 ] CVE-2016-1245\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1245\n[ 2 ] CVE-2016-4049\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4049\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201701-48\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2017 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. \n\n CVE-2016-4036\n\n TamA!s NA(c)meth discovered that sensitive configuration files in\n /etc/quagga were world-readable despite containing sensitive\n information. \n\n CVE-2016-4049\n\n Evgeny Uskov discovered that a bgpd instance handling many peers\n could be crashed by a malicious user when requesting a route dump. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 0.99.23.1-1+deb8u2. \n\nWe recommend that you upgrade your quagga packages. \n===========================================================================\nUbuntu Security Notice USN-3102-1\nOctober 13, 2016\n\nquagga vulnerabilities\n===========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Quagga. A local user could use this issue to possibly\nobtain sensitive information. (CVE-2016-4036)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n quagga 0.99.24.1-2ubuntu1.1\n\nUbuntu 14.04 LTS:\n quagga 0.99.22.4-3ubuntu1.2\n\nUbuntu 12.04 LTS:\n quagga 0.99.20.1-0ubuntu0.12.04.5\n\nAfter a standard system update you need to restart Quagga to make all the\nnecessary changes. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: quagga security and bug fix update\nAdvisory ID: RHSA-2017:0794-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2017-0794.html\nIssue date: 2017-03-21\nCVE Names: CVE-2013-2236 CVE-2016-1245 CVE-2016-2342 \n CVE-2016-4049 CVE-2017-5495 \n=====================================================================\n\n1. Summary:\n\nAn update for quagga is now available for Red Hat Enterprise Linux 6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. Description:\n\nThe quagga packages contain Quagga, the free network-routing software suite\nthat manages TCP/IP based protocols. Quagga supports the BGP4, BGP4+,\nOSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng protocols, and is intended to be\nused as a Route Server and Route Reflector. \n\nSecurity Fix(es):\n\n* A stack-based buffer overflow flaw was found in the way Quagga handled\nIPv6 router advertisement messages. (CVE-2016-1245)\n\n* A stack-based buffer overflow flaw was found in the way the Quagga BGP\nrouting daemon (bgpd) handled Labeled-VPN SAFI routes data. (CVE-2016-2342)\n\n* A denial of service flaw was found in the Quagga BGP routing daemon\n(bgpd). \n(CVE-2016-4049)\n\n* A denial of service flaw affecting various daemons in Quagga was found. A\nremote attacker could use this flaw to cause the various Quagga daemons,\nwhich expose their telnet interface, to crash. (CVE-2017-5495)\n\n* A stack-based buffer overflow flaw was found in the way the Quagga OSPFD\ndaemon handled LSA (link-state advertisement) packets. (CVE-2013-2236)\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9\nTechnical Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the bgpd daemon must be restarted\nfor the update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n674862 - Add missing man pages in quagga package\n770731 - Interface prefix advertisement declaration prevents ospf6d from starting\n839620 - /etc/sysconfig/quagga defines QCONFDIR, init scripts do not use it\n842308 - quagga daemon pidfiles remain after daemons are stopped\n862826 - Correct spec to add watchquagga\n981124 - CVE-2013-2236 Quagga: OSPFD Potential remote code exec (stack based buffer overflow)\n1316571 - CVE-2016-2342 quagga: VPNv4 NLRI parser memcpys to stack on unchecked length\n1331372 - CVE-2016-4049 quagga: denial of service vulnerability in BGP routing daemon\n1386109 - CVE-2016-1245 quagga: Buffer Overflow in IPv6 RA handling\n1416013 - CVE-2017-5495 quagga: Telnet interface input buffer allocates unbounded amounts of memory\n\n6. Package List:\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nquagga-0.99.15-14.el6.src.rpm\n\ni386:\nquagga-0.99.15-14.el6.i686.rpm\nquagga-debuginfo-0.99.15-14.el6.i686.rpm\n\nppc64:\nquagga-0.99.15-14.el6.ppc64.rpm\nquagga-debuginfo-0.99.15-14.el6.ppc64.rpm\n\ns390x:\nquagga-0.99.15-14.el6.s390x.rpm\nquagga-debuginfo-0.99.15-14.el6.s390x.rpm\n\nx86_64:\nquagga-0.99.15-14.el6.x86_64.rpm\nquagga-debuginfo-0.99.15-14.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nquagga-contrib-0.99.15-14.el6.i686.rpm\nquagga-debuginfo-0.99.15-14.el6.i686.rpm\nquagga-devel-0.99.15-14.el6.i686.rpm\n\nppc64:\nquagga-contrib-0.99.15-14.el6.ppc64.rpm\nquagga-debuginfo-0.99.15-14.el6.ppc.rpm\nquagga-debuginfo-0.99.15-14.el6.ppc64.rpm\nquagga-devel-0.99.15-14.el6.ppc.rpm\nquagga-devel-0.99.15-14.el6.ppc64.rpm\n\ns390x:\nquagga-contrib-0.99.15-14.el6.s390x.rpm\nquagga-debuginfo-0.99.15-14.el6.s390.rpm\nquagga-debuginfo-0.99.15-14.el6.s390x.rpm\nquagga-devel-0.99.15-14.el6.s390.rpm\nquagga-devel-0.99.15-14.el6.s390x.rpm\n\nx86_64:\nquagga-contrib-0.99.15-14.el6.x86_64.rpm\nquagga-debuginfo-0.99.15-14.el6.i686.rpm\nquagga-debuginfo-0.99.15-14.el6.x86_64.rpm\nquagga-devel-0.99.15-14.el6.i686.rpm\nquagga-devel-0.99.15-14.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nquagga-0.99.15-14.el6.src.rpm\n\ni386:\nquagga-0.99.15-14.el6.i686.rpm\nquagga-debuginfo-0.99.15-14.el6.i686.rpm\n\nx86_64:\nquagga-0.99.15-14.el6.x86_64.rpm\nquagga-debuginfo-0.99.15-14.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nquagga-contrib-0.99.15-14.el6.i686.rpm\nquagga-debuginfo-0.99.15-14.el6.i686.rpm\nquagga-devel-0.99.15-14.el6.i686.rpm\n\nx86_64:\nquagga-contrib-0.99.15-14.el6.x86_64.rpm\nquagga-debuginfo-0.99.15-14.el6.i686.rpm\nquagga-debuginfo-0.99.15-14.el6.x86_64.rpm\nquagga-devel-0.99.15-14.el6.i686.rpm\nquagga-devel-0.99.15-14.el6.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2013-2236\nhttps://access.redhat.com/security/cve/CVE-2016-1245\nhttps://access.redhat.com/security/cve/CVE-2016-2342\nhttps://access.redhat.com/security/cve/CVE-2016-4049\nhttps://access.redhat.com/security/cve/CVE-2017-5495\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2017 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFY0PZlXlSAg2UNWIIRAk04AJ9quLI5264pSVvfyo8UnOkIRLPkxgCePk5v\nhgFzQjA6W9PSi1maCzaBHug=\n=Wvx0\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4049"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002913"
},
{
"db": "CNVD",
"id": "CNVD-2016-02746"
},
{
"db": "BID",
"id": "88561"
},
{
"db": "VULMON",
"id": "CVE-2016-4049"
},
{
"db": "PACKETSTORM",
"id": "140655"
},
{
"db": "PACKETSTORM",
"id": "138516"
},
{
"db": "PACKETSTORM",
"id": "139141"
},
{
"db": "PACKETSTORM",
"id": "141746"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4049",
"trust": 3.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2016/04/27/7",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1035699",
"trust": 1.7
},
{
"db": "BID",
"id": "88561",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002913",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2016-02746",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201604-612",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2016-4049",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "140655",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "138516",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139141",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "141746",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02746"
},
{
"db": "VULMON",
"id": "CVE-2016-4049"
},
{
"db": "BID",
"id": "88561"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002913"
},
{
"db": "PACKETSTORM",
"id": "140655"
},
{
"db": "PACKETSTORM",
"id": "138516"
},
{
"db": "PACKETSTORM",
"id": "139141"
},
{
"db": "PACKETSTORM",
"id": "141746"
},
{
"db": "NVD",
"id": "CVE-2016-4049"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-612"
}
]
},
"id": "VAR-201605-0066",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02746"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02746"
}
]
},
"last_update_date": "2023-12-18T11:11:43.887000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "openSUSE-SU-2016:1313",
"trust": 0.8,
"url": "https://lists.opensuse.org/opensuse-updates/2016-05/msg00062.html"
},
{
"title": "[quagga-dev 14663] Re: SIGABRT while dumping BGP routes (bgpd)",
"trust": 0.8,
"url": "https://lists.quagga.net/pipermail/quagga-dev/2016-february/014743.html"
},
{
"title": "[quagga-dev 14619] SIGABRT while dumping BGP routes (bgpd)",
"trust": 0.8,
"url": "https://lists.quagga.net/pipermail/quagga-dev/2016-january/014699.html"
},
{
"title": "QuaggaBGP routing daemon denial of service vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/75159"
},
{
"title": "Quagga BGP Routing Daemon bgpd Remediation measures for denial of service vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=61295"
},
{
"title": "Red Hat: Moderate: quagga security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20170794 - security advisory"
},
{
"title": "Debian CVElist Bug Report Logs: quagga: CVE-2016-4036",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=c16b6e7089363c3de291b7e1ef096c9a"
},
{
"title": "Ubuntu Security Notice: quagga vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3102-1"
},
{
"title": "Debian CVElist Bug Report Logs: quagga: CVE-2016-4049: Missing size check in bgp_dump_routes_func in bgpd/bgp_dump.c allowing DoS",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=30eec4160a2a64aad317788e1bc18099"
},
{
"title": "Debian Security Advisories: DSA-3654-1 quagga -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=3e485be4fcb5a42b517f0b1c724524d9"
},
{
"title": "Red Hat: CVE-2016-4049",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-4049"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=a2bac27fb002bed513645d4775c7275b"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - April 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=d78b3379ca364568964f30138964c7e7"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02746"
},
{
"db": "VULMON",
"id": "CVE-2016-4049"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002913"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-612"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002913"
},
{
"db": "NVD",
"id": "CVE-2016-4049"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://lists.quagga.net/pipermail/quagga-dev/2016-february/014743.html"
},
{
"trust": 2.0,
"url": "https://lists.quagga.net/pipermail/quagga-dev/2016-january/014699.html"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2016/04/27/7"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00062.html"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1035699"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/88561"
},
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/201701-48"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2017-0794.html"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2016/dsa-3654"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4049"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4049"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4049"
},
{
"trust": 0.3,
"url": "http://www.quagga.net/"
},
{
"trust": 0.3,
"url": "http://seclists.org/oss-sec/2016/q2/152"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1245"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4036"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2017:0794"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/3102-1/"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4049"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1245"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/quagga/0.99.22.4-3ubuntu1.2"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-3102-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/quagga/0.99.20.1-0ubuntu0.12.04.5"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/quagga/0.99.24.1-2ubuntu1.1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4049"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2236"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5495"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1245"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-5495"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2342"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2013-2236"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-2342"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02746"
},
{
"db": "VULMON",
"id": "CVE-2016-4049"
},
{
"db": "BID",
"id": "88561"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002913"
},
{
"db": "PACKETSTORM",
"id": "140655"
},
{
"db": "PACKETSTORM",
"id": "138516"
},
{
"db": "PACKETSTORM",
"id": "139141"
},
{
"db": "PACKETSTORM",
"id": "141746"
},
{
"db": "NVD",
"id": "CVE-2016-4049"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-612"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-02746"
},
{
"db": "VULMON",
"id": "CVE-2016-4049"
},
{
"db": "BID",
"id": "88561"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002913"
},
{
"db": "PACKETSTORM",
"id": "140655"
},
{
"db": "PACKETSTORM",
"id": "138516"
},
{
"db": "PACKETSTORM",
"id": "139141"
},
{
"db": "PACKETSTORM",
"id": "141746"
},
{
"db": "NVD",
"id": "CVE-2016-4049"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-612"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02746"
},
{
"date": "2016-05-23T00:00:00",
"db": "VULMON",
"id": "CVE-2016-4049"
},
{
"date": "2016-04-27T00:00:00",
"db": "BID",
"id": "88561"
},
{
"date": "2016-05-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002913"
},
{
"date": "2017-01-21T15:17:02",
"db": "PACKETSTORM",
"id": "140655"
},
{
"date": "2016-08-26T13:14:00",
"db": "PACKETSTORM",
"id": "138516"
},
{
"date": "2016-10-13T19:35:43",
"db": "PACKETSTORM",
"id": "139141"
},
{
"date": "2017-03-21T14:49:53",
"db": "PACKETSTORM",
"id": "141746"
},
{
"date": "2016-05-23T19:59:07.947000",
"db": "NVD",
"id": "CVE-2016-4049"
},
{
"date": "2016-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-612"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02746"
},
{
"date": "2018-10-30T00:00:00",
"db": "VULMON",
"id": "CVE-2016-4049"
},
{
"date": "2017-04-04T00:02:00",
"db": "BID",
"id": "88561"
},
{
"date": "2016-05-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002913"
},
{
"date": "2018-10-30T16:27:35.843000",
"db": "NVD",
"id": "CVE-2016-4049"
},
{
"date": "2016-05-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-612"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "140655"
},
{
"db": "PACKETSTORM",
"id": "141746"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-612"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Quagga of bgpd/bgp_dump.c of bgp_dump_routes_func Service disruption in functions (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002913"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-612"
}
],
"trust": 0.6
}
}
var-201204-0160
Vulnerability from variot
Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (daemon crash) via a Link State Update (aka LS Update) packet containing a network-LSA link-state advertisement for which the data-structure length is smaller than the value in the Length header field. Quagga, a routing software suite, contains multiple vulnerabilities that result in a denial-of-service condition. Quagga is prone to multiple remote security vulnerabilities including: 1. A denial-of-service vulnerability 2. Multiple buffer-overflow vulnerabilities An attackers can exploit these issues to execute arbitrary code in the context of the application or cause denial-of-service conditions. Quagga versions prior to 0.99.20.1 are vulnerable. ============================================================================ Ubuntu Security Notice USN-1441-1 May 15, 2012
quagga vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
Summary:
Quagga could be made to crash if it received specially crafted network traffic. (CVE-2012-0249, CVE-2012-0250)
It was discovered that Quagga incorrectly handled messages with a malformed Four-octet AS Number Capability. After a standard system update you need to restart Quagga to make all the necessary changes. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: Debian update for quagga
SECUNIA ADVISORY ID: SA48949
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48949/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48949
RELEASE DATE: 2012-04-26
DISCUSS ADVISORY: http://secunia.com/advisories/48949/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/48949/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48949
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Debian has issued an update for quagga. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
For more information: SA48388
SOLUTION: Apply updated packages via the apt-get package manager.
ORIGINAL ADVISORY: DSA-2459-1: http://lists.debian.org/debian-security-announce/2012/msg00092.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201310-08
http://security.gentoo.org/
Severity: Normal Title: Quagga: Multiple vulnerabilities Date: October 10, 2013 Bugs: #408507, #475706 ID: 201310-08
Synopsis
Multiple vulnerabilities have been found in Quagga, the worst of which could lead to arbitrary code execution. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All Quagga users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/quagga-0.99.22.4"
References
[ 1 ] CVE-2012-0249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0249 [ 2 ] CVE-2012-0250 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0250 [ 3 ] CVE-2012-0255 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0255 [ 4 ] CVE-2012-1820 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1820 [ 5 ] CVE-2013-2236 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2236
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201310-08.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: quagga security update Advisory ID: RHSA-2012:1259-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1259.html Issue date: 2012-09-12 CVE Names: CVE-2011-3323 CVE-2011-3324 CVE-2011-3325 CVE-2011-3326 CVE-2011-3327 CVE-2012-0249 CVE-2012-0250 CVE-2012-0255 CVE-2012-1820 =====================================================================
- Summary:
Updated quagga packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
- The Quagga bgpd daemon implements the BGP (Border Gateway Protocol) routing protocol. The Quagga ospfd and ospf6d daemons implement the OSPF (Open Shortest Path First) routing protocol.
A heap-based buffer overflow flaw was found in the way the bgpd daemon processed malformed Extended Communities path attributes. An attacker could send a specially-crafted BGP message, causing bgpd on a target system to crash or, possibly, execute arbitrary code with the privileges of the user running bgpd. The UPDATE message would have to arrive from an explicitly configured BGP peer, but could have originated elsewhere in the BGP network. (CVE-2011-3327)
A stack-based buffer overflow flaw was found in the way the ospf6d daemon processed malformed Link State Update packets. An OSPF router could use this flaw to crash ospf6d on an adjacent router. (CVE-2011-3323)
A flaw was found in the way the ospf6d daemon processed malformed link state advertisements. An OSPF neighbor could use this flaw to crash ospf6d on a target system. (CVE-2011-3324)
A flaw was found in the way the ospfd daemon processed malformed Hello packets. An OSPF neighbor could use this flaw to crash ospfd on a target system. (CVE-2011-3325)
A flaw was found in the way the ospfd daemon processed malformed link state advertisements. An OSPF router in the autonomous system could use this flaw to crash ospfd on a target system. (CVE-2011-3326)
An assertion failure was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to cause ospfd on an adjacent router to abort. (CVE-2012-0249)
A buffer overflow flaw was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to crash ospfd on an adjacent router. (CVE-2012-0250)
Two flaws were found in the way the bgpd daemon processed certain BGP OPEN messages. A configured BGP peer could cause bgpd on a target system to abort via a specially-crafted BGP OPEN message. (CVE-2012-0255, CVE-2012-1820)
Red Hat would like to thank CERT-FI for reporting CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326; and the CERT/CC for reporting CVE-2012-0249, CVE-2012-0250, CVE-2012-0255, and CVE-2012-1820. CERT-FI acknowledges Riku Hietamäki, Tuomo Untinen and Jukka Taimisto of the Codenomicon CROSS project as the original reporters of CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326. The CERT/CC acknowledges Martin Winter at OpenSourceRouting.org as the original reporter of CVE-2012-0249, CVE-2012-0250, and CVE-2012-0255, and Denis Ovsienko as the original reporter of CVE-2012-1820.
Users of quagga should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the bgpd, ospfd, and ospf6d daemons will be restarted automatically.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258
- Package List:
Red Hat Enterprise Linux Server (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm
i386: quagga-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm
ppc64: quagga-0.99.15-7.el6_3.2.ppc64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.ppc64.rpm
s390x: quagga-0.99.15-7.el6_3.2.s390x.rpm quagga-debuginfo-0.99.15-7.el6_3.2.s390x.rpm
x86_64: quagga-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm
i386: quagga-contrib-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm
ppc64: quagga-contrib-0.99.15-7.el6_3.2.ppc64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.ppc.rpm quagga-debuginfo-0.99.15-7.el6_3.2.ppc64.rpm quagga-devel-0.99.15-7.el6_3.2.ppc.rpm quagga-devel-0.99.15-7.el6_3.2.ppc64.rpm
s390x: quagga-contrib-0.99.15-7.el6_3.2.s390x.rpm quagga-debuginfo-0.99.15-7.el6_3.2.s390.rpm quagga-debuginfo-0.99.15-7.el6_3.2.s390x.rpm quagga-devel-0.99.15-7.el6_3.2.s390.rpm quagga-devel-0.99.15-7.el6_3.2.s390x.rpm
x86_64: quagga-contrib-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm
i386: quagga-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm
x86_64: quagga-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm
i386: quagga-contrib-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm
x86_64: quagga-contrib-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2011-3323.html https://www.redhat.com/security/data/cve/CVE-2011-3324.html https://www.redhat.com/security/data/cve/CVE-2011-3325.html https://www.redhat.com/security/data/cve/CVE-2011-3326.html https://www.redhat.com/security/data/cve/CVE-2011-3327.html https://www.redhat.com/security/data/cve/CVE-2012-0249.html https://www.redhat.com/security/data/cve/CVE-2012-0250.html https://www.redhat.com/security/data/cve/CVE-2012-0255.html https://www.redhat.com/security/data/cve/CVE-2012-1820.html https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFQUOxMXlSAg2UNWIIRAspnAKDCd5umtQIWFZYD8vyRPpCkAlgiwwCglw+g P4VSjxs4xRnVCtT/IOkBkKQ= =VtuC -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce.
This security update upgrades the quagga package to the most recent upstream release. This release includes other corrections, such as hardening against unknown BGP path attributes.
For the stable distribution (squeeze), these problems have been fixed in version 0.99.20.1-0+squeeze1.
For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 0.99.20.1-1
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201204-0160",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.17"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.12"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.19"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.13"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.14"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.11"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.15"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.18"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.16"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.8"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.10"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.7"
},
{
"model": "quagga",
"scope": "lte",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.20"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.6"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.9"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "quagga",
"version": null
},
{
"model": "quagga",
"scope": "lt",
"trust": 0.8,
"vendor": "quagga",
"version": "0.99.20.1"
},
{
"model": "seil/b1",
"scope": "eq",
"trust": 0.8,
"vendor": "internet initiative",
"version": "1.00 to 3.70"
},
{
"model": "seil/neu 2fe plus",
"scope": "eq",
"trust": 0.8,
"vendor": "internet initiative",
"version": "1.00 to 2.13"
},
{
"model": "seil/turbo",
"scope": "eq",
"trust": 0.8,
"vendor": "internet initiative",
"version": "1.00 to 2.13"
},
{
"model": "seil/x1",
"scope": "eq",
"trust": 0.8,
"vendor": "internet initiative",
"version": "1.00 to 3.70"
},
{
"model": "seil/x2",
"scope": "eq",
"trust": 0.8,
"vendor": "internet initiative",
"version": "1.00 to 3.70"
},
{
"model": "seil/x86",
"scope": "eq",
"trust": 0.8,
"vendor": "internet initiative",
"version": "1.70 to 2.31"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.6,
"vendor": "quagga",
"version": "0.99.20"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.10"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.10"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.19"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.17"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.16"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.15"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.11"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.9"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.8"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.7"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.6"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.5"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.4"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.3"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.2"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.1"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.6"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.5"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.3"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.97.3"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.4"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.3"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.2"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5"
},
{
"model": "firewall enterprise 8.2.1p03",
"scope": null,
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "firewall enterprise 7.0.1.03h04",
"scope": null,
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "routing software suite",
"scope": "ne",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.20.1"
},
{
"model": "firewall enterprise 8.2.1p04",
"scope": "ne",
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "firewall enterprise 7.0.1.05.h05",
"scope": "ne",
"trust": 0.3,
"vendor": "mcafee",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#551715"
},
{
"db": "BID",
"id": "52531"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002005"
},
{
"db": "NVD",
"id": "CVE-2012-0250"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-067"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "0.99.20",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-0250"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MU Dynamics.",
"sources": [
{
"db": "BID",
"id": "52531"
}
],
"trust": 0.3
},
"cve": "CVE-2012-0250",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "ADJACENT NETWORK",
"authentication": "NONE",
"author": "CARNEGIE MELLON",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 6.1,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 4.8,
"exploitability": "PROOF-OF-CONCEPT",
"exploitabilityScore": 6.5,
"id": "VU#551715",
"impactScore": 6.9,
"integrityImpact": "NONE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "OFFICIAL FIX",
"reportConfidence": "CONFIRMED",
"severity": "MEDIUM",
"targetDistribution": "NOT DEFINED",
"trust": 0.8,
"userInterationRequired": null,
"vector_string": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 3.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2012-0250",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-0250",
"trust": 1.8,
"value": "LOW"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#551715",
"trust": 0.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201204-067",
"trust": 0.6,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#551715"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002005"
},
{
"db": "NVD",
"id": "CVE-2012-0250"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-067"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (daemon crash) via a Link State Update (aka LS Update) packet containing a network-LSA link-state advertisement for which the data-structure length is smaller than the value in the Length header field. Quagga, a routing software suite, contains multiple vulnerabilities that result in a denial-of-service condition. Quagga is prone to multiple remote security vulnerabilities including:\n1. A denial-of-service vulnerability\n2. Multiple buffer-overflow vulnerabilities\nAn attackers can exploit these issues to execute arbitrary code in the context of the application or cause denial-of-service conditions. \nQuagga versions prior to 0.99.20.1 are vulnerable. ============================================================================\nUbuntu Security Notice USN-1441-1\nMay 15, 2012\n\nquagga vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 12.04 LTS\n- Ubuntu 11.10\n- Ubuntu 11.04\n- Ubuntu 10.04 LTS\n\nSummary:\n\nQuagga could be made to crash if it received specially crafted network\ntraffic. (CVE-2012-0249,\nCVE-2012-0250)\n\nIt was discovered that Quagga incorrectly handled messages with a malformed\nFour-octet AS Number Capability. After a standard system update you need to restart Quagga to make\nall the necessary changes. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nDebian update for quagga\n\nSECUNIA ADVISORY ID:\nSA48949\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/48949/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48949\n\nRELEASE DATE:\n2012-04-26\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/48949/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/48949/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48949\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nDebian has issued an update for quagga. This fixes multiple\nvulnerabilities, which can be exploited by malicious people to cause\na DoS (Denial of Service). \n\nFor more information:\nSA48388\n\nSOLUTION:\nApply updated packages via the apt-get package manager. \n\nORIGINAL ADVISORY:\nDSA-2459-1:\nhttp://lists.debian.org/debian-security-announce/2012/msg00092.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201310-08\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Quagga: Multiple vulnerabilities\n Date: October 10, 2013\n Bugs: #408507, #475706\n ID: 201310-08\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Quagga, the worst of which\ncould lead to arbitrary code execution. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Quagga users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/quagga-0.99.22.4\"\n\nReferences\n==========\n\n[ 1 ] CVE-2012-0249\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0249\n[ 2 ] CVE-2012-0250\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0250\n[ 3 ] CVE-2012-0255\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0255\n[ 4 ] CVE-2012-1820\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1820\n[ 5 ] CVE-2013-2236\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2236\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201310-08.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2013 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: quagga security update\nAdvisory ID: RHSA-2012:1259-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2012-1259.html\nIssue date: 2012-09-12\nCVE Names: CVE-2011-3323 CVE-2011-3324 CVE-2011-3325 \n CVE-2011-3326 CVE-2011-3327 CVE-2012-0249 \n CVE-2012-0250 CVE-2012-0255 CVE-2012-1820 \n=====================================================================\n\n1. Summary:\n\nUpdated quagga packages that fix multiple security issues are now available\nfor Red Hat Enterprise Linux 6. \n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. The Quagga bgpd daemon\nimplements the BGP (Border Gateway Protocol) routing protocol. The Quagga\nospfd and ospf6d daemons implement the OSPF (Open Shortest Path First)\nrouting protocol. \n\nA heap-based buffer overflow flaw was found in the way the bgpd daemon\nprocessed malformed Extended Communities path attributes. An attacker could\nsend a specially-crafted BGP message, causing bgpd on a target system to\ncrash or, possibly, execute arbitrary code with the privileges of the user\nrunning bgpd. The UPDATE message would have to arrive from an explicitly\nconfigured BGP peer, but could have originated elsewhere in the BGP\nnetwork. (CVE-2011-3327)\n\nA stack-based buffer overflow flaw was found in the way the ospf6d daemon\nprocessed malformed Link State Update packets. An OSPF router could use\nthis flaw to crash ospf6d on an adjacent router. (CVE-2011-3323)\n\nA flaw was found in the way the ospf6d daemon processed malformed link\nstate advertisements. An OSPF neighbor could use this flaw to crash\nospf6d on a target system. (CVE-2011-3324)\n\nA flaw was found in the way the ospfd daemon processed malformed Hello\npackets. An OSPF neighbor could use this flaw to crash ospfd on a\ntarget system. (CVE-2011-3325)\n\nA flaw was found in the way the ospfd daemon processed malformed link state\nadvertisements. An OSPF router in the autonomous system could use this flaw\nto crash ospfd on a target system. (CVE-2011-3326)\n\nAn assertion failure was found in the way the ospfd daemon processed\ncertain Link State Update packets. An OSPF router could use this flaw to\ncause ospfd on an adjacent router to abort. (CVE-2012-0249)\n\nA buffer overflow flaw was found in the way the ospfd daemon processed\ncertain Link State Update packets. An OSPF router could use this flaw to\ncrash ospfd on an adjacent router. (CVE-2012-0250)\n\nTwo flaws were found in the way the bgpd daemon processed certain BGP OPEN\nmessages. A configured BGP peer could cause bgpd on a target system to\nabort via a specially-crafted BGP OPEN message. (CVE-2012-0255,\nCVE-2012-1820)\n\nRed Hat would like to thank CERT-FI for reporting CVE-2011-3327,\nCVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326; and the\nCERT/CC for reporting CVE-2012-0249, CVE-2012-0250, CVE-2012-0255, and\nCVE-2012-1820. CERT-FI acknowledges Riku Hietam\u00e4ki, Tuomo Untinen and Jukka\nTaimisto of the Codenomicon CROSS project as the original reporters of\nCVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and\nCVE-2011-3326. The CERT/CC acknowledges Martin Winter at\nOpenSourceRouting.org as the original reporter of CVE-2012-0249,\nCVE-2012-0250, and CVE-2012-0255, and Denis Ovsienko as the original\nreporter of CVE-2012-1820. \n\nUsers of quagga should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, the bgpd, ospfd, and ospf6d daemons will be restarted\nautomatically. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm\n\ni386:\nquagga-0.99.15-7.el6_3.2.i686.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm\n\nppc64:\nquagga-0.99.15-7.el6_3.2.ppc64.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.ppc64.rpm\n\ns390x:\nquagga-0.99.15-7.el6_3.2.s390x.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.s390x.rpm\n\nx86_64:\nquagga-0.99.15-7.el6_3.2.x86_64.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm\n\ni386:\nquagga-contrib-0.99.15-7.el6_3.2.i686.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm\nquagga-devel-0.99.15-7.el6_3.2.i686.rpm\n\nppc64:\nquagga-contrib-0.99.15-7.el6_3.2.ppc64.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.ppc.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.ppc64.rpm\nquagga-devel-0.99.15-7.el6_3.2.ppc.rpm\nquagga-devel-0.99.15-7.el6_3.2.ppc64.rpm\n\ns390x:\nquagga-contrib-0.99.15-7.el6_3.2.s390x.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.s390.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.s390x.rpm\nquagga-devel-0.99.15-7.el6_3.2.s390.rpm\nquagga-devel-0.99.15-7.el6_3.2.s390x.rpm\n\nx86_64:\nquagga-contrib-0.99.15-7.el6_3.2.x86_64.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm\nquagga-devel-0.99.15-7.el6_3.2.i686.rpm\nquagga-devel-0.99.15-7.el6_3.2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm\n\ni386:\nquagga-0.99.15-7.el6_3.2.i686.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm\n\nx86_64:\nquagga-0.99.15-7.el6_3.2.x86_64.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm\n\ni386:\nquagga-contrib-0.99.15-7.el6_3.2.i686.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm\nquagga-devel-0.99.15-7.el6_3.2.i686.rpm\n\nx86_64:\nquagga-contrib-0.99.15-7.el6_3.2.x86_64.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm\nquagga-devel-0.99.15-7.el6_3.2.i686.rpm\nquagga-devel-0.99.15-7.el6_3.2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-3323.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3324.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3325.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3326.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3327.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0249.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0250.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0255.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-1820.html\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2012 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFQUOxMXlSAg2UNWIIRAspnAKDCd5umtQIWFZYD8vyRPpCkAlgiwwCglw+g\nP4VSjxs4xRnVCtT/IOkBkKQ=\n=VtuC\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce. \n\nThis security update upgrades the quagga package to the most recent\nupstream release. This release includes other corrections, such as\nhardening against unknown BGP path attributes. \n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 0.99.20.1-0+squeeze1. \n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 0.99.20.1-1",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-0250"
},
{
"db": "CERT/CC",
"id": "VU#551715"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002005"
},
{
"db": "BID",
"id": "52531"
},
{
"db": "PACKETSTORM",
"id": "112732"
},
{
"db": "PACKETSTORM",
"id": "112206"
},
{
"db": "PACKETSTORM",
"id": "116468"
},
{
"db": "PACKETSTORM",
"id": "123565"
},
{
"db": "PACKETSTORM",
"id": "116469"
},
{
"db": "PACKETSTORM",
"id": "112209"
}
],
"trust": 3.15
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#551715",
"trust": 3.2
},
{
"db": "NVD",
"id": "CVE-2012-0250",
"trust": 3.2
},
{
"db": "SECUNIA",
"id": "48949",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002005",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "20681",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "20685",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201204-067",
"trust": 0.6
},
{
"db": "BID",
"id": "52531",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "112732",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "112206",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "116468",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "123565",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "116469",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "112209",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#551715"
},
{
"db": "BID",
"id": "52531"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002005"
},
{
"db": "PACKETSTORM",
"id": "112732"
},
{
"db": "PACKETSTORM",
"id": "112206"
},
{
"db": "PACKETSTORM",
"id": "116468"
},
{
"db": "PACKETSTORM",
"id": "123565"
},
{
"db": "PACKETSTORM",
"id": "116469"
},
{
"db": "PACKETSTORM",
"id": "112209"
},
{
"db": "NVD",
"id": "CVE-2012-0250"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-067"
}
]
},
"id": "VAR-201204-0160",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.25897437
},
"last_update_date": "2023-12-18T11:25:00.732000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FEDORA-2012-5436",
"trust": 0.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-april/078926.html"
},
{
"title": "FEDORA-2012-5411",
"trust": 0.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-april/078910.html"
},
{
"title": "FEDORA-2012-5352",
"trust": 0.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-april/078794.html"
},
{
"title": "Bug 705",
"trust": 0.8,
"url": "https://bugzilla.quagga.net/show_bug.cgi?id=705"
},
{
"title": "Quagga Routing Suite",
"trust": 0.8,
"url": "http://www.nongnu.org/quagga/"
},
{
"title": "RHSA-2012:1258",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2012-1258.html"
},
{
"title": "RHSA-2012:1259",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2012-1259.html"
},
{
"title": "Multiple Vulnerabilities in Quagga",
"trust": 0.8,
"url": "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_quagga"
},
{
"title": "\u507d\u88c5\u3055\u308c\u305fOSPFv2\u30d1\u30b1\u30c3\u30c8\u306b\u5bfe\u3059\u308b\u53d7\u4fe1\u51e6\u7406\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "http://www.seil.jp/support/security/a01221.html"
},
{
"title": "quagga-0.99.20.1",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=42854"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002005"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-067"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002005"
},
{
"db": "NVD",
"id": "CVE-2012-0250"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.kb.cert.org/vuls/id/551715"
},
{
"trust": 1.4,
"url": "http://rhn.redhat.com/errata/rhsa-2012-1258.html"
},
{
"trust": 1.4,
"url": "http://rhn.redhat.com/errata/rhsa-2012-1259.html"
},
{
"trust": 1.1,
"url": "http://www.nongnu.org/quagga/"
},
{
"trust": 1.0,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-april/078794.html"
},
{
"trust": 1.0,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-april/078910.html"
},
{
"trust": 1.0,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-april/078926.html"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/48949"
},
{
"trust": 1.0,
"url": "http://www.debian.org/security/2012/dsa-2459"
},
{
"trust": 0.8,
"url": "https://bugzilla.quagga.net/show_bug.cgi?id=705"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0250"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu551715/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0250"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/20685"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/20681"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0250"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0249"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0255"
},
{
"trust": 0.3,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=kb76173"
},
{
"trust": 0.3,
"url": "http://savannah.nongnu.org/forum/forum.php?forum_id=7151"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3323.html"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3325.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3323"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3324.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3326"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3325"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3324"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3327"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0249.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0250.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/knowledge/articles/11258"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3326.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3327.html"
},
{
"trust": 0.2,
"url": "http://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1820"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/quagga/0.99.20.1-0ubuntu0.10.04.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/quagga/0.99.20.1-0ubuntu0.11.04.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/quagga/0.99.20.1-0ubuntu0.11.10.2"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-1441-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/quagga/0.99.20.1-0ubuntu0.12.04.2"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48949"
},
{
"trust": 0.1,
"url": "http://lists.debian.org/debian-security-announce/2012/msg00092.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/psi_30_beta_launch"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48949/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48949/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2010-1674.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1674"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1820"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201310-08.xml"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2236"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2236"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0249"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0250"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0255"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0255.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-1820.html"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#551715"
},
{
"db": "BID",
"id": "52531"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002005"
},
{
"db": "PACKETSTORM",
"id": "112732"
},
{
"db": "PACKETSTORM",
"id": "112206"
},
{
"db": "PACKETSTORM",
"id": "116468"
},
{
"db": "PACKETSTORM",
"id": "123565"
},
{
"db": "PACKETSTORM",
"id": "116469"
},
{
"db": "PACKETSTORM",
"id": "112209"
},
{
"db": "NVD",
"id": "CVE-2012-0250"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-067"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#551715"
},
{
"db": "BID",
"id": "52531"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002005"
},
{
"db": "PACKETSTORM",
"id": "112732"
},
{
"db": "PACKETSTORM",
"id": "112206"
},
{
"db": "PACKETSTORM",
"id": "116468"
},
{
"db": "PACKETSTORM",
"id": "123565"
},
{
"db": "PACKETSTORM",
"id": "116469"
},
{
"db": "PACKETSTORM",
"id": "112209"
},
{
"db": "NVD",
"id": "CVE-2012-0250"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-067"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-03-23T00:00:00",
"db": "CERT/CC",
"id": "VU#551715"
},
{
"date": "2012-03-16T00:00:00",
"db": "BID",
"id": "52531"
},
{
"date": "2012-04-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002005"
},
{
"date": "2012-05-15T21:57:44",
"db": "PACKETSTORM",
"id": "112732"
},
{
"date": "2012-04-26T01:55:38",
"db": "PACKETSTORM",
"id": "112206"
},
{
"date": "2012-09-12T23:06:05",
"db": "PACKETSTORM",
"id": "116468"
},
{
"date": "2013-10-10T12:14:00",
"db": "PACKETSTORM",
"id": "123565"
},
{
"date": "2012-09-12T23:06:22",
"db": "PACKETSTORM",
"id": "116469"
},
{
"date": "2012-04-26T21:55:46",
"db": "PACKETSTORM",
"id": "112209"
},
{
"date": "2012-04-05T13:25:30.583000",
"db": "NVD",
"id": "CVE-2012-0250"
},
{
"date": "2012-04-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201204-067"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-03-28T00:00:00",
"db": "CERT/CC",
"id": "VU#551715"
},
{
"date": "2015-04-13T21:16:00",
"db": "BID",
"id": "52531"
},
{
"date": "2012-10-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002005"
},
{
"date": "2018-01-18T02:29:02.817000",
"db": "NVD",
"id": "CVE-2012-0250"
},
{
"date": "2012-04-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201204-067"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201204-067"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Quagga contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#551715"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201204-067"
}
],
"trust": 0.6
}
}
var-201110-0450
Vulnerability from variot
The OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a denial of service (out-of-bounds memory access and daemon crash) via a Link State Update message with an invalid IPv6 prefix length. Quagga contains five remote component vulnerabilities due to issues when handling BGP, OSPF, and OSPFv3 packets. A buffer overflow vulnerability 2. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All Quagga users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/quagga-0.99.20 "
References
[ 1 ] CVE-2010-1674 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1674 [ 2 ] CVE-2010-1675 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1675 [ 3 ] CVE-2010-2948 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2948 [ 4 ] CVE-2010-2949 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2949 [ 5 ] CVE-2011-3323 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3323 [ 6 ] CVE-2011-3324 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3324 [ 7 ] CVE-2011-3325 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3325 [ 8 ] CVE-2011-3326 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3326 [ 9 ] CVE-2011-3327 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3327
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201202-02.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-1261-1 November 14, 2011
quagga vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
Summary:
Quagga could be made to crash or run programs if it received specially crafted network traffic. (CVE-2011-3323)
Riku Hietamäki, Tuomo Untinen and Jukka Taimisto discovered that Quagga incorrectly handled certain IPv6 Database Description messages. (CVE-2011-3324)
Riku Hietamäki, Tuomo Untinen and Jukka Taimisto discovered that Quagga incorrectly handled certain IPv4 packets. (CVE-2011-3325)
Riku Hietamäki, Tuomo Untinen and Jukka Taimisto discovered that Quagga incorrectly handled invalid Link State Advertisement (LSA) types. (CVE-2011-3327)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 11.10: quagga 0.99.18-2ubuntu0.1
Ubuntu 11.04: quagga 0.99.17-4ubuntu1.1
Ubuntu 10.10: quagga 0.99.17-1ubuntu0.2
Ubuntu 10.04 LTS: quagga 0.99.15-1ubuntu0.3
In general, a standard system update will make all the necessary changes.
CVE-2011-3324 The ospf6d process can crash while processing a Database Description packet with a crafted Link-State-Advertisement.
CVE-2011-3325 The ospfd process can crash while processing a crafted Hello packet.
CVE-2011-3326 The ospfd process crashes while processing Link-State-Advertisements of a type not known to Quagga.
The OSPF-related vulnerabilities require that potential attackers send packets to a vulnerable Quagga router; the packets are not distributed over OSPF.
For the oldstable distribution (lenny), these problems have been fixed in version 0.99.10-1lenny6.
For the stable distribution (squeeze), these problems have been fixed in version 0.99.17-2+squeeze3.
For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 0.99.19-1. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: quagga security update Advisory ID: RHSA-2012:1259-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1259.html Issue date: 2012-09-12 CVE Names: CVE-2011-3323 CVE-2011-3324 CVE-2011-3325 CVE-2011-3326 CVE-2011-3327 CVE-2012-0249 CVE-2012-0250 CVE-2012-0255 CVE-2012-1820 =====================================================================
- Summary:
Updated quagga packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
- Description:
Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP (Border Gateway Protocol) routing protocol. The Quagga ospfd and ospf6d daemons implement the OSPF (Open Shortest Path First) routing protocol.
A heap-based buffer overflow flaw was found in the way the bgpd daemon processed malformed Extended Communities path attributes. An attacker could send a specially-crafted BGP message, causing bgpd on a target system to crash or, possibly, execute arbitrary code with the privileges of the user running bgpd. The UPDATE message would have to arrive from an explicitly configured BGP peer, but could have originated elsewhere in the BGP network. (CVE-2011-3327)
A stack-based buffer overflow flaw was found in the way the ospf6d daemon processed malformed Link State Update packets. An OSPF router could use this flaw to crash ospf6d on an adjacent router. (CVE-2011-3323)
A flaw was found in the way the ospf6d daemon processed malformed link state advertisements. An OSPF neighbor could use this flaw to crash ospf6d on a target system. (CVE-2011-3324)
A flaw was found in the way the ospfd daemon processed malformed Hello packets. An OSPF neighbor could use this flaw to crash ospfd on a target system. (CVE-2011-3325)
A flaw was found in the way the ospfd daemon processed malformed link state advertisements. An OSPF router in the autonomous system could use this flaw to crash ospfd on a target system. (CVE-2011-3326)
An assertion failure was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to cause ospfd on an adjacent router to abort. (CVE-2012-0249)
A buffer overflow flaw was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to crash ospfd on an adjacent router. (CVE-2012-0250)
Two flaws were found in the way the bgpd daemon processed certain BGP OPEN messages. A configured BGP peer could cause bgpd on a target system to abort via a specially-crafted BGP OPEN message. (CVE-2012-0255, CVE-2012-1820)
Red Hat would like to thank CERT-FI for reporting CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326; and the CERT/CC for reporting CVE-2012-0249, CVE-2012-0250, CVE-2012-0255, and CVE-2012-1820. CERT-FI acknowledges Riku Hietamäki, Tuomo Untinen and Jukka Taimisto of the Codenomicon CROSS project as the original reporters of CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326. The CERT/CC acknowledges Martin Winter at OpenSourceRouting.org as the original reporter of CVE-2012-0249, CVE-2012-0250, and CVE-2012-0255, and Denis Ovsienko as the original reporter of CVE-2012-1820.
Users of quagga should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the bgpd, ospfd, and ospf6d daemons will be restarted automatically.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258
- Package List:
Red Hat Enterprise Linux Server (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm
i386: quagga-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm
ppc64: quagga-0.99.15-7.el6_3.2.ppc64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.ppc64.rpm
s390x: quagga-0.99.15-7.el6_3.2.s390x.rpm quagga-debuginfo-0.99.15-7.el6_3.2.s390x.rpm
x86_64: quagga-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm
i386: quagga-contrib-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm
ppc64: quagga-contrib-0.99.15-7.el6_3.2.ppc64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.ppc.rpm quagga-debuginfo-0.99.15-7.el6_3.2.ppc64.rpm quagga-devel-0.99.15-7.el6_3.2.ppc.rpm quagga-devel-0.99.15-7.el6_3.2.ppc64.rpm
s390x: quagga-contrib-0.99.15-7.el6_3.2.s390x.rpm quagga-debuginfo-0.99.15-7.el6_3.2.s390.rpm quagga-debuginfo-0.99.15-7.el6_3.2.s390x.rpm quagga-devel-0.99.15-7.el6_3.2.s390.rpm quagga-devel-0.99.15-7.el6_3.2.s390x.rpm
x86_64: quagga-contrib-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm
i386: quagga-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm
x86_64: quagga-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm
i386: quagga-contrib-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm
x86_64: quagga-contrib-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2011-3323.html https://www.redhat.com/security/data/cve/CVE-2011-3324.html https://www.redhat.com/security/data/cve/CVE-2011-3325.html https://www.redhat.com/security/data/cve/CVE-2011-3326.html https://www.redhat.com/security/data/cve/CVE-2011-3327.html https://www.redhat.com/security/data/cve/CVE-2012-0249.html https://www.redhat.com/security/data/cve/CVE-2012-0250.html https://www.redhat.com/security/data/cve/CVE-2012-0255.html https://www.redhat.com/security/data/cve/CVE-2012-1820.html https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFQUOxMXlSAg2UNWIIRAspnAKDCd5umtQIWFZYD8vyRPpCkAlgiwwCglw+g P4VSjxs4xRnVCtT/IOkBkKQ= =VtuC -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201110-0450",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.15"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.11"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.16"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.13"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.14"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.9"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.10"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.17"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.12"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.6"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.8"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.7"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.0"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.6"
},
{
"model": "quagga",
"scope": "lte",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.18"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.0"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.95"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.2"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian gnu linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "quagga",
"scope": "lt",
"trust": 0.8,
"vendor": "quagga",
"version": "0.99.19"
},
{
"model": "seil/b1",
"scope": "lt",
"trust": 0.8,
"vendor": "internet initiative",
"version": "1.00 from 3.41"
},
{
"model": "seil/neu 2fe plus",
"scope": "lt",
"trust": 0.8,
"vendor": "internet initiative",
"version": "1.00 from 2.13"
},
{
"model": "seil/turbo",
"scope": "lt",
"trust": 0.8,
"vendor": "internet initiative",
"version": "1.00 from 2.13"
},
{
"model": "seil/x1",
"scope": "lt",
"trust": 0.8,
"vendor": "internet initiative",
"version": "1.00 from 3.41"
},
{
"model": "seil/x2",
"scope": "lt",
"trust": 0.8,
"vendor": "internet initiative",
"version": "1.00 from 3.41"
},
{
"model": "seil/x86",
"scope": "lt",
"trust": 0.8,
"vendor": "internet initiative",
"version": "1.70 from 1.91"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.6,
"vendor": "quagga",
"version": "0.99.18"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.10"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.10"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux enterprise server for vmware sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise sdk sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise sdk sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise sdk sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11.4"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11.3"
},
{
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "hat enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "hat enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.17"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.16"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.15"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.11"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.9"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.8"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.7"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.6"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.5"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.4"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.3"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.2"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.1"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.6"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.5"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.98.3"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.97.3"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.4"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.3"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.2"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "routing software suite",
"scope": "ne",
"trust": 0.3,
"vendor": "quagga",
"version": "0.99.19"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#668534"
},
{
"db": "BID",
"id": "49784"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002368"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-583"
},
{
"db": "NVD",
"id": "CVE-2011-3323"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.95:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "0.99.18",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3323"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Riku Hietam\u0026amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;auml;ki, Tuomo Untinen and Jukka Taimisto of the Codenomicon CROSS project",
"sources": [
{
"db": "BID",
"id": "49784"
}
],
"trust": 0.3
},
"cve": "CVE-2011-3323",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2011-3323",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-3323",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#668534",
"trust": 0.8,
"value": "15.69"
},
{
"author": "CNNVD",
"id": "CNNVD-201109-583",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#668534"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002368"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-583"
},
{
"db": "NVD",
"id": "CVE-2011-3323"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a denial of service (out-of-bounds memory access and daemon crash) via a Link State Update message with an invalid IPv6 prefix length. Quagga contains five remote component vulnerabilities due to issues when handling BGP, OSPF, and OSPFv3 packets. A buffer overflow vulnerability\n2. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Quagga users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/quagga-0.99.20 \"\n\nReferences\n==========\n\n[ 1 ] CVE-2010-1674\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1674\n[ 2 ] CVE-2010-1675\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1675\n[ 3 ] CVE-2010-2948\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2948\n[ 4 ] CVE-2010-2949\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2949\n[ 5 ] CVE-2011-3323\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3323\n[ 6 ] CVE-2011-3324\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3324\n[ 7 ] CVE-2011-3325\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3325\n[ 8 ] CVE-2011-3326\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3326\n[ 9 ] CVE-2011-3327\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3327\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201202-02.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ==========================================================================\nUbuntu Security Notice USN-1261-1\nNovember 14, 2011\n\nquagga vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 11.10\n- Ubuntu 11.04\n- Ubuntu 10.10\n- Ubuntu 10.04 LTS\n\nSummary:\n\nQuagga could be made to crash or run programs if it received specially\ncrafted network traffic. (CVE-2011-3323)\n\nRiku Hietam\u00e4ki, Tuomo Untinen and Jukka Taimisto discovered that Quagga\nincorrectly handled certain IPv6 Database Description messages. (CVE-2011-3324)\n\nRiku Hietam\u00e4ki, Tuomo Untinen and Jukka Taimisto discovered that Quagga\nincorrectly handled certain IPv4 packets. \n(CVE-2011-3325)\n\nRiku Hietam\u00e4ki, Tuomo Untinen and Jukka Taimisto discovered that Quagga\nincorrectly handled invalid Link State Advertisement (LSA) types. (CVE-2011-3327)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 11.10:\n quagga 0.99.18-2ubuntu0.1\n\nUbuntu 11.04:\n quagga 0.99.17-4ubuntu1.1\n\nUbuntu 10.10:\n quagga 0.99.17-1ubuntu0.2\n\nUbuntu 10.04 LTS:\n quagga 0.99.15-1ubuntu0.3\n\nIn general, a standard system update will make all the necessary changes. \n\nCVE-2011-3324\n\tThe ospf6d process can crash while processing a Database\n\tDescription packet with a crafted Link-State-Advertisement. \n\nCVE-2011-3325\n\tThe ospfd process can crash while processing a crafted Hello\n\tpacket. \n\nCVE-2011-3326\n\tThe ospfd process crashes while processing\n\tLink-State-Advertisements of a type not known to Quagga. \n\nThe OSPF-related vulnerabilities require that potential attackers send\npackets to a vulnerable Quagga router; the packets are not distributed\nover OSPF. \n\nFor the oldstable distribution (lenny), these problems have been fixed\nin version 0.99.10-1lenny6. \n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 0.99.17-2+squeeze3. \n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 0.99.19-1. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: quagga security update\nAdvisory ID: RHSA-2012:1259-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2012-1259.html\nIssue date: 2012-09-12\nCVE Names: CVE-2011-3323 CVE-2011-3324 CVE-2011-3325 \n CVE-2011-3326 CVE-2011-3327 CVE-2012-0249 \n CVE-2012-0250 CVE-2012-0255 CVE-2012-1820 \n=====================================================================\n\n1. Summary:\n\nUpdated quagga packages that fix multiple security issues are now available\nfor Red Hat Enterprise Linux 6. \n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. Description:\n\nQuagga is a TCP/IP based routing software suite. The Quagga bgpd daemon\nimplements the BGP (Border Gateway Protocol) routing protocol. The Quagga\nospfd and ospf6d daemons implement the OSPF (Open Shortest Path First)\nrouting protocol. \n\nA heap-based buffer overflow flaw was found in the way the bgpd daemon\nprocessed malformed Extended Communities path attributes. An attacker could\nsend a specially-crafted BGP message, causing bgpd on a target system to\ncrash or, possibly, execute arbitrary code with the privileges of the user\nrunning bgpd. The UPDATE message would have to arrive from an explicitly\nconfigured BGP peer, but could have originated elsewhere in the BGP\nnetwork. (CVE-2011-3327)\n\nA stack-based buffer overflow flaw was found in the way the ospf6d daemon\nprocessed malformed Link State Update packets. An OSPF router could use\nthis flaw to crash ospf6d on an adjacent router. (CVE-2011-3323)\n\nA flaw was found in the way the ospf6d daemon processed malformed link\nstate advertisements. An OSPF neighbor could use this flaw to crash\nospf6d on a target system. (CVE-2011-3324)\n\nA flaw was found in the way the ospfd daemon processed malformed Hello\npackets. An OSPF neighbor could use this flaw to crash ospfd on a\ntarget system. (CVE-2011-3325)\n\nA flaw was found in the way the ospfd daemon processed malformed link state\nadvertisements. An OSPF router in the autonomous system could use this flaw\nto crash ospfd on a target system. (CVE-2011-3326)\n\nAn assertion failure was found in the way the ospfd daemon processed\ncertain Link State Update packets. An OSPF router could use this flaw to\ncause ospfd on an adjacent router to abort. (CVE-2012-0249)\n\nA buffer overflow flaw was found in the way the ospfd daemon processed\ncertain Link State Update packets. An OSPF router could use this flaw to\ncrash ospfd on an adjacent router. (CVE-2012-0250)\n\nTwo flaws were found in the way the bgpd daemon processed certain BGP OPEN\nmessages. A configured BGP peer could cause bgpd on a target system to\nabort via a specially-crafted BGP OPEN message. (CVE-2012-0255,\nCVE-2012-1820)\n\nRed Hat would like to thank CERT-FI for reporting CVE-2011-3327,\nCVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326; and the\nCERT/CC for reporting CVE-2012-0249, CVE-2012-0250, CVE-2012-0255, and\nCVE-2012-1820. CERT-FI acknowledges Riku Hietam\u00e4ki, Tuomo Untinen and Jukka\nTaimisto of the Codenomicon CROSS project as the original reporters of\nCVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and\nCVE-2011-3326. The CERT/CC acknowledges Martin Winter at\nOpenSourceRouting.org as the original reporter of CVE-2012-0249,\nCVE-2012-0250, and CVE-2012-0255, and Denis Ovsienko as the original\nreporter of CVE-2012-1820. \n\nUsers of quagga should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, the bgpd, ospfd, and ospf6d daemons will be restarted\nautomatically. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm\n\ni386:\nquagga-0.99.15-7.el6_3.2.i686.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm\n\nppc64:\nquagga-0.99.15-7.el6_3.2.ppc64.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.ppc64.rpm\n\ns390x:\nquagga-0.99.15-7.el6_3.2.s390x.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.s390x.rpm\n\nx86_64:\nquagga-0.99.15-7.el6_3.2.x86_64.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm\n\ni386:\nquagga-contrib-0.99.15-7.el6_3.2.i686.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm\nquagga-devel-0.99.15-7.el6_3.2.i686.rpm\n\nppc64:\nquagga-contrib-0.99.15-7.el6_3.2.ppc64.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.ppc.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.ppc64.rpm\nquagga-devel-0.99.15-7.el6_3.2.ppc.rpm\nquagga-devel-0.99.15-7.el6_3.2.ppc64.rpm\n\ns390x:\nquagga-contrib-0.99.15-7.el6_3.2.s390x.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.s390.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.s390x.rpm\nquagga-devel-0.99.15-7.el6_3.2.s390.rpm\nquagga-devel-0.99.15-7.el6_3.2.s390x.rpm\n\nx86_64:\nquagga-contrib-0.99.15-7.el6_3.2.x86_64.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm\nquagga-devel-0.99.15-7.el6_3.2.i686.rpm\nquagga-devel-0.99.15-7.el6_3.2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm\n\ni386:\nquagga-0.99.15-7.el6_3.2.i686.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm\n\nx86_64:\nquagga-0.99.15-7.el6_3.2.x86_64.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm\n\ni386:\nquagga-contrib-0.99.15-7.el6_3.2.i686.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm\nquagga-devel-0.99.15-7.el6_3.2.i686.rpm\n\nx86_64:\nquagga-contrib-0.99.15-7.el6_3.2.x86_64.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm\nquagga-devel-0.99.15-7.el6_3.2.i686.rpm\nquagga-devel-0.99.15-7.el6_3.2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-3323.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3324.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3325.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3326.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3327.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0249.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0250.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0255.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-1820.html\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2012 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFQUOxMXlSAg2UNWIIRAspnAKDCd5umtQIWFZYD8vyRPpCkAlgiwwCglw+g\nP4VSjxs4xRnVCtT/IOkBkKQ=\n=VtuC\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3323"
},
{
"db": "CERT/CC",
"id": "VU#668534"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002368"
},
{
"db": "BID",
"id": "49784"
},
{
"db": "PACKETSTORM",
"id": "110033"
},
{
"db": "PACKETSTORM",
"id": "107001"
},
{
"db": "PACKETSTORM",
"id": "105571"
},
{
"db": "PACKETSTORM",
"id": "116468"
},
{
"db": "PACKETSTORM",
"id": "116469"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-3323",
"trust": 3.2
},
{
"db": "CERT/CC",
"id": "VU#668534",
"trust": 2.9
},
{
"db": "SECUNIA",
"id": "46139",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "48106",
"trust": 1.0
},
{
"db": "SECUNIA",
"id": "46274",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002368",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201109-583",
"trust": 0.6
},
{
"db": "BID",
"id": "49784",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "110033",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "107001",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "105571",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "116468",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "116469",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#668534"
},
{
"db": "BID",
"id": "49784"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002368"
},
{
"db": "PACKETSTORM",
"id": "110033"
},
{
"db": "PACKETSTORM",
"id": "107001"
},
{
"db": "PACKETSTORM",
"id": "105571"
},
{
"db": "PACKETSTORM",
"id": "116468"
},
{
"db": "PACKETSTORM",
"id": "116469"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-583"
},
{
"db": "NVD",
"id": "CVE-2011-3323"
}
]
},
"id": "VAR-201110-0450",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.25897437
},
"last_update_date": "2024-07-23T19:28:46.203000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.quagga.net/"
},
{
"title": "ospf6d: CVE-2011-3323",
"trust": 0.8,
"url": "http://code.quagga.net/?p=quagga.git;a=commit;h=abc7ef44ca05493500865ce81f7b84f5c4eb6594"
},
{
"title": "quagga-0.99.19.changelog",
"trust": 0.8,
"url": "http://www.quagga.net/download/quagga-0.99.19.changelog.txt"
},
{
"title": "RHSA-2012:1259",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2012-1259.html"
},
{
"title": "Multiple Denial of Service vulnerabilities in Quagga",
"trust": 0.8,
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_denial_of_service_vulnerabilities5"
},
{
"title": "\u507d\u88c5\u3055\u308c\u305fOSPF\uff08v2,v3\uff09\u30d1\u30b1\u30c3\u30c8\u306b\u5bfe\u3059\u308b\u53d7\u4fe1\u51e6\u7406\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "http://www.seil.jp/support/security/a01141.html"
},
{
"title": "quagga-0.99.19",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=40714"
},
{
"title": "quagga-master-513254",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=40715"
},
{
"title": "quagga.git-94431dbc753171b48b5c6806af97fd690813b00a",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=40713"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002368"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-583"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002368"
},
{
"db": "NVD",
"id": "CVE-2011-3323"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://www.cert.fi/en/reports/2011/vulnerability539178.html"
},
{
"trust": 2.1,
"url": "http://www.kb.cert.org/vuls/id/668534"
},
{
"trust": 1.6,
"url": "http://www.quagga.net/download/quagga-0.99.19.changelog.txt"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/46139"
},
{
"trust": 1.4,
"url": "http://rhn.redhat.com/errata/rhsa-2012-1258.html"
},
{
"trust": 1.4,
"url": "http://rhn.redhat.com/errata/rhsa-2012-1259.html"
},
{
"trust": 1.1,
"url": "http://security.gentoo.org/glsa/glsa-201202-02.xml"
},
{
"trust": 1.0,
"url": "http://code.quagga.net/?p=quagga.git%3ba=commit%3bh=abc7ef44ca05493500865ce81f7b84f5c4eb6594"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00027.html"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00007.html"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00010.html"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/46274"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/48106"
},
{
"trust": 1.0,
"url": "http://www.debian.org/security/2011/dsa-2316"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2011-3327"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3323"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu668534"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3323"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3323"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3326"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3325"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3324"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3327"
},
{
"trust": 0.3,
"url": "http://www.quagga.net/news2.php?y=2011\u0026m=9\u0026d=26#id1285509600"
},
{
"trust": 0.3,
"url": "http://www.quagga.net/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1674"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3323.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0250"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3325.html"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3324.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0249"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0249.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0250.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/knowledge/articles/11258"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3326.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3327.html"
},
{
"trust": 0.2,
"url": "http://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1674"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2949"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3325"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3324"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1675"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2948"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3326"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3327"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3323"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2948"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2949"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1675"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/quagga/0.99.17-4ubuntu1.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/quagga/0.99.15-1ubuntu0.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/quagga/0.99.18-2ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/quagga/0.99.17-1ubuntu0.2"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-1261-1"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2010-1674.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0255.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0255"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-1820.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1820"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#668534"
},
{
"db": "BID",
"id": "49784"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002368"
},
{
"db": "PACKETSTORM",
"id": "110033"
},
{
"db": "PACKETSTORM",
"id": "107001"
},
{
"db": "PACKETSTORM",
"id": "105571"
},
{
"db": "PACKETSTORM",
"id": "116468"
},
{
"db": "PACKETSTORM",
"id": "116469"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-583"
},
{
"db": "NVD",
"id": "CVE-2011-3323"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#668534"
},
{
"db": "BID",
"id": "49784"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002368"
},
{
"db": "PACKETSTORM",
"id": "110033"
},
{
"db": "PACKETSTORM",
"id": "107001"
},
{
"db": "PACKETSTORM",
"id": "105571"
},
{
"db": "PACKETSTORM",
"id": "116468"
},
{
"db": "PACKETSTORM",
"id": "116469"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-583"
},
{
"db": "NVD",
"id": "CVE-2011-3323"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-09-26T00:00:00",
"db": "CERT/CC",
"id": "VU#668534"
},
{
"date": "2011-09-26T00:00:00",
"db": "BID",
"id": "49784"
},
{
"date": "2011-10-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002368"
},
{
"date": "2012-02-22T02:10:03",
"db": "PACKETSTORM",
"id": "110033"
},
{
"date": "2011-11-15T15:35:22",
"db": "PACKETSTORM",
"id": "107001"
},
{
"date": "2011-10-05T23:00:08",
"db": "PACKETSTORM",
"id": "105571"
},
{
"date": "2012-09-12T23:06:05",
"db": "PACKETSTORM",
"id": "116468"
},
{
"date": "2012-09-12T23:06:22",
"db": "PACKETSTORM",
"id": "116469"
},
{
"date": "2011-09-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-583"
},
{
"date": "2011-10-10T10:55:06.270000",
"db": "NVD",
"id": "CVE-2011-3323"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-10-06T00:00:00",
"db": "CERT/CC",
"id": "VU#668534"
},
{
"date": "2015-04-13T21:15:00",
"db": "BID",
"id": "49784"
},
{
"date": "2012-11-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002368"
},
{
"date": "2011-09-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-583"
},
{
"date": "2023-11-07T02:08:28.920000",
"db": "NVD",
"id": "CVE-2011-3323"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "110033"
},
{
"db": "PACKETSTORM",
"id": "107001"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-583"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple Quagga remote component vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#668534"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201109-583"
}
],
"trust": 0.6
}
}
var-201110-0442
Vulnerability from variot
ospf_packet.c in ospfd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) via (1) a 0x0a type field in an IPv4 packet header or (2) a truncated IPv4 Hello packet. Quagga contains five remote component vulnerabilities due to issues when handling BGP, OSPF, and OSPFv3 packets. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201202-02
http://security.gentoo.org/
Severity: High Title: Quagga: Multiple vulnerabilities Date: February 21, 2012 Bugs: #334303, #359903, #384651 ID: 201202-02
Synopsis
Multiple vulnerabilities were found in Quagga, the worst of which leading to remote execution of arbitrary code. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All Quagga users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/quagga-0.99.20 "
References
[ 1 ] CVE-2010-1674 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1674 [ 2 ] CVE-2010-1675 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1675 [ 3 ] CVE-2010-2948 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2948 [ 4 ] CVE-2010-2949 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2949 [ 5 ] CVE-2011-3323 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3323 [ 6 ] CVE-2011-3324 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3324 [ 7 ] CVE-2011-3325 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3325 [ 8 ] CVE-2011-3326 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3326 [ 9 ] CVE-2011-3327 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3327
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201202-02.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-1261-1 November 14, 2011
quagga vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
Summary:
Quagga could be made to crash or run programs if it received specially crafted network traffic. (CVE-2011-3323)
Riku Hietamäki, Tuomo Untinen and Jukka Taimisto discovered that Quagga incorrectly handled certain IPv6 Database Description messages. (CVE-2011-3324)
Riku Hietamäki, Tuomo Untinen and Jukka Taimisto discovered that Quagga incorrectly handled certain IPv4 packets. (CVE-2011-3325)
Riku Hietamäki, Tuomo Untinen and Jukka Taimisto discovered that Quagga incorrectly handled invalid Link State Advertisement (LSA) types. (CVE-2011-3327)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 11.10: quagga 0.99.18-2ubuntu0.1
Ubuntu 11.04: quagga 0.99.17-4ubuntu1.1
Ubuntu 10.10: quagga 0.99.17-1ubuntu0.2
Ubuntu 10.04 LTS: quagga 0.99.15-1ubuntu0.3
In general, a standard system update will make all the necessary changes. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: SUSE update for quagga
SECUNIA ADVISORY ID: SA46214
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46214/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46214
RELEASE DATE: 2011-09-29
DISCUSS ADVISORY: http://secunia.com/advisories/46214/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46214/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46214
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: SUSE has issued an update for quagga.
ORIGINAL ADVISORY: SUSE-SU-2011:1075-1: http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00027.html
openSUSE-SU-2011:1155-1: http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00007.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
.
CVE-2011-3324 The ospf6d process can crash while processing a Database Description packet with a crafted Link-State-Advertisement.
CVE-2011-3325 The ospfd process can crash while processing a crafted Hello packet.
CVE-2011-3326 The ospfd process crashes while processing Link-State-Advertisements of a type not known to Quagga.
The OSPF-related vulnerabilities require that potential attackers send packets to a vulnerable Quagga router; the packets are not distributed over OSPF.
For the oldstable distribution (lenny), these problems have been fixed in version 0.99.10-1lenny6.
For the stable distribution (squeeze), these problems have been fixed in version 0.99.17-2+squeeze3.
For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 0.99.19-1. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: quagga security update Advisory ID: RHSA-2012:1259-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1259.html Issue date: 2012-09-12 CVE Names: CVE-2011-3323 CVE-2011-3324 CVE-2011-3325 CVE-2011-3326 CVE-2011-3327 CVE-2012-0249 CVE-2012-0250 CVE-2012-0255 CVE-2012-1820 =====================================================================
- Summary:
Updated quagga packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
- Description:
Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP (Border Gateway Protocol) routing protocol. The Quagga ospfd and ospf6d daemons implement the OSPF (Open Shortest Path First) routing protocol.
A heap-based buffer overflow flaw was found in the way the bgpd daemon processed malformed Extended Communities path attributes. An attacker could send a specially-crafted BGP message, causing bgpd on a target system to crash or, possibly, execute arbitrary code with the privileges of the user running bgpd. The UPDATE message would have to arrive from an explicitly configured BGP peer, but could have originated elsewhere in the BGP network. (CVE-2011-3327)
A stack-based buffer overflow flaw was found in the way the ospf6d daemon processed malformed Link State Update packets. An OSPF router could use this flaw to crash ospf6d on an adjacent router. (CVE-2011-3323)
A flaw was found in the way the ospf6d daemon processed malformed link state advertisements. An OSPF neighbor could use this flaw to crash ospf6d on a target system. (CVE-2011-3324)
A flaw was found in the way the ospfd daemon processed malformed Hello packets. An OSPF neighbor could use this flaw to crash ospfd on a target system. (CVE-2011-3325)
A flaw was found in the way the ospfd daemon processed malformed link state advertisements. An OSPF router in the autonomous system could use this flaw to crash ospfd on a target system. (CVE-2011-3326)
An assertion failure was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to cause ospfd on an adjacent router to abort. (CVE-2012-0249)
A buffer overflow flaw was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to crash ospfd on an adjacent router. (CVE-2012-0250)
Two flaws were found in the way the bgpd daemon processed certain BGP OPEN messages. A configured BGP peer could cause bgpd on a target system to abort via a specially-crafted BGP OPEN message. (CVE-2012-0255, CVE-2012-1820)
Red Hat would like to thank CERT-FI for reporting CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326; and the CERT/CC for reporting CVE-2012-0249, CVE-2012-0250, CVE-2012-0255, and CVE-2012-1820. CERT-FI acknowledges Riku Hietamäki, Tuomo Untinen and Jukka Taimisto of the Codenomicon CROSS project as the original reporters of CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326. The CERT/CC acknowledges Martin Winter at OpenSourceRouting.org as the original reporter of CVE-2012-0249, CVE-2012-0250, and CVE-2012-0255, and Denis Ovsienko as the original reporter of CVE-2012-1820.
Users of quagga should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the bgpd, ospfd, and ospf6d daemons will be restarted automatically.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258
- Bugs fixed (http://bugzilla.redhat.com/):
738393 - CVE-2011-3323 Quagga (ospf6d): Stack-based buffer overflow while decoding Link State Update packet with malformed Inter Area Prefix LSA 738394 - CVE-2011-3324 Quagga (ospf6d): Denial of service by decoding malformed Database Description packet headers 738396 - CVE-2011-3325 Quagga (ospfd): Denial of service by decoding too short Hello packet or Hello packet with invalid OSPFv2 header type 738398 - CVE-2011-3326 Quagga (ospfd): Denial of service by decoding Link State Update LSAs of unknown type 738400 - CVE-2011-3327 Quagga (bgpd): Heap-based buffer overflow by decoding BGP UPDATE message with unknown AS_PATH attributes 802781 - CVE-2012-0255 quagga (bgpd): Assertion failure by processing malformed AS4 capability in BGP OPEN message 802827 - CVE-2012-0249 quagga (ospfd): Assertion failure due improper length check for a received LS-Update OSPF packet 802829 - CVE-2012-0250 quagga (ospfd): Crash by processing LS-Update OSPF packet due improper length check of the Network-LSA structures 817580 - CVE-2012-1820 quagga (bgpd): Assertion failure by processing BGP OPEN message with malformed ORF capability TLV (VU#962587)
- Package List:
Red Hat Enterprise Linux Server (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm
i386: quagga-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm
ppc64: quagga-0.99.15-7.el6_3.2.ppc64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.ppc64.rpm
s390x: quagga-0.99.15-7.el6_3.2.s390x.rpm quagga-debuginfo-0.99.15-7.el6_3.2.s390x.rpm
x86_64: quagga-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm
i386: quagga-contrib-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm
ppc64: quagga-contrib-0.99.15-7.el6_3.2.ppc64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.ppc.rpm quagga-debuginfo-0.99.15-7.el6_3.2.ppc64.rpm quagga-devel-0.99.15-7.el6_3.2.ppc.rpm quagga-devel-0.99.15-7.el6_3.2.ppc64.rpm
s390x: quagga-contrib-0.99.15-7.el6_3.2.s390x.rpm quagga-debuginfo-0.99.15-7.el6_3.2.s390.rpm quagga-debuginfo-0.99.15-7.el6_3.2.s390x.rpm quagga-devel-0.99.15-7.el6_3.2.s390.rpm quagga-devel-0.99.15-7.el6_3.2.s390x.rpm
x86_64: quagga-contrib-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm
i386: quagga-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm
x86_64: quagga-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm
i386: quagga-contrib-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm
x86_64: quagga-contrib-0.99.15-7.el6_3.2.x86_64.rpm quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm quagga-devel-0.99.15-7.el6_3.2.i686.rpm quagga-devel-0.99.15-7.el6_3.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2011-3323.html https://www.redhat.com/security/data/cve/CVE-2011-3324.html https://www.redhat.com/security/data/cve/CVE-2011-3325.html https://www.redhat.com/security/data/cve/CVE-2011-3326.html https://www.redhat.com/security/data/cve/CVE-2011-3327.html https://www.redhat.com/security/data/cve/CVE-2012-0249.html https://www.redhat.com/security/data/cve/CVE-2012-0250.html https://www.redhat.com/security/data/cve/CVE-2012-0255.html https://www.redhat.com/security/data/cve/CVE-2012-1820.html https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFQUOxMXlSAg2UNWIIRAspnAKDCd5umtQIWFZYD8vyRPpCkAlgiwwCglw+g P4VSjxs4xRnVCtT/IOkBkKQ= =VtuC -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201110-0442",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.15"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.11"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.16"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.13"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.14"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.9"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.10"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.17"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.99.12"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.6"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.8"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.4"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.7"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.0"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.1"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.5"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.98.6"
},
{
"model": "quagga",
"scope": "lte",
"trust": 1.0,
"vendor": "quagga",
"version": "0.99.18"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.97.0"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.95"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.2"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian gnu linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "quagga",
"scope": "lt",
"trust": 0.8,
"vendor": "quagga",
"version": "0.99.19"
},
{
"model": "seil/b1",
"scope": "lt",
"trust": 0.8,
"vendor": "internet initiative",
"version": "1.00 from 3.41"
},
{
"model": "seil/neu 2fe plus",
"scope": "lt",
"trust": 0.8,
"vendor": "internet initiative",
"version": "1.00 from 2.13"
},
{
"model": "seil/turbo",
"scope": "lt",
"trust": 0.8,
"vendor": "internet initiative",
"version": "1.00 from 2.13"
},
{
"model": "seil/x1",
"scope": "lt",
"trust": 0.8,
"vendor": "internet initiative",
"version": "1.00 from 3.41"
},
{
"model": "seil/x2",
"scope": "lt",
"trust": 0.8,
"vendor": "internet initiative",
"version": "1.00 from 3.41"
},
{
"model": "seil/x86",
"scope": "lt",
"trust": 0.8,
"vendor": "internet initiative",
"version": "1.70 from 1.91"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.6,
"vendor": "quagga",
"version": "0.99.18"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#668534"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002370"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-585"
},
{
"db": "NVD",
"id": "CVE-2011-3325"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.95:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.98.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "0.99.18",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.97.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.99.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3325"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "116468"
},
{
"db": "PACKETSTORM",
"id": "116469"
}
],
"trust": 0.2
},
"cve": "CVE-2011-3325",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2011-3325",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-3325",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#668534",
"trust": 0.8,
"value": "15.69"
},
{
"author": "CNNVD",
"id": "CNNVD-201109-585",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#668534"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002370"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-585"
},
{
"db": "NVD",
"id": "CVE-2011-3325"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ospf_packet.c in ospfd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) via (1) a 0x0a type field in an IPv4 packet header or (2) a truncated IPv4 Hello packet. Quagga contains five remote component vulnerabilities due to issues when handling BGP, OSPF, and OSPFv3 packets. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201202-02\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Quagga: Multiple vulnerabilities\n Date: February 21, 2012\n Bugs: #334303, #359903, #384651\n ID: 201202-02\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities were found in Quagga, the worst of which\nleading to remote execution of arbitrary code. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Quagga users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/quagga-0.99.20 \"\n\nReferences\n==========\n\n[ 1 ] CVE-2010-1674\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1674\n[ 2 ] CVE-2010-1675\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1675\n[ 3 ] CVE-2010-2948\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2948\n[ 4 ] CVE-2010-2949\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2949\n[ 5 ] CVE-2011-3323\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3323\n[ 6 ] CVE-2011-3324\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3324\n[ 7 ] CVE-2011-3325\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3325\n[ 8 ] CVE-2011-3326\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3326\n[ 9 ] CVE-2011-3327\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3327\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201202-02.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ==========================================================================\nUbuntu Security Notice USN-1261-1\nNovember 14, 2011\n\nquagga vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 11.10\n- Ubuntu 11.04\n- Ubuntu 10.10\n- Ubuntu 10.04 LTS\n\nSummary:\n\nQuagga could be made to crash or run programs if it received specially\ncrafted network traffic. (CVE-2011-3323)\n\nRiku Hietam\u00e4ki, Tuomo Untinen and Jukka Taimisto discovered that Quagga\nincorrectly handled certain IPv6 Database Description messages. (CVE-2011-3324)\n\nRiku Hietam\u00e4ki, Tuomo Untinen and Jukka Taimisto discovered that Quagga\nincorrectly handled certain IPv4 packets. \n(CVE-2011-3325)\n\nRiku Hietam\u00e4ki, Tuomo Untinen and Jukka Taimisto discovered that Quagga\nincorrectly handled invalid Link State Advertisement (LSA) types. (CVE-2011-3327)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 11.10:\n quagga 0.99.18-2ubuntu0.1\n\nUbuntu 11.04:\n quagga 0.99.17-4ubuntu1.1\n\nUbuntu 10.10:\n quagga 0.99.17-1ubuntu0.2\n\nUbuntu 10.04 LTS:\n quagga 0.99.15-1ubuntu0.3\n\nIn general, a standard system update will make all the necessary changes. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nSUSE update for quagga\n\nSECUNIA ADVISORY ID:\nSA46214\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46214/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46214\n\nRELEASE DATE:\n2011-09-29\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46214/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46214/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46214\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nSUSE has issued an update for quagga. \n\nORIGINAL ADVISORY:\nSUSE-SU-2011:1075-1:\nhttp://lists.opensuse.org/opensuse-security-announce/2011-09/msg00027.html\n\nopenSUSE-SU-2011:1155-1:\nhttp://lists.opensuse.org/opensuse-security-announce/2011-10/msg00007.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\nCVE-2011-3324\n\tThe ospf6d process can crash while processing a Database\n\tDescription packet with a crafted Link-State-Advertisement. \n\nCVE-2011-3325\n\tThe ospfd process can crash while processing a crafted Hello\n\tpacket. \n\nCVE-2011-3326\n\tThe ospfd process crashes while processing\n\tLink-State-Advertisements of a type not known to Quagga. \n\nThe OSPF-related vulnerabilities require that potential attackers send\npackets to a vulnerable Quagga router; the packets are not distributed\nover OSPF. \n\nFor the oldstable distribution (lenny), these problems have been fixed\nin version 0.99.10-1lenny6. \n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 0.99.17-2+squeeze3. \n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 0.99.19-1. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: quagga security update\nAdvisory ID: RHSA-2012:1259-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2012-1259.html\nIssue date: 2012-09-12\nCVE Names: CVE-2011-3323 CVE-2011-3324 CVE-2011-3325 \n CVE-2011-3326 CVE-2011-3327 CVE-2012-0249 \n CVE-2012-0250 CVE-2012-0255 CVE-2012-1820 \n=====================================================================\n\n1. Summary:\n\nUpdated quagga packages that fix multiple security issues are now available\nfor Red Hat Enterprise Linux 6. \n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. Description:\n\nQuagga is a TCP/IP based routing software suite. The Quagga bgpd daemon\nimplements the BGP (Border Gateway Protocol) routing protocol. The Quagga\nospfd and ospf6d daemons implement the OSPF (Open Shortest Path First)\nrouting protocol. \n\nA heap-based buffer overflow flaw was found in the way the bgpd daemon\nprocessed malformed Extended Communities path attributes. An attacker could\nsend a specially-crafted BGP message, causing bgpd on a target system to\ncrash or, possibly, execute arbitrary code with the privileges of the user\nrunning bgpd. The UPDATE message would have to arrive from an explicitly\nconfigured BGP peer, but could have originated elsewhere in the BGP\nnetwork. (CVE-2011-3327)\n\nA stack-based buffer overflow flaw was found in the way the ospf6d daemon\nprocessed malformed Link State Update packets. An OSPF router could use\nthis flaw to crash ospf6d on an adjacent router. (CVE-2011-3323)\n\nA flaw was found in the way the ospf6d daemon processed malformed link\nstate advertisements. An OSPF neighbor could use this flaw to crash\nospf6d on a target system. (CVE-2011-3324)\n\nA flaw was found in the way the ospfd daemon processed malformed Hello\npackets. An OSPF neighbor could use this flaw to crash ospfd on a\ntarget system. (CVE-2011-3325)\n\nA flaw was found in the way the ospfd daemon processed malformed link state\nadvertisements. An OSPF router in the autonomous system could use this flaw\nto crash ospfd on a target system. (CVE-2011-3326)\n\nAn assertion failure was found in the way the ospfd daemon processed\ncertain Link State Update packets. An OSPF router could use this flaw to\ncause ospfd on an adjacent router to abort. (CVE-2012-0249)\n\nA buffer overflow flaw was found in the way the ospfd daemon processed\ncertain Link State Update packets. An OSPF router could use this flaw to\ncrash ospfd on an adjacent router. (CVE-2012-0250)\n\nTwo flaws were found in the way the bgpd daemon processed certain BGP OPEN\nmessages. A configured BGP peer could cause bgpd on a target system to\nabort via a specially-crafted BGP OPEN message. (CVE-2012-0255,\nCVE-2012-1820)\n\nRed Hat would like to thank CERT-FI for reporting CVE-2011-3327,\nCVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326; and the\nCERT/CC for reporting CVE-2012-0249, CVE-2012-0250, CVE-2012-0255, and\nCVE-2012-1820. CERT-FI acknowledges Riku Hietam\u00e4ki, Tuomo Untinen and Jukka\nTaimisto of the Codenomicon CROSS project as the original reporters of\nCVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and\nCVE-2011-3326. The CERT/CC acknowledges Martin Winter at\nOpenSourceRouting.org as the original reporter of CVE-2012-0249,\nCVE-2012-0250, and CVE-2012-0255, and Denis Ovsienko as the original\nreporter of CVE-2012-1820. \n\nUsers of quagga should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, the bgpd, ospfd, and ospf6d daemons will be restarted\nautomatically. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n738393 - CVE-2011-3323 Quagga (ospf6d): Stack-based buffer overflow while decoding Link State Update packet with malformed Inter Area Prefix LSA\n738394 - CVE-2011-3324 Quagga (ospf6d): Denial of service by decoding malformed Database Description packet headers\n738396 - CVE-2011-3325 Quagga (ospfd): Denial of service by decoding too short Hello packet or Hello packet with invalid OSPFv2 header type\n738398 - CVE-2011-3326 Quagga (ospfd): Denial of service by decoding Link State Update LSAs of unknown type\n738400 - CVE-2011-3327 Quagga (bgpd): Heap-based buffer overflow by decoding BGP UPDATE message with unknown AS_PATH attributes\n802781 - CVE-2012-0255 quagga (bgpd): Assertion failure by processing malformed AS4 capability in BGP OPEN message\n802827 - CVE-2012-0249 quagga (ospfd): Assertion failure due improper length check for a received LS-Update OSPF packet\n802829 - CVE-2012-0250 quagga (ospfd): Crash by processing LS-Update OSPF packet due improper length check of the Network-LSA structures\n817580 - CVE-2012-1820 quagga (bgpd): Assertion failure by processing BGP OPEN message with malformed ORF capability TLV (VU#962587)\n\n6. Package List:\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm\n\ni386:\nquagga-0.99.15-7.el6_3.2.i686.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm\n\nppc64:\nquagga-0.99.15-7.el6_3.2.ppc64.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.ppc64.rpm\n\ns390x:\nquagga-0.99.15-7.el6_3.2.s390x.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.s390x.rpm\n\nx86_64:\nquagga-0.99.15-7.el6_3.2.x86_64.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm\n\ni386:\nquagga-contrib-0.99.15-7.el6_3.2.i686.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm\nquagga-devel-0.99.15-7.el6_3.2.i686.rpm\n\nppc64:\nquagga-contrib-0.99.15-7.el6_3.2.ppc64.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.ppc.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.ppc64.rpm\nquagga-devel-0.99.15-7.el6_3.2.ppc.rpm\nquagga-devel-0.99.15-7.el6_3.2.ppc64.rpm\n\ns390x:\nquagga-contrib-0.99.15-7.el6_3.2.s390x.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.s390.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.s390x.rpm\nquagga-devel-0.99.15-7.el6_3.2.s390.rpm\nquagga-devel-0.99.15-7.el6_3.2.s390x.rpm\n\nx86_64:\nquagga-contrib-0.99.15-7.el6_3.2.x86_64.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm\nquagga-devel-0.99.15-7.el6_3.2.i686.rpm\nquagga-devel-0.99.15-7.el6_3.2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm\n\ni386:\nquagga-0.99.15-7.el6_3.2.i686.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm\n\nx86_64:\nquagga-0.99.15-7.el6_3.2.x86_64.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm\n\ni386:\nquagga-contrib-0.99.15-7.el6_3.2.i686.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm\nquagga-devel-0.99.15-7.el6_3.2.i686.rpm\n\nx86_64:\nquagga-contrib-0.99.15-7.el6_3.2.x86_64.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm\nquagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm\nquagga-devel-0.99.15-7.el6_3.2.i686.rpm\nquagga-devel-0.99.15-7.el6_3.2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-3323.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3324.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3325.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3326.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3327.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0249.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0250.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0255.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-1820.html\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2012 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFQUOxMXlSAg2UNWIIRAspnAKDCd5umtQIWFZYD8vyRPpCkAlgiwwCglw+g\nP4VSjxs4xRnVCtT/IOkBkKQ=\n=VtuC\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3325"
},
{
"db": "CERT/CC",
"id": "VU#668534"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002370"
},
{
"db": "PACKETSTORM",
"id": "110033"
},
{
"db": "PACKETSTORM",
"id": "107001"
},
{
"db": "PACKETSTORM",
"id": "106488"
},
{
"db": "PACKETSTORM",
"id": "105571"
},
{
"db": "PACKETSTORM",
"id": "116468"
},
{
"db": "PACKETSTORM",
"id": "116469"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#668534",
"trust": 3.2
},
{
"db": "NVD",
"id": "CVE-2011-3325",
"trust": 2.9
},
{
"db": "SECUNIA",
"id": "46139",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "48106",
"trust": 1.0
},
{
"db": "SECUNIA",
"id": "46274",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002370",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "46214",
"trust": 0.7
},
{
"db": "SECUNIA",
"id": "46244",
"trust": 0.6
},
{
"db": "DEBIAN",
"id": "DSA-2316",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201109-585",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "110033",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "107001",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "106488",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "105571",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "116468",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "116469",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#668534"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002370"
},
{
"db": "PACKETSTORM",
"id": "110033"
},
{
"db": "PACKETSTORM",
"id": "107001"
},
{
"db": "PACKETSTORM",
"id": "106488"
},
{
"db": "PACKETSTORM",
"id": "105571"
},
{
"db": "PACKETSTORM",
"id": "116468"
},
{
"db": "PACKETSTORM",
"id": "116469"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-585"
},
{
"db": "NVD",
"id": "CVE-2011-3325"
}
]
},
"id": "VAR-201110-0442",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.25897437
},
"last_update_date": "2024-07-23T20:10:49.650000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.quagga.net"
},
{
"title": "ospfd: CVE-2011-3325 part 1",
"trust": 0.8,
"url": "http://code.quagga.net/?p=quagga.git;a=commit;h=61ab0301606053192f45c188bc48afc837518770"
},
{
"title": "ospfd: CVE-2011-3325 part 2",
"trust": 0.8,
"url": "http://code.quagga.net/?p=quagga.git;a=commit;h=717750433839762d23a5f8d88fe0b4d57c8d490a"
},
{
"title": "quagga-0.99.19.changelog",
"trust": 0.8,
"url": "http://www.quagga.net/download/quagga-0.99.19.changelog.txt"
},
{
"title": "RHSA-2012:1259",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2012-1259.html"
},
{
"title": "Multiple Denial of Service vulnerabilities in Quagga",
"trust": 0.8,
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_denial_of_service_vulnerabilities5"
},
{
"title": "\u507d\u88c5\u3055\u308c\u305fOSPF\uff08v2,v3\uff09\u30d1\u30b1\u30c3\u30c8\u306b\u5bfe\u3059\u308b\u53d7\u4fe1\u51e6\u7406\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "http://www.seil.jp/support/security/a01141.html"
},
{
"title": "quagga-0.99.19",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=40714"
},
{
"title": "quagga-master-513254",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=40715"
},
{
"title": "quagga.git-94431dbc753171b48b5c6806af97fd690813b00a",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=40713"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002370"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-585"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002370"
},
{
"db": "NVD",
"id": "CVE-2011-3325"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.cert.fi/en/reports/2011/vulnerability539178.html"
},
{
"trust": 2.4,
"url": "http://www.kb.cert.org/vuls/id/668534"
},
{
"trust": 1.6,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=738396"
},
{
"trust": 1.6,
"url": "http://www.quagga.net/download/quagga-0.99.19.changelog.txt"
},
{
"trust": 1.6,
"url": "http://www.debian.org/security/2011/dsa-2316"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/46139"
},
{
"trust": 1.1,
"url": "http://security.gentoo.org/glsa/glsa-201202-02.xml"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00027.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00007.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2012-1258.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2012-1259.html"
},
{
"trust": 1.0,
"url": "http://code.quagga.net/?p=quagga.git%3ba=commit%3bh=61ab0301606053192f45c188bc48afc837518770"
},
{
"trust": 1.0,
"url": "http://code.quagga.net/?p=quagga.git%3ba=commit%3bh=717750433839762d23a5f8d88fe0b4d57c8d490a"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00010.html"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/46274"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/48106"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2011-3327"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3325"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu668534"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3325"
},
{
"trust": 0.6,
"url": "http://code.quagga.net/?p=quagga.git;a=commit;h=717750433839762d23a5f8d88fe0b4d57c8d490a"
},
{
"trust": 0.6,
"url": "http://code.quagga.net/?p=quagga.git;a=commit;h=61ab0301606053192f45c188bc48afc837518770"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/46214"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/46244"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3323"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3326"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3325"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3324"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3327"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1674"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3323.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0250"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3325.html"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3324.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0249"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0249.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0250.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/knowledge/articles/11258"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3326.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3327.html"
},
{
"trust": 0.2,
"url": "http://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1674"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2949"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3325"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3324"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1675"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2948"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3326"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3327"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3323"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2948"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2949"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1675"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/quagga/0.99.17-4ubuntu1.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/quagga/0.99.15-1ubuntu0.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/quagga/0.99.18-2ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/quagga/0.99.17-1ubuntu0.2"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-1261-1"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46214/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46214"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/vim/ovum_2011_request/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46214/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2010-1674.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0255.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0255"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-1820.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1820"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#668534"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002370"
},
{
"db": "PACKETSTORM",
"id": "110033"
},
{
"db": "PACKETSTORM",
"id": "107001"
},
{
"db": "PACKETSTORM",
"id": "106488"
},
{
"db": "PACKETSTORM",
"id": "105571"
},
{
"db": "PACKETSTORM",
"id": "116468"
},
{
"db": "PACKETSTORM",
"id": "116469"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-585"
},
{
"db": "NVD",
"id": "CVE-2011-3325"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#668534"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002370"
},
{
"db": "PACKETSTORM",
"id": "110033"
},
{
"db": "PACKETSTORM",
"id": "107001"
},
{
"db": "PACKETSTORM",
"id": "106488"
},
{
"db": "PACKETSTORM",
"id": "105571"
},
{
"db": "PACKETSTORM",
"id": "116468"
},
{
"db": "PACKETSTORM",
"id": "116469"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-585"
},
{
"db": "NVD",
"id": "CVE-2011-3325"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-09-26T00:00:00",
"db": "CERT/CC",
"id": "VU#668534"
},
{
"date": "2011-10-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002370"
},
{
"date": "2012-02-22T02:10:03",
"db": "PACKETSTORM",
"id": "110033"
},
{
"date": "2011-11-15T15:35:22",
"db": "PACKETSTORM",
"id": "107001"
},
{
"date": "2011-11-01T04:06:08",
"db": "PACKETSTORM",
"id": "106488"
},
{
"date": "2011-10-05T23:00:08",
"db": "PACKETSTORM",
"id": "105571"
},
{
"date": "2012-09-12T23:06:05",
"db": "PACKETSTORM",
"id": "116468"
},
{
"date": "2012-09-12T23:06:22",
"db": "PACKETSTORM",
"id": "116469"
},
{
"date": "2011-09-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-585"
},
{
"date": "2011-10-10T10:55:06.503000",
"db": "NVD",
"id": "CVE-2011-3325"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-10-06T00:00:00",
"db": "CERT/CC",
"id": "VU#668534"
},
{
"date": "2012-11-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002370"
},
{
"date": "2011-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-585"
},
{
"date": "2023-11-07T02:08:29.093000",
"db": "NVD",
"id": "CVE-2011-3325"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "110033"
},
{
"db": "PACKETSTORM",
"id": "107001"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-585"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple Quagga remote component vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#668534"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201109-585"
}
],
"trust": 0.6
}
}
Vulnerability from fkie_nvd
Published
2011-03-29 18:55
Modified
2024-11-21 01:14
Severity ?
Summary
bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (session reset) via a malformed AS_PATHLIMIT path attribute.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| quagga | quagga | * | |
| quagga | quagga | 0.95 | |
| quagga | quagga | 0.96 | |
| quagga | quagga | 0.96.1 | |
| quagga | quagga | 0.96.2 | |
| quagga | quagga | 0.96.3 | |
| quagga | quagga | 0.96.4 | |
| quagga | quagga | 0.96.5 | |
| quagga | quagga | 0.97.0 | |
| quagga | quagga | 0.97.1 | |
| quagga | quagga | 0.97.2 | |
| quagga | quagga | 0.97.3 | |
| quagga | quagga | 0.97.4 | |
| quagga | quagga | 0.97.5 | |
| quagga | quagga | 0.98.0 | |
| quagga | quagga | 0.98.1 | |
| quagga | quagga | 0.98.2 | |
| quagga | quagga | 0.98.3 | |
| quagga | quagga | 0.98.4 | |
| quagga | quagga | 0.98.5 | |
| quagga | quagga | 0.98.6 | |
| quagga | quagga | 0.99.1 | |
| quagga | quagga | 0.99.2 | |
| quagga | quagga | 0.99.3 | |
| quagga | quagga | 0.99.4 | |
| quagga | quagga | 0.99.5 | |
| quagga | quagga | 0.99.6 | |
| quagga | quagga | 0.99.7 | |
| quagga | quagga | 0.99.8 | |
| quagga | quagga | 0.99.9 | |
| quagga | quagga | 0.99.10 | |
| quagga | quagga | 0.99.11 | |
| quagga | quagga | 0.99.12 | |
| quagga | quagga | 0.99.13 | |
| quagga | quagga | 0.99.14 | |
| quagga | quagga | 0.99.15 | |
| quagga | quagga | 0.99.16 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC571045-E383-4B76-B026-629CFDA1E93F",
"versionEndIncluding": "0.99.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "CD7A8AD5-A315-4242-960C-05E792B30547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96:*:*:*:*:*:*:*",
"matchCriteriaId": "6B83BCE2-24D0-4B5B-A034-62BFF1894AE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FDD63DD9-1809-4CEC-AB69-955A7B127CA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A2AD1AD-DDE2-477B-8EFD-767B6FD8EDBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.3:*:*:*:*:*:*:*",
"matchCriteriaId": "99BD881B-9B53-4E12-B083-87C9C87CDF62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F910313F-FFE1-470A-A9B6-8A854C73DC97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9B0A9232-968D-4D3E-82A0-F5CC858EAF48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD5F4CFB-BE1F-4424-8D2F-B921704E3AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55FF13-8E56-4A27-B7FD-A855735E1045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F7DDBC3B-99BB-4404-9A73-90ED6581D69A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB09A713-E91E-44E7-8B82-F70F655A97B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.4:*:*:*:*:*:*:*",
"matchCriteriaId": "10173750-690B-4576-AB3F-11A0861AA78B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0EF8693A-D561-4D2E-BD60-5630601C6A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BE43983A-73CB-41A5-889B-1AEA9A27F440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB589E9-85C0-4E87-856B-A2832383B129",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CF5EB8A-8E46-4490-BA88-03D4BED3EB84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C6445BEF-245C-47CE-9779-96C97CFD4DA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.4:*:*:*:*:*:*:*",
"matchCriteriaId": "48D007FD-C1AD-477E-9AA5-DDB4522D3248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D6ADB9F6-B519-45D0-966F-F095372FBB49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6E914BAF-2E3A-415E-BAA7-FA02B4A22E25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55FCB7EC-8060-434B-B485-0DC7DBFE117D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9524E069-2A80-4068-9945-2752EF2126EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9E1B30CC-478C-4BD1-AF4C-D126B8CCE8D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1D713119-F9C6-4656-92C9-A5B863A4B72F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1A5E99C8-3778-416B-915F-7335C72435B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.6:*:*:*:*:*:*:*",
"matchCriteriaId": "578DCE6D-3360-43DA-B22E-E0005A6AF388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D7B93B-0CF5-4CAF-B1F4-8A816A427BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDAF214-1851-4DFC-ACAA-37D8CD83D323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B41BBCA6-237B-4CB6-9208-571D47251E18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FD6CAB29-56F9-4C54-97D8-CBB338658EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C69C603A-34A1-4EF9-A332-6984928BF72C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E8814493-75B4-45DD-886B-054A1C27F870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E98DCCDE-2800-4FC5-BE49-3EC7583F9768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.14:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2C126C-075D-42F0-B9DD-95267D14C818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.15:*:*:*:*:*:*:*",
"matchCriteriaId": "62379505-A869-48AA-8A32-768583F12266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.16:*:*:*:*:*:*:*",
"matchCriteriaId": "737C92B8-185F-4049-A7F4-D9D4DA6DDFDC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (session reset) via a malformed AS_PATHLIMIT path attribute."
},
{
"lang": "es",
"value": "bgpd de Quagga en versiones anteriores a la 0.99.18 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (reinicio de la sesi\u00f3n) a tra\u00e9s de un atributo de ruta AS_PATHLIMIT mal formado."
}
],
"id": "CVE-2010-1675",
"lastModified": "2024-11-21T01:14:58.170",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-03-29T18:55:01.333",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43499"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43770"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/48106"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201202-02.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2011/dsa-2197"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:058"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/71258"
},
{
"source": "cve@mitre.org",
"url": "http://www.quagga.net/news2.php?y=2011\u0026m=3\u0026d=21#id1300723200"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/46943"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0711"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=654614"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43499"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/48106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201202-02.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/71258"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.quagga.net/news2.php?y=2011\u0026m=3\u0026d=21#id1300723200"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/46943"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0711"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=654614"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66212"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-22 23:59
Modified
2024-11-21 02:46
Severity ?
Summary
It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size; however, BUFSIZ is system-dependent.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| quagga | quagga | * | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B646D43D-A1C2-441B-90CE-2929F7BB072A",
"versionEndIncluding": "1.0.20160315",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size; however, BUFSIZ is system-dependent."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que el demonio zebra en Quagga en versiones anteriores a 1.0.20161017 sufri\u00f3 un desbordamiento de b\u00fafer basado en pila al procesar mensajes de Neighbor Discovery de IPv6. La causa ra\u00edz radicaba en BUFSIZ para ser compatible con un tama\u00f1o de mensaje; sin embargo, BUFSIZ depende del sistema."
}
],
"id": "CVE-2016-1245",
"lastModified": "2024-11-21T02:46:01.677",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-22T23:59:00.143",
"references": [
{
"source": "security@debian.org",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0794.html"
},
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Mitigation",
"Third Party Advisory"
],
"url": "http://www.gossamer-threads.com/lists/quagga/users/31952"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93775"
},
{
"source": "security@debian.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1386109"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Quagga/quagga/commit/cfb1fae25f8c092e0d17073eaf7bd428ce1cd546"
},
{
"source": "security@debian.org",
"url": "https://security.gentoo.org/glsa/201701-48"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2016/dsa-3695"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0794.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Mitigation",
"Third Party Advisory"
],
"url": "http://www.gossamer-threads.com/lists/quagga/users/31952"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93775"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1386109"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Quagga/quagga/commit/cfb1fae25f8c092e0d17073eaf7bd428ce1cd546"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201701-48"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2016/dsa-3695"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-06-13 15:55
Modified
2024-11-21 01:37
Severity ?
Summary
The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering (ORF) capability TLV in an OPEN message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| quagga | quagga | * | |
| quagga | quagga | 0.95 | |
| quagga | quagga | 0.96 | |
| quagga | quagga | 0.96.1 | |
| quagga | quagga | 0.96.2 | |
| quagga | quagga | 0.96.3 | |
| quagga | quagga | 0.96.4 | |
| quagga | quagga | 0.96.5 | |
| quagga | quagga | 0.97.0 | |
| quagga | quagga | 0.97.1 | |
| quagga | quagga | 0.97.2 | |
| quagga | quagga | 0.97.3 | |
| quagga | quagga | 0.97.4 | |
| quagga | quagga | 0.97.5 | |
| quagga | quagga | 0.98.0 | |
| quagga | quagga | 0.98.1 | |
| quagga | quagga | 0.98.2 | |
| quagga | quagga | 0.98.3 | |
| quagga | quagga | 0.98.4 | |
| quagga | quagga | 0.98.5 | |
| quagga | quagga | 0.98.6 | |
| quagga | quagga | 0.99.1 | |
| quagga | quagga | 0.99.2 | |
| quagga | quagga | 0.99.3 | |
| quagga | quagga | 0.99.4 | |
| quagga | quagga | 0.99.5 | |
| quagga | quagga | 0.99.6 | |
| quagga | quagga | 0.99.7 | |
| quagga | quagga | 0.99.8 | |
| quagga | quagga | 0.99.9 | |
| quagga | quagga | 0.99.10 | |
| quagga | quagga | 0.99.11 | |
| quagga | quagga | 0.99.12 | |
| quagga | quagga | 0.99.13 | |
| quagga | quagga | 0.99.14 | |
| quagga | quagga | 0.99.15 | |
| quagga | quagga | 0.99.16 | |
| quagga | quagga | 0.99.17 | |
| quagga | quagga | 0.99.18 | |
| quagga | quagga | 0.99.19 | |
| quagga | quagga | 0.99.20 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*",
"matchCriteriaId": "531EE994-CDC0-40E9-8B3C-1C11EC5CAB14",
"versionEndIncluding": "0.99.20.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "CD7A8AD5-A315-4242-960C-05E792B30547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96:*:*:*:*:*:*:*",
"matchCriteriaId": "6B83BCE2-24D0-4B5B-A034-62BFF1894AE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FDD63DD9-1809-4CEC-AB69-955A7B127CA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A2AD1AD-DDE2-477B-8EFD-767B6FD8EDBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.3:*:*:*:*:*:*:*",
"matchCriteriaId": "99BD881B-9B53-4E12-B083-87C9C87CDF62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F910313F-FFE1-470A-A9B6-8A854C73DC97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9B0A9232-968D-4D3E-82A0-F5CC858EAF48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD5F4CFB-BE1F-4424-8D2F-B921704E3AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55FF13-8E56-4A27-B7FD-A855735E1045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F7DDBC3B-99BB-4404-9A73-90ED6581D69A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB09A713-E91E-44E7-8B82-F70F655A97B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.4:*:*:*:*:*:*:*",
"matchCriteriaId": "10173750-690B-4576-AB3F-11A0861AA78B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0EF8693A-D561-4D2E-BD60-5630601C6A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BE43983A-73CB-41A5-889B-1AEA9A27F440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB589E9-85C0-4E87-856B-A2832383B129",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CF5EB8A-8E46-4490-BA88-03D4BED3EB84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C6445BEF-245C-47CE-9779-96C97CFD4DA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.4:*:*:*:*:*:*:*",
"matchCriteriaId": "48D007FD-C1AD-477E-9AA5-DDB4522D3248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D6ADB9F6-B519-45D0-966F-F095372FBB49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6E914BAF-2E3A-415E-BAA7-FA02B4A22E25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55FCB7EC-8060-434B-B485-0DC7DBFE117D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9524E069-2A80-4068-9945-2752EF2126EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9E1B30CC-478C-4BD1-AF4C-D126B8CCE8D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1D713119-F9C6-4656-92C9-A5B863A4B72F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1A5E99C8-3778-416B-915F-7335C72435B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.6:*:*:*:*:*:*:*",
"matchCriteriaId": "578DCE6D-3360-43DA-B22E-E0005A6AF388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D7B93B-0CF5-4CAF-B1F4-8A816A427BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDAF214-1851-4DFC-ACAA-37D8CD83D323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B41BBCA6-237B-4CB6-9208-571D47251E18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FD6CAB29-56F9-4C54-97D8-CBB338658EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C69C603A-34A1-4EF9-A332-6984928BF72C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E8814493-75B4-45DD-886B-054A1C27F870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E98DCCDE-2800-4FC5-BE49-3EC7583F9768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.14:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2C126C-075D-42F0-B9DD-95267D14C818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.15:*:*:*:*:*:*:*",
"matchCriteriaId": "62379505-A869-48AA-8A32-768583F12266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.16:*:*:*:*:*:*:*",
"matchCriteriaId": "737C92B8-185F-4049-A7F4-D9D4DA6DDFDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.17:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF1EAD6-1BAF-4D5E-BEB1-BC433041482D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.18:*:*:*:*:*:*:*",
"matchCriteriaId": "B344123D-1D1D-41B0-BEF5-D3A5A4995B79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.19:*:*:*:*:*:*:*",
"matchCriteriaId": "809D464E-8F60-44E3-8BEB-97760500B508",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.20:*:*:*:*:*:*:*",
"matchCriteriaId": "01FB6EAC-E9B7-49C6-9F78-10E2EA1BB8F6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering (ORF) capability TLV in an OPEN message."
},
{
"lang": "es",
"value": "La funci\u00f3n bgp_capability_orf de bgpd de Quagga 0.99.20.1 y anteriores permite a atacantes remotos provocar una denegaci\u00f3n de servicio (fallo de aserci\u00f3n y finalizaci\u00f3n del demonio) bas\u00e1ndose en una relaci\u00f3n \"BGP peering\" y enviando informaci\u00f3n mal formada de \"Outbound Route Filtering (ORF) capability TLV\" en un mensaje OPEN."
}
],
"id": "CVE-2012-1820",
"lastModified": "2024-11-21T01:37:50.650",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-06-13T15:55:01.057",
"references": [
{
"source": "cret@cert.org",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1259.html"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/50941"
},
{
"source": "cret@cert.org",
"url": "http://www.debian.org/security/2012/dsa-2497"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/962587"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/53775"
},
{
"source": "cret@cert.org",
"url": "http://www.ubuntu.com/usn/USN-1605-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1259.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50941"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2497"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/962587"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53775"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1605-1"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-10-10 10:55
Modified
2024-11-21 01:30
Severity ?
Summary
The ospf6_lsa_is_changed function in ospf6_lsa.c in the OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via trailing zero values in the Link State Advertisement (LSA) header list of an IPv6 Database Description message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| quagga | quagga | * | |
| quagga | quagga | 0.95 | |
| quagga | quagga | 0.96 | |
| quagga | quagga | 0.96.1 | |
| quagga | quagga | 0.96.2 | |
| quagga | quagga | 0.96.3 | |
| quagga | quagga | 0.96.4 | |
| quagga | quagga | 0.96.5 | |
| quagga | quagga | 0.97.0 | |
| quagga | quagga | 0.97.1 | |
| quagga | quagga | 0.97.2 | |
| quagga | quagga | 0.97.3 | |
| quagga | quagga | 0.97.4 | |
| quagga | quagga | 0.97.5 | |
| quagga | quagga | 0.98.0 | |
| quagga | quagga | 0.98.1 | |
| quagga | quagga | 0.98.2 | |
| quagga | quagga | 0.98.3 | |
| quagga | quagga | 0.98.4 | |
| quagga | quagga | 0.98.5 | |
| quagga | quagga | 0.98.6 | |
| quagga | quagga | 0.99.1 | |
| quagga | quagga | 0.99.2 | |
| quagga | quagga | 0.99.3 | |
| quagga | quagga | 0.99.4 | |
| quagga | quagga | 0.99.5 | |
| quagga | quagga | 0.99.6 | |
| quagga | quagga | 0.99.7 | |
| quagga | quagga | 0.99.8 | |
| quagga | quagga | 0.99.9 | |
| quagga | quagga | 0.99.10 | |
| quagga | quagga | 0.99.11 | |
| quagga | quagga | 0.99.12 | |
| quagga | quagga | 0.99.13 | |
| quagga | quagga | 0.99.14 | |
| quagga | quagga | 0.99.15 | |
| quagga | quagga | 0.99.16 | |
| quagga | quagga | 0.99.17 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDFDF175-4863-4A33-88CA-3539A3D2B936",
"versionEndIncluding": "0.99.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "CD7A8AD5-A315-4242-960C-05E792B30547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96:*:*:*:*:*:*:*",
"matchCriteriaId": "6B83BCE2-24D0-4B5B-A034-62BFF1894AE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FDD63DD9-1809-4CEC-AB69-955A7B127CA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A2AD1AD-DDE2-477B-8EFD-767B6FD8EDBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.3:*:*:*:*:*:*:*",
"matchCriteriaId": "99BD881B-9B53-4E12-B083-87C9C87CDF62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F910313F-FFE1-470A-A9B6-8A854C73DC97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9B0A9232-968D-4D3E-82A0-F5CC858EAF48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD5F4CFB-BE1F-4424-8D2F-B921704E3AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55FF13-8E56-4A27-B7FD-A855735E1045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F7DDBC3B-99BB-4404-9A73-90ED6581D69A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB09A713-E91E-44E7-8B82-F70F655A97B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.4:*:*:*:*:*:*:*",
"matchCriteriaId": "10173750-690B-4576-AB3F-11A0861AA78B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0EF8693A-D561-4D2E-BD60-5630601C6A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BE43983A-73CB-41A5-889B-1AEA9A27F440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB589E9-85C0-4E87-856B-A2832383B129",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CF5EB8A-8E46-4490-BA88-03D4BED3EB84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C6445BEF-245C-47CE-9779-96C97CFD4DA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.4:*:*:*:*:*:*:*",
"matchCriteriaId": "48D007FD-C1AD-477E-9AA5-DDB4522D3248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D6ADB9F6-B519-45D0-966F-F095372FBB49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6E914BAF-2E3A-415E-BAA7-FA02B4A22E25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55FCB7EC-8060-434B-B485-0DC7DBFE117D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9524E069-2A80-4068-9945-2752EF2126EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9E1B30CC-478C-4BD1-AF4C-D126B8CCE8D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1D713119-F9C6-4656-92C9-A5B863A4B72F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1A5E99C8-3778-416B-915F-7335C72435B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.6:*:*:*:*:*:*:*",
"matchCriteriaId": "578DCE6D-3360-43DA-B22E-E0005A6AF388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D7B93B-0CF5-4CAF-B1F4-8A816A427BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDAF214-1851-4DFC-ACAA-37D8CD83D323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B41BBCA6-237B-4CB6-9208-571D47251E18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FD6CAB29-56F9-4C54-97D8-CBB338658EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C69C603A-34A1-4EF9-A332-6984928BF72C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E8814493-75B4-45DD-886B-054A1C27F870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E98DCCDE-2800-4FC5-BE49-3EC7583F9768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.14:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2C126C-075D-42F0-B9DD-95267D14C818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.15:*:*:*:*:*:*:*",
"matchCriteriaId": "62379505-A869-48AA-8A32-768583F12266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.16:*:*:*:*:*:*:*",
"matchCriteriaId": "737C92B8-185F-4049-A7F4-D9D4DA6DDFDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.17:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF1EAD6-1BAF-4D5E-BEB1-BC433041482D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ospf6_lsa_is_changed function in ospf6_lsa.c in the OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via trailing zero values in the Link State Advertisement (LSA) header list of an IPv6 Database Description message."
},
{
"lang": "es",
"value": "La funci\u00f3n ospf6_lsa_is_changed en ospf6_lsa.c en la ejecuci\u00f3n de OSPFv3 en ospf6d en Quagga anteriores a v0.99.19 permite a atacantes remotos causar una denegaci\u00f3n de servicio (error de aserci\u00f3n y ca\u00edda del demonio) a trav\u00e9s de la inclusi\u00f3n de valores cero en la cabecera de la lista del Link State Advertisement (LSA) de una descripci\u00f3n de mensaje de base de datos."
}
],
"id": "CVE-2011-3324",
"lastModified": "2024-11-21T01:30:15.977",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-10-10T10:55:06.410",
"references": [
{
"source": "cret@cert.org",
"url": "http://code.quagga.net/?p=quagga.git%3Ba=commit%3Bh=09395e2a0e93b2cf4258cb1de91887948796bb68"
},
{
"source": "cret@cert.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00027.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00007.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00010.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html"
},
{
"source": "cret@cert.org",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1258.html"
},
{
"source": "cret@cert.org",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1259.html"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46139"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/46274"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/48106"
},
{
"source": "cret@cert.org",
"url": "http://security.gentoo.org/glsa/glsa-201202-02.xml"
},
{
"source": "cret@cert.org",
"url": "http://www.debian.org/security/2011/dsa-2316"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/668534"
},
{
"source": "cret@cert.org",
"url": "http://www.quagga.net/download/quagga-0.99.19.changelog.txt"
},
{
"source": "cret@cert.org",
"url": "https://www.cert.fi/en/reports/2011/vulnerability539178.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.quagga.net/?p=quagga.git%3Ba=commit%3Bh=09395e2a0e93b2cf4258cb1de91887948796bb68"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1258.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1259.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/46274"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/48106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201202-02.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/668534"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.quagga.net/download/quagga-0.99.19.changelog.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.cert.fi/en/reports/2011/vulnerability539178.html"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-10-24 03:48
Modified
2024-11-21 01:51
Severity ?
Summary
Stack-based buffer overflow in the new_msg_lsa_change_notify function in the OSPFD API (ospf_api.c) in Quagga before 0.99.22.2, when --enable-opaque-lsa and the -a command line option are used, allows remote attackers to cause a denial of service (crash) via a large LSA.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D59677D2-23AB-4348-9771-CED9095AE5FB",
"versionEndIncluding": "0.99.22.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.22:*:*:*:*:*:*:*",
"matchCriteriaId": "464BF83D-2843-40CC-86FE-AC5ED6FC62E6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the new_msg_lsa_change_notify function in the OSPFD API (ospf_api.c) in Quagga before 0.99.22.2, when --enable-opaque-lsa and the -a command line option are used, allows remote attackers to cause a denial of service (crash) via a large LSA."
},
{
"lang": "es",
"value": "Desbordamiento de pila en la funci\u00f3n new_msg_lsa_change_notify en OSPFD API (ospf_api.c) anterior a 0.99.222, cuando las opciones de l\u00ednea de comandos --enable-opaque-lsa y -a son utilizadas, permite a atacantes rmeotos causar una denegaci\u00f3n de servicio (crash) a trav\u00e9s de un LSA grande."
}
],
"id": "CVE-2013-2236",
"lastModified": "2024-11-21T01:51:18.240",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-10-24T03:48:46.457",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://git.savannah.gnu.org/gitweb/?p=quagga.git%3Ba=commitdiff%3Bh=3f872fe60463a931c5c766dbf8c36870c0023e88"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.quagga.net/pipermail/quagga-dev/2013-July/010622.html"
},
{
"source": "secalert@redhat.com",
"url": "http://nongnu.mirrors.hostinginnederland.nl//quagga/quagga-0.99.22.3.changelog.txt"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0794.html"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/oss-sec/2013/q3/24"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2013/dsa-2803"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/60955"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2941-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.savannah.gnu.org/gitweb/?p=quagga.git%3Ba=commitdiff%3Bh=3f872fe60463a931c5c766dbf8c36870c0023e88"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.quagga.net/pipermail/quagga-dev/2013-July/010622.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://nongnu.mirrors.hostinginnederland.nl//quagga/quagga-0.99.22.3.changelog.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0794.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2013/q3/24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2803"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/60955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2941-1"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-05-23 19:59
Modified
2024-11-21 02:51
Severity ?
Summary
The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to cause a denial of service (assertion failure and daemon crash) via a large BGP packet.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quagga:quagga:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C94C24FF-068A-4944-863B-9E936DD6DE32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to cause a denial of service (assertion failure and daemon crash) via a large BGP packet."
},
{
"lang": "es",
"value": "La funci\u00f3n bgp_dump_routes_func en bgpd/bgp_dump.c en Quagga no lleva a cabo comprobaciones de tama\u00f1o cuando hay datos de env\u00edo, lo que podr\u00eda permitir a atacantes remotos provocar una denegaci\u00f3n de servicio (fallo de aserci\u00f3n y ca\u00edda de demonio) a trav\u00e9s de un paquete grande BGP."
}
],
"id": "CVE-2016-4049",
"lastModified": "2024-11-21T02:51:14.260",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-05-23T19:59:07.947",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00062.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0794.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2016/dsa-3654"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2016/04/27/7"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/88561"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1035699"
},
{
"source": "cve@mitre.org",
"url": "https://lists.quagga.net/pipermail/quagga-dev/2016-February/014743.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.quagga.net/pipermail/quagga-dev/2016-January/014699.html"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201701-48"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00062.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0794.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3654"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2016/04/27/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/88561"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035699"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.quagga.net/pipermail/quagga-dev/2016-February/014743.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.quagga.net/pipermail/quagga-dev/2016-January/014699.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201701-48"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-25 14:15
Modified
2024-11-21 01:44
Severity ?
Summary
quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon performs routes removal
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| quagga | quagga | 0.99.21 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| redhat | enterprise_linux | 5.0 | |
| redhat | enterprise_linux | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.21:*:*:*:*:*:*:*",
"matchCriteriaId": "4739E6D9-4F17-4CDA-8320-9832D65D94A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon performs routes removal"
},
{
"lang": "es",
"value": "quagga (ospf6d) versi\u00f3n 0.99.21, presenta un fallo de tipo DoS en la manera en que el demonio ospf6d realiza la eliminaci\u00f3n de rutas."
}
],
"id": "CVE-2012-5521",
"lastModified": "2024-11-21T01:44:48.940",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-25T14:15:11.147",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/13/14"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/56530"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2012-5521"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5521"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-5521"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80096"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-5521"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/13/14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/56530"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2012-5521"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5521"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-5521"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80096"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-5521"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-617"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-09-10 19:00
Modified
2024-11-21 01:17
Severity ?
Summary
Stack-based buffer overflow in the bgp_route_refresh_receive function in bgp_packet.c in bgpd in Quagga before 0.99.17 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a malformed Outbound Route Filtering (ORF) record in a BGP ROUTE-REFRESH (RR) message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| quagga | quagga | * | |
| quagga | quagga | 0.95 | |
| quagga | quagga | 0.96 | |
| quagga | quagga | 0.96.1 | |
| quagga | quagga | 0.96.2 | |
| quagga | quagga | 0.96.3 | |
| quagga | quagga | 0.96.4 | |
| quagga | quagga | 0.96.5 | |
| quagga | quagga | 0.97.0 | |
| quagga | quagga | 0.97.1 | |
| quagga | quagga | 0.97.2 | |
| quagga | quagga | 0.97.3 | |
| quagga | quagga | 0.97.4 | |
| quagga | quagga | 0.97.5 | |
| quagga | quagga | 0.98.0 | |
| quagga | quagga | 0.98.1 | |
| quagga | quagga | 0.98.2 | |
| quagga | quagga | 0.98.3 | |
| quagga | quagga | 0.98.4 | |
| quagga | quagga | 0.98.5 | |
| quagga | quagga | 0.98.6 | |
| quagga | quagga | 0.99.1 | |
| quagga | quagga | 0.99.2 | |
| quagga | quagga | 0.99.3 | |
| quagga | quagga | 0.99.4 | |
| quagga | quagga | 0.99.5 | |
| quagga | quagga | 0.99.6 | |
| quagga | quagga | 0.99.7 | |
| quagga | quagga | 0.99.8 | |
| quagga | quagga | 0.99.9 | |
| quagga | quagga | 0.99.10 | |
| quagga | quagga | 0.99.11 | |
| quagga | quagga | 0.99.12 | |
| quagga | quagga | 0.99.13 | |
| quagga | quagga | 0.99.14 | |
| quagga | quagga | 0.99.15 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C10E443E-A9B8-4E33-B17A-FD6172C98023",
"versionEndIncluding": "0.99.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "CD7A8AD5-A315-4242-960C-05E792B30547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96:*:*:*:*:*:*:*",
"matchCriteriaId": "6B83BCE2-24D0-4B5B-A034-62BFF1894AE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FDD63DD9-1809-4CEC-AB69-955A7B127CA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A2AD1AD-DDE2-477B-8EFD-767B6FD8EDBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.3:*:*:*:*:*:*:*",
"matchCriteriaId": "99BD881B-9B53-4E12-B083-87C9C87CDF62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F910313F-FFE1-470A-A9B6-8A854C73DC97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9B0A9232-968D-4D3E-82A0-F5CC858EAF48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD5F4CFB-BE1F-4424-8D2F-B921704E3AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55FF13-8E56-4A27-B7FD-A855735E1045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F7DDBC3B-99BB-4404-9A73-90ED6581D69A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB09A713-E91E-44E7-8B82-F70F655A97B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.4:*:*:*:*:*:*:*",
"matchCriteriaId": "10173750-690B-4576-AB3F-11A0861AA78B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0EF8693A-D561-4D2E-BD60-5630601C6A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BE43983A-73CB-41A5-889B-1AEA9A27F440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB589E9-85C0-4E87-856B-A2832383B129",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CF5EB8A-8E46-4490-BA88-03D4BED3EB84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C6445BEF-245C-47CE-9779-96C97CFD4DA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.4:*:*:*:*:*:*:*",
"matchCriteriaId": "48D007FD-C1AD-477E-9AA5-DDB4522D3248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D6ADB9F6-B519-45D0-966F-F095372FBB49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6E914BAF-2E3A-415E-BAA7-FA02B4A22E25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55FCB7EC-8060-434B-B485-0DC7DBFE117D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9524E069-2A80-4068-9945-2752EF2126EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9E1B30CC-478C-4BD1-AF4C-D126B8CCE8D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1D713119-F9C6-4656-92C9-A5B863A4B72F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1A5E99C8-3778-416B-915F-7335C72435B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.6:*:*:*:*:*:*:*",
"matchCriteriaId": "578DCE6D-3360-43DA-B22E-E0005A6AF388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D7B93B-0CF5-4CAF-B1F4-8A816A427BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDAF214-1851-4DFC-ACAA-37D8CD83D323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B41BBCA6-237B-4CB6-9208-571D47251E18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FD6CAB29-56F9-4C54-97D8-CBB338658EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C69C603A-34A1-4EF9-A332-6984928BF72C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E8814493-75B4-45DD-886B-054A1C27F870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E98DCCDE-2800-4FC5-BE49-3EC7583F9768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.14:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2C126C-075D-42F0-B9DD-95267D14C818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.15:*:*:*:*:*:*:*",
"matchCriteriaId": "62379505-A869-48AA-8A32-768583F12266",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the bgp_route_refresh_receive function in bgp_packet.c in bgpd in Quagga before 0.99.17 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a malformed Outbound Route Filtering (ORF) record in a BGP ROUTE-REFRESH (RR) message."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n bgp_route_refresh_receive en bgp_packet.c en bgpd en Quagga anterior a v0.99.17, permite a usuarios remotos autenticados provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) o posiblemente ejecutar c\u00f3digo a trav\u00e9s de un registro Outbound Route Filtering (ORF) formado de forma err\u00f3nea en un mensaje BGP ROUTE-REFRESH (RR)."
}
],
"id": "CVE-2010-2948",
"lastModified": "2024-11-21T01:17:42.910",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-09-10T19:00:02.533",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://code.quagga.net/?p=quagga.git%3Ba=commit%3Bh=d64379e8f3c0636df53ed08d5b2f1946cfedd0e3"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41038"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41238"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/42397"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42446"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42498"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/48106"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-201202-02.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2010/dsa-2104"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:174"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2010/08/24/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2010/08/25/4"
},
{
"source": "secalert@redhat.com",
"url": "http://www.quagga.net/news2.php?y=2010\u0026m=8\u0026d=19"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0785.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0945.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/42635"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1027-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2304"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2010/3097"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/3124"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=626783"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.quagga.net/?p=quagga.git%3Ba=commit%3Bh=d64379e8f3c0636df53ed08d5b2f1946cfedd0e3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41038"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41238"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/42397"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42446"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42498"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/48106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201202-02.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2010/dsa-2104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/08/24/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/08/25/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.quagga.net/news2.php?y=2010\u0026m=8\u0026d=19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0785.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0945.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/42635"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1027-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2304"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/3097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/3124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=626783"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-04-05 13:25
Modified
2024-11-21 01:34
Severity ?
Summary
The BGP implementation in bgpd in Quagga before 0.99.20.1 does not properly use message buffers for OPEN messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a message associated with a malformed Four-octet AS Number Capability (aka AS4 capability).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| quagga | quagga | * | |
| quagga | quagga | 0.95 | |
| quagga | quagga | 0.96 | |
| quagga | quagga | 0.96.1 | |
| quagga | quagga | 0.96.2 | |
| quagga | quagga | 0.96.3 | |
| quagga | quagga | 0.96.4 | |
| quagga | quagga | 0.96.5 | |
| quagga | quagga | 0.97.0 | |
| quagga | quagga | 0.97.1 | |
| quagga | quagga | 0.97.2 | |
| quagga | quagga | 0.97.3 | |
| quagga | quagga | 0.97.4 | |
| quagga | quagga | 0.97.5 | |
| quagga | quagga | 0.98.0 | |
| quagga | quagga | 0.98.1 | |
| quagga | quagga | 0.98.2 | |
| quagga | quagga | 0.98.3 | |
| quagga | quagga | 0.98.4 | |
| quagga | quagga | 0.98.5 | |
| quagga | quagga | 0.98.6 | |
| quagga | quagga | 0.99.1 | |
| quagga | quagga | 0.99.2 | |
| quagga | quagga | 0.99.3 | |
| quagga | quagga | 0.99.4 | |
| quagga | quagga | 0.99.5 | |
| quagga | quagga | 0.99.6 | |
| quagga | quagga | 0.99.7 | |
| quagga | quagga | 0.99.8 | |
| quagga | quagga | 0.99.9 | |
| quagga | quagga | 0.99.10 | |
| quagga | quagga | 0.99.11 | |
| quagga | quagga | 0.99.12 | |
| quagga | quagga | 0.99.13 | |
| quagga | quagga | 0.99.14 | |
| quagga | quagga | 0.99.15 | |
| quagga | quagga | 0.99.16 | |
| quagga | quagga | 0.99.17 | |
| quagga | quagga | 0.99.18 | |
| quagga | quagga | 0.99.19 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5654C0F-5D45-410A-91FA-96C6AE22280E",
"versionEndIncluding": "0.99.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "CD7A8AD5-A315-4242-960C-05E792B30547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96:*:*:*:*:*:*:*",
"matchCriteriaId": "6B83BCE2-24D0-4B5B-A034-62BFF1894AE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FDD63DD9-1809-4CEC-AB69-955A7B127CA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A2AD1AD-DDE2-477B-8EFD-767B6FD8EDBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.3:*:*:*:*:*:*:*",
"matchCriteriaId": "99BD881B-9B53-4E12-B083-87C9C87CDF62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F910313F-FFE1-470A-A9B6-8A854C73DC97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9B0A9232-968D-4D3E-82A0-F5CC858EAF48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD5F4CFB-BE1F-4424-8D2F-B921704E3AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55FF13-8E56-4A27-B7FD-A855735E1045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F7DDBC3B-99BB-4404-9A73-90ED6581D69A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB09A713-E91E-44E7-8B82-F70F655A97B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.4:*:*:*:*:*:*:*",
"matchCriteriaId": "10173750-690B-4576-AB3F-11A0861AA78B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0EF8693A-D561-4D2E-BD60-5630601C6A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BE43983A-73CB-41A5-889B-1AEA9A27F440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB589E9-85C0-4E87-856B-A2832383B129",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CF5EB8A-8E46-4490-BA88-03D4BED3EB84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C6445BEF-245C-47CE-9779-96C97CFD4DA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.4:*:*:*:*:*:*:*",
"matchCriteriaId": "48D007FD-C1AD-477E-9AA5-DDB4522D3248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D6ADB9F6-B519-45D0-966F-F095372FBB49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6E914BAF-2E3A-415E-BAA7-FA02B4A22E25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55FCB7EC-8060-434B-B485-0DC7DBFE117D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9524E069-2A80-4068-9945-2752EF2126EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9E1B30CC-478C-4BD1-AF4C-D126B8CCE8D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1D713119-F9C6-4656-92C9-A5B863A4B72F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1A5E99C8-3778-416B-915F-7335C72435B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.6:*:*:*:*:*:*:*",
"matchCriteriaId": "578DCE6D-3360-43DA-B22E-E0005A6AF388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D7B93B-0CF5-4CAF-B1F4-8A816A427BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDAF214-1851-4DFC-ACAA-37D8CD83D323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B41BBCA6-237B-4CB6-9208-571D47251E18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FD6CAB29-56F9-4C54-97D8-CBB338658EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C69C603A-34A1-4EF9-A332-6984928BF72C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E8814493-75B4-45DD-886B-054A1C27F870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E98DCCDE-2800-4FC5-BE49-3EC7583F9768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.14:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2C126C-075D-42F0-B9DD-95267D14C818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.15:*:*:*:*:*:*:*",
"matchCriteriaId": "62379505-A869-48AA-8A32-768583F12266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.16:*:*:*:*:*:*:*",
"matchCriteriaId": "737C92B8-185F-4049-A7F4-D9D4DA6DDFDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.17:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF1EAD6-1BAF-4D5E-BEB1-BC433041482D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.18:*:*:*:*:*:*:*",
"matchCriteriaId": "B344123D-1D1D-41B0-BEF5-D3A5A4995B79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.19:*:*:*:*:*:*:*",
"matchCriteriaId": "809D464E-8F60-44E3-8BEB-97760500B508",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The BGP implementation in bgpd in Quagga before 0.99.20.1 does not properly use message buffers for OPEN messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a message associated with a malformed Four-octet AS Number Capability (aka AS4 capability)."
},
{
"lang": "es",
"value": "La implementaci\u00f3n de BGP en bgpd en Quagga antes v0.99.20.1 no utiliza adecuadamente los b\u00faferes de mensajes para los mensajes marcados como OPEN, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (error de aserci\u00f3n y salida del demonio) a trav\u00e9s de un mensaje asociado con un ASN de cuatro octetos mal formado(tambi\u00e9n conocido como funcionalidad AS4)."
}
],
"id": "CVE-2012-0255",
"lastModified": "2024-11-21T01:34:40.200",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-04-05T13:25:30.617",
"references": [
{
"source": "cret@cert.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078794.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078910.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078926.html"
},
{
"source": "cret@cert.org",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1259.html"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/48949"
},
{
"source": "cret@cert.org",
"url": "http://www.debian.org/security/2012/dsa-2459"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/551715"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078794.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078910.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078926.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1259.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/48949"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2459"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/551715"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-10-10 10:55
Modified
2024-11-21 01:30
Severity ?
Summary
The ospf_flood function in ospf_flood.c in ospfd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) via an invalid Link State Advertisement (LSA) type in an IPv4 Link State Update message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| quagga | quagga | * | |
| quagga | quagga | 0.95 | |
| quagga | quagga | 0.96 | |
| quagga | quagga | 0.96.1 | |
| quagga | quagga | 0.96.2 | |
| quagga | quagga | 0.96.3 | |
| quagga | quagga | 0.96.4 | |
| quagga | quagga | 0.96.5 | |
| quagga | quagga | 0.97.0 | |
| quagga | quagga | 0.97.1 | |
| quagga | quagga | 0.97.2 | |
| quagga | quagga | 0.97.3 | |
| quagga | quagga | 0.97.4 | |
| quagga | quagga | 0.97.5 | |
| quagga | quagga | 0.98.0 | |
| quagga | quagga | 0.98.1 | |
| quagga | quagga | 0.98.2 | |
| quagga | quagga | 0.98.3 | |
| quagga | quagga | 0.98.4 | |
| quagga | quagga | 0.98.5 | |
| quagga | quagga | 0.98.6 | |
| quagga | quagga | 0.99.1 | |
| quagga | quagga | 0.99.2 | |
| quagga | quagga | 0.99.3 | |
| quagga | quagga | 0.99.4 | |
| quagga | quagga | 0.99.5 | |
| quagga | quagga | 0.99.6 | |
| quagga | quagga | 0.99.7 | |
| quagga | quagga | 0.99.8 | |
| quagga | quagga | 0.99.9 | |
| quagga | quagga | 0.99.10 | |
| quagga | quagga | 0.99.11 | |
| quagga | quagga | 0.99.12 | |
| quagga | quagga | 0.99.13 | |
| quagga | quagga | 0.99.14 | |
| quagga | quagga | 0.99.15 | |
| quagga | quagga | 0.99.16 | |
| quagga | quagga | 0.99.17 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDFDF175-4863-4A33-88CA-3539A3D2B936",
"versionEndIncluding": "0.99.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "CD7A8AD5-A315-4242-960C-05E792B30547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96:*:*:*:*:*:*:*",
"matchCriteriaId": "6B83BCE2-24D0-4B5B-A034-62BFF1894AE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FDD63DD9-1809-4CEC-AB69-955A7B127CA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A2AD1AD-DDE2-477B-8EFD-767B6FD8EDBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.3:*:*:*:*:*:*:*",
"matchCriteriaId": "99BD881B-9B53-4E12-B083-87C9C87CDF62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F910313F-FFE1-470A-A9B6-8A854C73DC97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9B0A9232-968D-4D3E-82A0-F5CC858EAF48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD5F4CFB-BE1F-4424-8D2F-B921704E3AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55FF13-8E56-4A27-B7FD-A855735E1045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F7DDBC3B-99BB-4404-9A73-90ED6581D69A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB09A713-E91E-44E7-8B82-F70F655A97B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.4:*:*:*:*:*:*:*",
"matchCriteriaId": "10173750-690B-4576-AB3F-11A0861AA78B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0EF8693A-D561-4D2E-BD60-5630601C6A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BE43983A-73CB-41A5-889B-1AEA9A27F440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB589E9-85C0-4E87-856B-A2832383B129",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CF5EB8A-8E46-4490-BA88-03D4BED3EB84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C6445BEF-245C-47CE-9779-96C97CFD4DA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.4:*:*:*:*:*:*:*",
"matchCriteriaId": "48D007FD-C1AD-477E-9AA5-DDB4522D3248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D6ADB9F6-B519-45D0-966F-F095372FBB49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6E914BAF-2E3A-415E-BAA7-FA02B4A22E25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55FCB7EC-8060-434B-B485-0DC7DBFE117D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9524E069-2A80-4068-9945-2752EF2126EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9E1B30CC-478C-4BD1-AF4C-D126B8CCE8D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1D713119-F9C6-4656-92C9-A5B863A4B72F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1A5E99C8-3778-416B-915F-7335C72435B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.6:*:*:*:*:*:*:*",
"matchCriteriaId": "578DCE6D-3360-43DA-B22E-E0005A6AF388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D7B93B-0CF5-4CAF-B1F4-8A816A427BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDAF214-1851-4DFC-ACAA-37D8CD83D323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B41BBCA6-237B-4CB6-9208-571D47251E18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FD6CAB29-56F9-4C54-97D8-CBB338658EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C69C603A-34A1-4EF9-A332-6984928BF72C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E8814493-75B4-45DD-886B-054A1C27F870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E98DCCDE-2800-4FC5-BE49-3EC7583F9768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.14:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2C126C-075D-42F0-B9DD-95267D14C818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.15:*:*:*:*:*:*:*",
"matchCriteriaId": "62379505-A869-48AA-8A32-768583F12266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.16:*:*:*:*:*:*:*",
"matchCriteriaId": "737C92B8-185F-4049-A7F4-D9D4DA6DDFDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.17:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF1EAD6-1BAF-4D5E-BEB1-BC433041482D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ospf_flood function in ospf_flood.c in ospfd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) via an invalid Link State Advertisement (LSA) type in an IPv4 Link State Update message."
},
{
"lang": "es",
"value": "La funci\u00f3n ospf_flood en ospf_flood.c en ospfd en Quagga anterior a v0.99.19 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de un Link State Advertisement (LSA) inv\u00e1lido en un mensaje IPv4 Link State Update."
}
],
"id": "CVE-2011-3326",
"lastModified": "2024-11-21T01:30:16.313",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-10-10T10:55:06.613",
"references": [
{
"source": "cret@cert.org",
"url": "http://code.quagga.net/?p=quagga.git%3Ba=commit%3Bh=6b161fc12a15aba8824c84d1eb38e529aaf70769"
},
{
"source": "cret@cert.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00027.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00007.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00010.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html"
},
{
"source": "cret@cert.org",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1258.html"
},
{
"source": "cret@cert.org",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1259.html"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46139"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/46274"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/48106"
},
{
"source": "cret@cert.org",
"url": "http://security.gentoo.org/glsa/glsa-201202-02.xml"
},
{
"source": "cret@cert.org",
"url": "http://www.debian.org/security/2011/dsa-2316"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/668534"
},
{
"source": "cret@cert.org",
"url": "http://www.quagga.net/download/quagga-0.99.19.changelog.txt"
},
{
"source": "cret@cert.org",
"url": "https://www.cert.fi/en/reports/2011/vulnerability539178.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.quagga.net/?p=quagga.git%3Ba=commit%3Bh=6b161fc12a15aba8824c84d1eb38e529aaf70769"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1258.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1259.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/46274"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/48106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201202-02.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/668534"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.quagga.net/download/quagga-0.99.19.changelog.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.cert.fi/en/reports/2011/vulnerability539178.html"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-19 19:15
Modified
2024-11-21 06:30
Severity ?
Summary
An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users (with control of the non-root-owned directory /etc/quagga) to escalate their privileges to root upon package installation or update.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.suse.com/show_bug.cgi?id=1191890 | Exploit, Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://github.com/Quagga/quagga/releases | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.suse.com/show_bug.cgi?id=1191890 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Quagga/quagga/releases | Release Notes, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*",
"matchCriteriaId": "598989B0-C6AA-417D-A378-D3A0353E7CB8",
"versionEndIncluding": "1.2.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users (with control of the non-root-owned directory /etc/quagga) to escalate their privileges to root upon package installation or update."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Quagga versiones hasta 1.2.4. Unas operaciones no seguras de chown/chmod en el archivo de especificaciones sugerido permiten a usuarios (con control del directorio /etc/quagga, que no es propiedad de root) escalar sus privilegios a root al instalar o actualizar el paquete"
}
],
"id": "CVE-2021-44038",
"lastModified": "2024-11-21T06:30:16.333",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-19T19:15:09.287",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1191890"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/Quagga/quagga/releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1191890"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/Quagga/quagga/releases"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-05-06 17:30
Modified
2024-11-21 01:02
Severity ?
Summary
The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote attackers to cause a denial of service (crash) via an AS path containing ASN elements whose string representation is longer than expected, which triggers an assert error.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| quagga | quagga | * | |
| quagga | quagga | 0.95 | |
| quagga | quagga | 0.96 | |
| quagga | quagga | 0.96.1 | |
| quagga | quagga | 0.96.2 | |
| quagga | quagga | 0.96.3 | |
| quagga | quagga | 0.96.4 | |
| quagga | quagga | 0.96.5 | |
| quagga | quagga | 0.97.0 | |
| quagga | quagga | 0.97.1 | |
| quagga | quagga | 0.97.2 | |
| quagga | quagga | 0.97.3 | |
| quagga | quagga | 0.97.4 | |
| quagga | quagga | 0.97.5 | |
| quagga | quagga | 0.98.0 | |
| quagga | quagga | 0.98.1 | |
| quagga | quagga | 0.98.2 | |
| quagga | quagga | 0.98.3 | |
| quagga | quagga | 0.98.4 | |
| quagga | quagga | 0.98.5 | |
| quagga | quagga | 0.98.6 | |
| quagga | quagga | 0.99.1 | |
| quagga | quagga | 0.99.2 | |
| quagga | quagga | 0.99.3 | |
| quagga | quagga | 0.99.4 | |
| quagga | quagga | 0.99.5 | |
| quagga | quagga | 0.99.6 | |
| quagga | quagga | 0.99.7 | |
| quagga | quagga | 0.99.8 | |
| quagga | quagga | 0.99.9 | |
| quagga | quagga | 0.99.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0ADB352-4A60-4B8E-A231-7498E0EE1A0B",
"versionEndIncluding": "0.99.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "CD7A8AD5-A315-4242-960C-05E792B30547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96:*:*:*:*:*:*:*",
"matchCriteriaId": "6B83BCE2-24D0-4B5B-A034-62BFF1894AE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FDD63DD9-1809-4CEC-AB69-955A7B127CA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A2AD1AD-DDE2-477B-8EFD-767B6FD8EDBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.3:*:*:*:*:*:*:*",
"matchCriteriaId": "99BD881B-9B53-4E12-B083-87C9C87CDF62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F910313F-FFE1-470A-A9B6-8A854C73DC97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9B0A9232-968D-4D3E-82A0-F5CC858EAF48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD5F4CFB-BE1F-4424-8D2F-B921704E3AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55FF13-8E56-4A27-B7FD-A855735E1045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F7DDBC3B-99BB-4404-9A73-90ED6581D69A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB09A713-E91E-44E7-8B82-F70F655A97B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.4:*:*:*:*:*:*:*",
"matchCriteriaId": "10173750-690B-4576-AB3F-11A0861AA78B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0EF8693A-D561-4D2E-BD60-5630601C6A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BE43983A-73CB-41A5-889B-1AEA9A27F440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB589E9-85C0-4E87-856B-A2832383B129",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CF5EB8A-8E46-4490-BA88-03D4BED3EB84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C6445BEF-245C-47CE-9779-96C97CFD4DA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.4:*:*:*:*:*:*:*",
"matchCriteriaId": "48D007FD-C1AD-477E-9AA5-DDB4522D3248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D6ADB9F6-B519-45D0-966F-F095372FBB49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6E914BAF-2E3A-415E-BAA7-FA02B4A22E25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55FCB7EC-8060-434B-B485-0DC7DBFE117D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9524E069-2A80-4068-9945-2752EF2126EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9E1B30CC-478C-4BD1-AF4C-D126B8CCE8D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1D713119-F9C6-4656-92C9-A5B863A4B72F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1A5E99C8-3778-416B-915F-7335C72435B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.6:*:*:*:*:*:*:*",
"matchCriteriaId": "578DCE6D-3360-43DA-B22E-E0005A6AF388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D7B93B-0CF5-4CAF-B1F4-8A816A427BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDAF214-1851-4DFC-ACAA-37D8CD83D323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B41BBCA6-237B-4CB6-9208-571D47251E18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FD6CAB29-56F9-4C54-97D8-CBB338658EB0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote attackers to cause a denial of service (crash) via an AS path containing ASN elements whose string representation is longer than expected, which triggers an assert error."
},
{
"lang": "es",
"value": "El demonio BGP (bgpd) in Quagga v0.99.11 y anteriores, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de una ruta AS que contiene elementos ASN cuya representaci\u00f3n de cadena es mayor que la esperada, lo que provoca un error de aserci\u00f3n."
}
],
"id": "CVE-2009-1572",
"lastModified": "2024-11-21T01:02:48.300",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-05-06T17:30:00.233",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526311"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://marc.info/?l=quagga-dev\u0026m=123364779626078\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34999"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35061"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35203"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35685"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://thread.gmane.org/gmane.network.quagga.devel/6513"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2009/dsa-1788"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:109"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2009/05/01/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2009/05/01/2"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/54200"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34817"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1022164"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-775-1"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50317"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01037.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01107.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526311"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://marc.info/?l=quagga-dev\u0026m=123364779626078\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35203"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35685"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://thread.gmane.org/gmane.network.quagga.devel/6513"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2009/dsa-1788"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:109"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2009/05/01/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2009/05/01/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/54200"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34817"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022164"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-775-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50317"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01037.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01107.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. This issue did not affect the versions of zebra as shipped with Red Hat Enterprise Linux 2.1, and the versions of quagga as shipped with Red Hat Enterprise Linux 3, 4, or 5.",
"lastModified": "2009-05-18T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-19 13:29
Modified
2024-11-21 04:08
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Summary
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| quagga | quagga | * | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 17.10 | |
| siemens | ruggedcom_rox_ii_firmware | * | |
| siemens | ruggedcom_rox_ii | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5117934B-9B41-4ECF-807D-252F6CA1CF97",
"versionEndIncluding": "1.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_ii_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBDC4817-0B21-45A9-A384-AECE46E2EBC2",
"versionEndExcluding": "2.13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_ii:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1EA04F52-40D0-4A4B-9767-265A26EFD98D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input."
},
{
"lang": "es",
"value": "El demonio Quagga BGP (bgpd), en versiones anteriores a la 1.2.3, puede saturar las tablas internas de conversi\u00f3n de c\u00f3digo a cadena de BGP empleadas para depurar por un valor de puntero 1, bas\u00e1ndose en las entradas."
}
],
"id": "CVE-2018-5380",
"lastModified": "2024-11-21T04:08:42.150",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "cret@cert.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-19T13:29:00.473",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://savannah.nongnu.org/forum/forum.php?forum_id=9095"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/940439"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdf"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1550.txt"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00021.html"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201804-17"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3573-1/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://savannah.nongnu.org/forum/forum.php?forum_id=9095"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/940439"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1550.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201804-17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3573-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4115"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "cret@cert.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-09-12 10:17
Modified
2024-11-21 00:36
Severity ?
Summary
bgpd in Quagga before 0.99.9 allows explicitly configured BGP peers to cause a denial of service (crash) via a malformed (1) OPEN message or (2) a COMMUNITY attribute, which triggers a NULL pointer dereference. NOTE: vector 2 only exists when debugging is enabled.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| quagga | quagga | * | |
| quagga | quagga | 0.95 | |
| quagga | quagga | 0.96 | |
| quagga | quagga | 0.96.1 | |
| quagga | quagga | 0.96.2 | |
| quagga | quagga | 0.96.3 | |
| quagga | quagga | 0.96.4 | |
| quagga | quagga | 0.96.5 | |
| quagga | quagga | 0.97.0 | |
| quagga | quagga | 0.97.1 | |
| quagga | quagga | 0.97.2 | |
| quagga | quagga | 0.97.3 | |
| quagga | quagga | 0.97.4 | |
| quagga | quagga | 0.97.5 | |
| quagga | quagga | 0.98.0 | |
| quagga | quagga | 0.98.1 | |
| quagga | quagga | 0.98.2 | |
| quagga | quagga | 0.98.3 | |
| quagga | quagga | 0.98.4 | |
| quagga | quagga | 0.98.5 | |
| quagga | quagga | 0.98.6 | |
| quagga | quagga | 0.99.1 | |
| quagga | quagga | 0.99.2 | |
| quagga | quagga | 0.99.3 | |
| quagga | quagga | 0.99.4 | |
| quagga | quagga | 0.99.5 | |
| quagga | quagga | 0.99.6 | |
| quagga | quagga | 0.99.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D7AC38-EF8D-474D-9EA1-30B9E58BD744",
"versionEndIncluding": "0.99.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "CD7A8AD5-A315-4242-960C-05E792B30547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96:*:*:*:*:*:*:*",
"matchCriteriaId": "6B83BCE2-24D0-4B5B-A034-62BFF1894AE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FDD63DD9-1809-4CEC-AB69-955A7B127CA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A2AD1AD-DDE2-477B-8EFD-767B6FD8EDBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.3:*:*:*:*:*:*:*",
"matchCriteriaId": "99BD881B-9B53-4E12-B083-87C9C87CDF62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F910313F-FFE1-470A-A9B6-8A854C73DC97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9B0A9232-968D-4D3E-82A0-F5CC858EAF48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD5F4CFB-BE1F-4424-8D2F-B921704E3AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55FF13-8E56-4A27-B7FD-A855735E1045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F7DDBC3B-99BB-4404-9A73-90ED6581D69A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB09A713-E91E-44E7-8B82-F70F655A97B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.4:*:*:*:*:*:*:*",
"matchCriteriaId": "10173750-690B-4576-AB3F-11A0861AA78B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0EF8693A-D561-4D2E-BD60-5630601C6A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BE43983A-73CB-41A5-889B-1AEA9A27F440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB589E9-85C0-4E87-856B-A2832383B129",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CF5EB8A-8E46-4490-BA88-03D4BED3EB84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C6445BEF-245C-47CE-9779-96C97CFD4DA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.4:*:*:*:*:*:*:*",
"matchCriteriaId": "48D007FD-C1AD-477E-9AA5-DDB4522D3248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D6ADB9F6-B519-45D0-966F-F095372FBB49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6E914BAF-2E3A-415E-BAA7-FA02B4A22E25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55FCB7EC-8060-434B-B485-0DC7DBFE117D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9524E069-2A80-4068-9945-2752EF2126EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9E1B30CC-478C-4BD1-AF4C-D126B8CCE8D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1D713119-F9C6-4656-92C9-A5B863A4B72F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1A5E99C8-3778-416B-915F-7335C72435B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.6:*:*:*:*:*:*:*",
"matchCriteriaId": "578DCE6D-3360-43DA-B22E-E0005A6AF388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D7B93B-0CF5-4CAF-B1F4-8A816A427BC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "bgpd in Quagga before 0.99.9 allows explicitly configured BGP peers to cause a denial of service (crash) via a malformed (1) OPEN message or (2) a COMMUNITY attribute, which triggers a NULL pointer dereference. NOTE: vector 2 only exists when debugging is enabled."
},
{
"lang": "es",
"value": "bgpd en Quagga versiones anteriores a 0.99.9, permite que los peers BGP configurados expl\u00edcitamente causen una denegaci\u00f3n de servicio (bloqueo) por medio de (1) mensaje OPEN malformado o (2) un atributo COMMUNITY malformado, que desencadena una desreferencia del puntero NULL. NOTA: el vector 2 solo existe cuando la depuraci\u00f3n est\u00e1 habilitada."
}
],
"id": "CVE-2007-4826",
"lastModified": "2024-11-21T00:36:32.487",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-09-12T10:17:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://fedoranews.org/updates/FEDORA-2007-219.shtml"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00153.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://quagga.net/news2.php?y=2007\u0026m=9\u0026d=7#id1189190760"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26744"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26829"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26863"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27049"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29743"
},
{
"source": "secalert@redhat.com",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-236141-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2007/dsa-1382"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:182"
},
{
"source": "secalert@redhat.com",
"url": "http://www.quagga.net/download/quagga-0.99.9.changelog.txt"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0785.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/25634"
},
{
"source": "secalert@redhat.com",
"url": "http://www.trustix.org/errata/2007/0028/"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/usn-512-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/3129"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/1195/references"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36551"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA-2007-219.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00153.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://quagga.net/news2.php?y=2007\u0026m=9\u0026d=7#id1189190760"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26744"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26829"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26863"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27049"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29743"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-236141-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2007/dsa-1382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:182"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.quagga.net/download/quagga-0.99.9.changelog.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0785.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/25634"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trustix.org/errata/2007/0028/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-512-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/3129"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/1195/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36551"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vendorComments": [
{
"comment": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=285691\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.",
"lastModified": "2007-09-18T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-19 13:29
Modified
2024-11-21 04:08
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| quagga | quagga | * | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 17.10 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_server_aus | 7.4 | |
| redhat | enterprise_linux_server_aus | 7.6 | |
| redhat | enterprise_linux_server_eus | 7.4 | |
| redhat | enterprise_linux_server_eus | 7.5 | |
| redhat | enterprise_linux_server_eus | 7.6 | |
| redhat | enterprise_linux_server_tus | 7.4 | |
| redhat | enterprise_linux_server_tus | 7.6 | |
| redhat | enterprise_linux_workstation | 7.0 | |
| siemens | ruggedcom_rox_ii_firmware | * | |
| siemens | ruggedcom_rox_ii | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5117934B-9B41-4ECF-807D-252F6CA1CF97",
"versionEndIncluding": "1.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_ii_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBDC4817-0B21-45A9-A384-AECE46E2EBC2",
"versionEndExcluding": "2.13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_ii:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1EA04F52-40D0-4A4B-9767-265A26EFD98D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code."
},
{
"lang": "es",
"value": "El demonio Quagga BGP (bgpd), en versiones anteriores a la 1.2.3, puede realizar una doble liberaci\u00f3n (double free) de memoria al procesar ciertos formularios de un mensaje UPDATE que contienen atributos cluster-list y/o desconocidos. Un ataque con \u00e9xito podr\u00eda provocar una denegaci\u00f3n de servicio (DoS) o permitir que un atacante ejecute c\u00f3digo arbitrario."
}
],
"id": "CVE-2018-5379",
"lastModified": "2024-11-21T04:08:41.997",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "cret@cert.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-19T13:29:00.413",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://savannah.nongnu.org/forum/forum.php?forum_id=9095"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/940439"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103105"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0377"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdf"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1114.txt"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00021.html"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201804-17"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3573-1/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://savannah.nongnu.org/forum/forum.php?forum_id=9095"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/940439"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0377"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1114.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201804-17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3573-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4115"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-415"
}
],
"source": "cret@cert.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-415"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-03-17 14:59
Modified
2024-11-21 02:48
Severity ?
Summary
The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted packet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| quagga | quagga | 0.99.24 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.24:*:*:*:*:*:*:*",
"matchCriteriaId": "21E4969E-2647-4F88-8621-5E260E1A77A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted packet."
},
{
"lang": "es",
"value": "La funci\u00f3n bgp_nlri_parse_vpnv4 en bgp_mplsvpn.c en el int\u00e9rprete VPNv4 NLRI en bgpd en Quagga en versiones anteriores a 1.0.20160309, cuando se utiliza una determinada configuraci\u00f3n VPNv4, conf\u00eda en un campo de longitud de datos de rutas Labeled-VPN SAFI durante un copiado de datos, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (desbordamiento de buffer basado en pila) a trav\u00e9s de un paquete manipulado."
}
],
"id": "CVE-2016-2342",
"lastModified": "2024-11-21T02:48:15.723",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-03-17T14:59:01.357",
"references": [
{
"source": "cret@cert.org",
"url": "http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=a3bc7e9400b214a0f078fdb19596ba54214a1442"
},
{
"source": "cret@cert.org",
"url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00102.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00117.html"
},
{
"source": "cret@cert.org",
"url": "http://nongnu.askapache.com//quagga/quagga-1.0.20160309.changelog.txt"
},
{
"source": "cret@cert.org",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0794.html"
},
{
"source": "cret@cert.org",
"url": "http://www.debian.org/security/2016/dsa-3532"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/270232"
},
{
"source": "cret@cert.org",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/84318"
},
{
"source": "cret@cert.org",
"url": "http://www.ubuntu.com/usn/USN-2941-1"
},
{
"source": "cret@cert.org",
"url": "https://security.gentoo.org/glsa/201610-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=a3bc7e9400b214a0f078fdb19596ba54214a1442"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00102.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00117.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://nongnu.askapache.com//quagga/quagga-1.0.20160309.changelog.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0794.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3532"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/270232"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/84318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2941-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201610-03"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-19 13:29
Modified
2024-11-21 04:08
Severity ?
7.1 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H
Summary
The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may crash.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| quagga | quagga | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 17.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5117934B-9B41-4ECF-807D-252F6CA1CF97",
"versionEndIncluding": "1.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may crash."
},
{
"lang": "es",
"value": "El demonio Quagga BGP (bgpd), en versiones anteriores a la 1.2.3, no comprueba correctamente los l\u00edmites de los datos enviados mediante NOTIFY a un peer, si una longitud de atributo es inv\u00e1lida. Los datos arbitrarios del proceso bgpd podr\u00edan enviarse a trav\u00e9s de la red a un peer y/o bgpd podr\u00eda cerrarse inesperadamente."
}
],
"id": "CVE-2018-5378",
"lastModified": "2024-11-21T04:08:41.850",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "cret@cert.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-19T13:29:00.317",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://savannah.nongnu.org/forum/forum.php?forum_id=9095"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/940439"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-0543.txt"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201804-17"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3573-1/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://savannah.nongnu.org/forum/forum.php?forum_id=9095"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/940439"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-0543.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201804-17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3573-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4115"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "cret@cert.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-19 13:29
Modified
2024-11-21 04:08
Severity ?
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI, causing a denial of service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| quagga | quagga | * | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 17.10 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| siemens | ruggedcom_rox_ii_firmware | * | |
| siemens | ruggedcom_rox_ii | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5117934B-9B41-4ECF-807D-252F6CA1CF97",
"versionEndIncluding": "1.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_rox_ii_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBDC4817-0B21-45A9-A384-AECE46E2EBC2",
"versionEndExcluding": "2.13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_rox_ii:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1EA04F52-40D0-4A4B-9767-265A26EFD98D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of \"Capabilities\" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI, causing a denial of service."
},
{
"lang": "es",
"value": "El demonio Quagga BGP (bgpd), en versiones anteriores a la 1.2.3, tiene un error en su an\u00e1lisis de \"Capabilities\" en los mensajes BGP OPEN, en la funci\u00f3n bgp_packet.c:bgp_capability_msg_parse. El analizador puede entrar en un bucle infinito o invalidar capacidades si una capacidad Multi-Protocol no tiene un AFI/SAFI reconocido, lo que provocar\u00eda una denegaci\u00f3n de servicio (DoS)."
}
],
"id": "CVE-2018-5381",
"lastModified": "2024-11-21T04:08:42.307",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "cret@cert.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-19T13:29:00.583",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://savannah.nongnu.org/forum/forum.php?forum_id=9095"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/940439"
},
{
"source": "cret@cert.org",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdf"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1975.txt"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00021.html"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201804-17"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3573-1/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://savannah.nongnu.org/forum/forum.php?forum_id=9095"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/940439"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1975.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201804-17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3573-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4115"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-228"
}
],
"source": "cret@cert.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-05-10 02:14
Modified
2024-11-21 00:10
Severity ?
Summary
bgpd in Quagga 0.98 and 0.99 before 20060504 allows local users to cause a denial of service (CPU consumption) via a certain sh ip bgp command entered in the telnet interface.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D6ADB9F6-B519-45D0-966F-F095372FBB49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9E1B30CC-478C-4BD1-AF4C-D126B8CCE8D6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "bgpd in Quagga 0.98 and 0.99 before 20060504 allows local users to cause a denial of service (CPU consumption) via a certain sh ip bgp command entered in the telnet interface."
}
],
"id": "CVE-2006-2276",
"lastModified": "2024-11-21T00:10:57.540",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-05-10T02:14:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://lists.quagga.net/pipermail/quagga-dev/2006-March/004052.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20116"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20137"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20138"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20221"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/20420"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20421"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20782"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016204"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-1059"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200605-15.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.osvdb.org/25245"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.quagga.net/news2.php?y=2006\u0026m=5\u0026d=4#id1146764580"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0525.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0533.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/17979"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10651"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/284-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://lists.quagga.net/pipermail/quagga-dev/2006-March/004052.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20137"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20138"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/20420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20421"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20782"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016204"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200605-15.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.osvdb.org/25245"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.quagga.net/news2.php?y=2006\u0026m=5\u0026d=4#id1146764580"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0525.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0533.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/17979"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/284-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-04-05 13:25
Modified
2024-11-21 01:34
Severity ?
Summary
Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (daemon crash) via a Link State Update (aka LS Update) packet containing a network-LSA link-state advertisement for which the data-structure length is smaller than the value in the Length header field.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| quagga | quagga | * | |
| quagga | quagga | 0.99.1 | |
| quagga | quagga | 0.99.2 | |
| quagga | quagga | 0.99.3 | |
| quagga | quagga | 0.99.4 | |
| quagga | quagga | 0.99.5 | |
| quagga | quagga | 0.99.6 | |
| quagga | quagga | 0.99.7 | |
| quagga | quagga | 0.99.8 | |
| quagga | quagga | 0.99.9 | |
| quagga | quagga | 0.99.10 | |
| quagga | quagga | 0.99.11 | |
| quagga | quagga | 0.99.12 | |
| quagga | quagga | 0.99.13 | |
| quagga | quagga | 0.99.14 | |
| quagga | quagga | 0.99.15 | |
| quagga | quagga | 0.99.16 | |
| quagga | quagga | 0.99.17 | |
| quagga | quagga | 0.99.18 | |
| quagga | quagga | 0.99.19 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5654C0F-5D45-410A-91FA-96C6AE22280E",
"versionEndIncluding": "0.99.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55FCB7EC-8060-434B-B485-0DC7DBFE117D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9524E069-2A80-4068-9945-2752EF2126EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9E1B30CC-478C-4BD1-AF4C-D126B8CCE8D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1D713119-F9C6-4656-92C9-A5B863A4B72F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1A5E99C8-3778-416B-915F-7335C72435B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.6:*:*:*:*:*:*:*",
"matchCriteriaId": "578DCE6D-3360-43DA-B22E-E0005A6AF388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D7B93B-0CF5-4CAF-B1F4-8A816A427BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDAF214-1851-4DFC-ACAA-37D8CD83D323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B41BBCA6-237B-4CB6-9208-571D47251E18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FD6CAB29-56F9-4C54-97D8-CBB338658EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C69C603A-34A1-4EF9-A332-6984928BF72C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E8814493-75B4-45DD-886B-054A1C27F870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E98DCCDE-2800-4FC5-BE49-3EC7583F9768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.14:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2C126C-075D-42F0-B9DD-95267D14C818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.15:*:*:*:*:*:*:*",
"matchCriteriaId": "62379505-A869-48AA-8A32-768583F12266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.16:*:*:*:*:*:*:*",
"matchCriteriaId": "737C92B8-185F-4049-A7F4-D9D4DA6DDFDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.17:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF1EAD6-1BAF-4D5E-BEB1-BC433041482D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.18:*:*:*:*:*:*:*",
"matchCriteriaId": "B344123D-1D1D-41B0-BEF5-D3A5A4995B79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.19:*:*:*:*:*:*:*",
"matchCriteriaId": "809D464E-8F60-44E3-8BEB-97760500B508",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (daemon crash) via a Link State Update (aka LS Update) packet containing a network-LSA link-state advertisement for which the data-structure length is smaller than the value in the Length header field."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en la implementaci\u00f3n de OSPFv2 en ospfd en Quagga antes de v0.99.20.1 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda del demonio) a trav\u00e9s de un paquete de actualizaci\u00f3n de estado de enlace (tambi\u00e9n conocido como LS Update) que contiene una anuncio de estado de enlace de una red LSA de longitud es menor que el valor en el campo longitud de la cabecera."
}
],
"id": "CVE-2012-0250",
"lastModified": "2024-11-21T01:34:39.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-04-05T13:25:30.583",
"references": [
{
"source": "cret@cert.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078794.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078910.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078926.html"
},
{
"source": "cret@cert.org",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1258.html"
},
{
"source": "cret@cert.org",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1259.html"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/48949"
},
{
"source": "cret@cert.org",
"url": "http://www.debian.org/security/2012/dsa-2459"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/551715"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078794.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078910.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078926.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1258.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1259.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/48949"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2459"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/551715"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-29 20:29
Modified
2024-11-21 03:16
Severity ?
Summary
The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| quagga | quagga | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A77B501-67FE-43AE-9A3B-53B9DF5865C9",
"versionEndIncluding": "1.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message."
},
{
"lang": "es",
"value": "La funci\u00f3n aspath_put en bgpd/bgp_aspath.c en Quagga en versiones anteriores a la 1.2.2 permite que los atacantes remotos provoquen una denegaci\u00f3n de servicio (ca\u00edda de sesi\u00f3n) mediante mensajes BGP Update, ya que el c\u00e1lculo del tama\u00f1o de AS_PATH cuanta una serie de bytes dos veces y en consecuencia construye un menaje no v\u00e1lido."
}
],
"id": "CVE-2017-16227",
"lastModified": "2024-11-21T03:16:04.633",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-29T20:29:00.207",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "http://download.savannah.gnu.org/releases/quagga/quagga-1.2.2.changelog.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-4011"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/879474"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://git.savannah.gnu.org/cgit/quagga.git/commit/?id=7a42b78be9a4108d98833069a88e6fddb9285008"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://lists.quagga.net/pipermail/quagga-dev/2017-September/033284.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "http://download.savannah.gnu.org/releases/quagga/quagga-1.2.2.changelog.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-4011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/879474"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://git.savannah.gnu.org/cgit/quagga.git/commit/?id=7a42b78be9a4108d98833069a88e6fddb9285008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://lists.quagga.net/pipermail/quagga-dev/2017-September/033284.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-09-10 19:00
Modified
2024-11-21 01:17
Severity ?
Summary
bgpd in Quagga before 0.99.17 does not properly parse AS paths, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unknown AS type in an AS path attribute in a BGP UPDATE message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| quagga | quagga | * | |
| quagga | quagga | 0.95 | |
| quagga | quagga | 0.96 | |
| quagga | quagga | 0.96.1 | |
| quagga | quagga | 0.96.2 | |
| quagga | quagga | 0.96.3 | |
| quagga | quagga | 0.96.4 | |
| quagga | quagga | 0.96.5 | |
| quagga | quagga | 0.97.0 | |
| quagga | quagga | 0.97.1 | |
| quagga | quagga | 0.97.2 | |
| quagga | quagga | 0.97.3 | |
| quagga | quagga | 0.97.4 | |
| quagga | quagga | 0.97.5 | |
| quagga | quagga | 0.98.0 | |
| quagga | quagga | 0.98.1 | |
| quagga | quagga | 0.98.2 | |
| quagga | quagga | 0.98.3 | |
| quagga | quagga | 0.98.4 | |
| quagga | quagga | 0.98.5 | |
| quagga | quagga | 0.98.6 | |
| quagga | quagga | 0.99.1 | |
| quagga | quagga | 0.99.2 | |
| quagga | quagga | 0.99.3 | |
| quagga | quagga | 0.99.4 | |
| quagga | quagga | 0.99.5 | |
| quagga | quagga | 0.99.6 | |
| quagga | quagga | 0.99.7 | |
| quagga | quagga | 0.99.8 | |
| quagga | quagga | 0.99.9 | |
| quagga | quagga | 0.99.10 | |
| quagga | quagga | 0.99.11 | |
| quagga | quagga | 0.99.12 | |
| quagga | quagga | 0.99.13 | |
| quagga | quagga | 0.99.14 | |
| quagga | quagga | 0.99.15 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C10E443E-A9B8-4E33-B17A-FD6172C98023",
"versionEndIncluding": "0.99.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "CD7A8AD5-A315-4242-960C-05E792B30547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96:*:*:*:*:*:*:*",
"matchCriteriaId": "6B83BCE2-24D0-4B5B-A034-62BFF1894AE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FDD63DD9-1809-4CEC-AB69-955A7B127CA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A2AD1AD-DDE2-477B-8EFD-767B6FD8EDBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.3:*:*:*:*:*:*:*",
"matchCriteriaId": "99BD881B-9B53-4E12-B083-87C9C87CDF62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F910313F-FFE1-470A-A9B6-8A854C73DC97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9B0A9232-968D-4D3E-82A0-F5CC858EAF48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD5F4CFB-BE1F-4424-8D2F-B921704E3AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55FF13-8E56-4A27-B7FD-A855735E1045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F7DDBC3B-99BB-4404-9A73-90ED6581D69A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB09A713-E91E-44E7-8B82-F70F655A97B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.4:*:*:*:*:*:*:*",
"matchCriteriaId": "10173750-690B-4576-AB3F-11A0861AA78B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0EF8693A-D561-4D2E-BD60-5630601C6A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BE43983A-73CB-41A5-889B-1AEA9A27F440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB589E9-85C0-4E87-856B-A2832383B129",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CF5EB8A-8E46-4490-BA88-03D4BED3EB84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C6445BEF-245C-47CE-9779-96C97CFD4DA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.4:*:*:*:*:*:*:*",
"matchCriteriaId": "48D007FD-C1AD-477E-9AA5-DDB4522D3248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D6ADB9F6-B519-45D0-966F-F095372FBB49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6E914BAF-2E3A-415E-BAA7-FA02B4A22E25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55FCB7EC-8060-434B-B485-0DC7DBFE117D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9524E069-2A80-4068-9945-2752EF2126EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9E1B30CC-478C-4BD1-AF4C-D126B8CCE8D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1D713119-F9C6-4656-92C9-A5B863A4B72F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1A5E99C8-3778-416B-915F-7335C72435B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.6:*:*:*:*:*:*:*",
"matchCriteriaId": "578DCE6D-3360-43DA-B22E-E0005A6AF388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D7B93B-0CF5-4CAF-B1F4-8A816A427BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDAF214-1851-4DFC-ACAA-37D8CD83D323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B41BBCA6-237B-4CB6-9208-571D47251E18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FD6CAB29-56F9-4C54-97D8-CBB338658EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C69C603A-34A1-4EF9-A332-6984928BF72C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E8814493-75B4-45DD-886B-054A1C27F870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E98DCCDE-2800-4FC5-BE49-3EC7583F9768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.14:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2C126C-075D-42F0-B9DD-95267D14C818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.15:*:*:*:*:*:*:*",
"matchCriteriaId": "62379505-A869-48AA-8A32-768583F12266",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "bgpd in Quagga before 0.99.17 does not properly parse AS paths, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unknown AS type in an AS path attribute in a BGP UPDATE message."
},
{
"lang": "es",
"value": "bgpd en Quagga anteriores a v0.99.17 no realiza el an\u00e1lisis sint\u00e1ctico las rutas AS, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (desreferencia de puntero NULL y ca\u00edda del demonio) a trav\u00e9s de un tipo AS desconocido en un atributo AS en un mensaje BGP UPDATE. \r\n"
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/476.html\r\n\u0027CWE-476: NULL Pointer Dereference\u0027",
"id": "CVE-2010-2949",
"lastModified": "2024-11-21T01:17:43.037",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-09-10T19:00:02.597",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://code.quagga.net/?p=quagga.git%3Ba=commit%3Bh=cddb8112b80fa9867156c637d63e6e79eeac67bb"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41038"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41238"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42397"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42446"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42498"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/48106"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-201202-02.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2010/dsa-2104"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:174"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2010/08/24/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2010/08/25/4"
},
{
"source": "secalert@redhat.com",
"url": "http://www.quagga.net/news2.php?y=2010\u0026m=8\u0026d=19"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0945.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/42642"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1027-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2304"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/3097"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/3124"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=626795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.quagga.net/?p=quagga.git%3Ba=commit%3Bh=cddb8112b80fa9867156c637d63e6e79eeac67bb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41038"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41238"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42397"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42446"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42498"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/48106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201202-02.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2010/dsa-2104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/08/24/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/08/25/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.quagga.net/news2.php?y=2010\u0026m=8\u0026d=19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0945.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/42642"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1027-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2304"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/3097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/3124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=626795"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-12-15 05:00
Modified
2024-11-20 23:45
Severity ?
Summary
The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://marc.info/?l=bugtraq&m=106883387304266&w=2 | ||
| cve@mitre.org | http://secunia.com/advisories/10563 | Vendor Advisory | |
| cve@mitre.org | http://www.debian.org/security/2004/dsa-415 | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2003-305.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2003-307.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=106883387304266&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/10563 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2004/dsa-415 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2003-305.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2003-307.html | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:zebra:0.91a:*:*:*:*:*:*:*",
"matchCriteriaId": "B4422632-71AE-4E7F-8684-EC63F9B05F50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:zebra:0.92a:*:*:*:*:*:*:*",
"matchCriteriaId": "06039EBD-0C90-42C9-B182-9A59A7A3075A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:zebra:0.93a:*:*:*:*:*:*:*",
"matchCriteriaId": "01D1D224-8BD6-46AD-AA75-5457A2E007A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:zebra:0.93b:*:*:*:*:*:*:*",
"matchCriteriaId": "FDEEAC68-6442-4E82-B072-491ED94EE6D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1115C0CE-AA9B-4B11-A2D5-6F5F5ED043E1",
"versionEndIncluding": "0.96.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "CD7A8AD5-A315-4242-960C-05E792B30547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96:*:*:*:*:*:*:*",
"matchCriteriaId": "6B83BCE2-24D0-4B5B-A034-62BFF1894AE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FDD63DD9-1809-4CEC-AB69-955A7B127CA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A2AD1AD-DDE2-477B-8EFD-767B6FD8EDBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:propack:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8AB7B969-1093-46A9-AA8D-0C28F138C4D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:propack:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "26430687-409B-448F-934B-06AB937DDF63",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference."
},
{
"lang": "es",
"value": "La capa vty en Quagga anteriores a 0.96.4, y Zebra anteriores a 0.91, no verifica si se est\u00e1 llevando a cabo una sub-negociaci\u00f3n cuando procesa el marcador SE, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) mediante un comando telnet malformado al puerto telnet CLI, lo que puede disparar una desreferencia de memoria nula."
}
],
"id": "CVE-2003-0795",
"lastModified": "2024-11-20T23:45:32.713",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-12-15T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=106883387304266\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/10563"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-415"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-305.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-307.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=106883387304266\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/10563"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-415"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-305.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-307.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-10-10 10:55
Modified
2024-11-21 01:30
Severity ?
Summary
ospf_packet.c in ospfd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) via (1) a 0x0a type field in an IPv4 packet header or (2) a truncated IPv4 Hello packet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| quagga | quagga | * | |
| quagga | quagga | 0.95 | |
| quagga | quagga | 0.96 | |
| quagga | quagga | 0.96.1 | |
| quagga | quagga | 0.96.2 | |
| quagga | quagga | 0.96.3 | |
| quagga | quagga | 0.96.4 | |
| quagga | quagga | 0.96.5 | |
| quagga | quagga | 0.97.0 | |
| quagga | quagga | 0.97.1 | |
| quagga | quagga | 0.97.2 | |
| quagga | quagga | 0.97.3 | |
| quagga | quagga | 0.97.4 | |
| quagga | quagga | 0.97.5 | |
| quagga | quagga | 0.98.0 | |
| quagga | quagga | 0.98.1 | |
| quagga | quagga | 0.98.2 | |
| quagga | quagga | 0.98.3 | |
| quagga | quagga | 0.98.4 | |
| quagga | quagga | 0.98.5 | |
| quagga | quagga | 0.98.6 | |
| quagga | quagga | 0.99.1 | |
| quagga | quagga | 0.99.2 | |
| quagga | quagga | 0.99.3 | |
| quagga | quagga | 0.99.4 | |
| quagga | quagga | 0.99.5 | |
| quagga | quagga | 0.99.6 | |
| quagga | quagga | 0.99.7 | |
| quagga | quagga | 0.99.8 | |
| quagga | quagga | 0.99.9 | |
| quagga | quagga | 0.99.10 | |
| quagga | quagga | 0.99.11 | |
| quagga | quagga | 0.99.12 | |
| quagga | quagga | 0.99.13 | |
| quagga | quagga | 0.99.14 | |
| quagga | quagga | 0.99.15 | |
| quagga | quagga | 0.99.16 | |
| quagga | quagga | 0.99.17 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDFDF175-4863-4A33-88CA-3539A3D2B936",
"versionEndIncluding": "0.99.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "CD7A8AD5-A315-4242-960C-05E792B30547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96:*:*:*:*:*:*:*",
"matchCriteriaId": "6B83BCE2-24D0-4B5B-A034-62BFF1894AE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FDD63DD9-1809-4CEC-AB69-955A7B127CA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A2AD1AD-DDE2-477B-8EFD-767B6FD8EDBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.3:*:*:*:*:*:*:*",
"matchCriteriaId": "99BD881B-9B53-4E12-B083-87C9C87CDF62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F910313F-FFE1-470A-A9B6-8A854C73DC97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9B0A9232-968D-4D3E-82A0-F5CC858EAF48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD5F4CFB-BE1F-4424-8D2F-B921704E3AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55FF13-8E56-4A27-B7FD-A855735E1045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F7DDBC3B-99BB-4404-9A73-90ED6581D69A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB09A713-E91E-44E7-8B82-F70F655A97B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.4:*:*:*:*:*:*:*",
"matchCriteriaId": "10173750-690B-4576-AB3F-11A0861AA78B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0EF8693A-D561-4D2E-BD60-5630601C6A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BE43983A-73CB-41A5-889B-1AEA9A27F440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB589E9-85C0-4E87-856B-A2832383B129",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CF5EB8A-8E46-4490-BA88-03D4BED3EB84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C6445BEF-245C-47CE-9779-96C97CFD4DA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.4:*:*:*:*:*:*:*",
"matchCriteriaId": "48D007FD-C1AD-477E-9AA5-DDB4522D3248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D6ADB9F6-B519-45D0-966F-F095372FBB49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6E914BAF-2E3A-415E-BAA7-FA02B4A22E25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55FCB7EC-8060-434B-B485-0DC7DBFE117D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9524E069-2A80-4068-9945-2752EF2126EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9E1B30CC-478C-4BD1-AF4C-D126B8CCE8D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1D713119-F9C6-4656-92C9-A5B863A4B72F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1A5E99C8-3778-416B-915F-7335C72435B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.6:*:*:*:*:*:*:*",
"matchCriteriaId": "578DCE6D-3360-43DA-B22E-E0005A6AF388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D7B93B-0CF5-4CAF-B1F4-8A816A427BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDAF214-1851-4DFC-ACAA-37D8CD83D323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B41BBCA6-237B-4CB6-9208-571D47251E18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FD6CAB29-56F9-4C54-97D8-CBB338658EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C69C603A-34A1-4EF9-A332-6984928BF72C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E8814493-75B4-45DD-886B-054A1C27F870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E98DCCDE-2800-4FC5-BE49-3EC7583F9768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.14:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2C126C-075D-42F0-B9DD-95267D14C818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.15:*:*:*:*:*:*:*",
"matchCriteriaId": "62379505-A869-48AA-8A32-768583F12266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.16:*:*:*:*:*:*:*",
"matchCriteriaId": "737C92B8-185F-4049-A7F4-D9D4DA6DDFDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.17:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF1EAD6-1BAF-4D5E-BEB1-BC433041482D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ospf_packet.c in ospfd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) via (1) a 0x0a type field in an IPv4 packet header or (2) a truncated IPv4 Hello packet."
},
{
"lang": "es",
"value": "ospf_packet.c en ospfd en Quagga anterior a v0.99.19 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) a trav\u00e9s (1) un tipo de campo 0x0a en una cabecera del paquete en IPv4 o (2) un paquete Hello IPv4 truncado."
}
],
"id": "CVE-2011-3325",
"lastModified": "2024-11-21T01:30:16.137",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-10-10T10:55:06.503",
"references": [
{
"source": "cret@cert.org",
"url": "http://code.quagga.net/?p=quagga.git%3Ba=commit%3Bh=61ab0301606053192f45c188bc48afc837518770"
},
{
"source": "cret@cert.org",
"url": "http://code.quagga.net/?p=quagga.git%3Ba=commit%3Bh=717750433839762d23a5f8d88fe0b4d57c8d490a"
},
{
"source": "cret@cert.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00027.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00007.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00010.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html"
},
{
"source": "cret@cert.org",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1258.html"
},
{
"source": "cret@cert.org",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1259.html"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46139"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/46274"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/48106"
},
{
"source": "cret@cert.org",
"url": "http://security.gentoo.org/glsa/glsa-201202-02.xml"
},
{
"source": "cret@cert.org",
"url": "http://www.debian.org/security/2011/dsa-2316"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/668534"
},
{
"source": "cret@cert.org",
"url": "http://www.quagga.net/download/quagga-0.99.19.changelog.txt"
},
{
"source": "cret@cert.org",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=738396"
},
{
"source": "cret@cert.org",
"url": "https://www.cert.fi/en/reports/2011/vulnerability539178.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.quagga.net/?p=quagga.git%3Ba=commit%3Bh=61ab0301606053192f45c188bc48afc837518770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.quagga.net/?p=quagga.git%3Ba=commit%3Bh=717750433839762d23a5f8d88fe0b4d57c8d490a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1258.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1259.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/46274"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/48106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201202-02.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/668534"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.quagga.net/download/quagga-0.99.19.changelog.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=738396"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.cert.fi/en/reports/2011/vulnerability539178.html"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-04-05 13:25
Modified
2024-11-21 01:34
Severity ?
Summary
Buffer overflow in the ospf_ls_upd_list_lsa function in ospf_packet.c in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a Link State Update (aka LS Update) packet that is smaller than the length specified in its header.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| quagga | quagga | * | |
| quagga | quagga | 0.95 | |
| quagga | quagga | 0.96 | |
| quagga | quagga | 0.96.1 | |
| quagga | quagga | 0.96.2 | |
| quagga | quagga | 0.96.3 | |
| quagga | quagga | 0.96.4 | |
| quagga | quagga | 0.96.5 | |
| quagga | quagga | 0.97.0 | |
| quagga | quagga | 0.97.1 | |
| quagga | quagga | 0.97.2 | |
| quagga | quagga | 0.97.3 | |
| quagga | quagga | 0.97.4 | |
| quagga | quagga | 0.97.5 | |
| quagga | quagga | 0.98.0 | |
| quagga | quagga | 0.98.1 | |
| quagga | quagga | 0.98.2 | |
| quagga | quagga | 0.98.3 | |
| quagga | quagga | 0.98.4 | |
| quagga | quagga | 0.98.5 | |
| quagga | quagga | 0.98.6 | |
| quagga | quagga | 0.99.1 | |
| quagga | quagga | 0.99.2 | |
| quagga | quagga | 0.99.3 | |
| quagga | quagga | 0.99.4 | |
| quagga | quagga | 0.99.5 | |
| quagga | quagga | 0.99.6 | |
| quagga | quagga | 0.99.7 | |
| quagga | quagga | 0.99.8 | |
| quagga | quagga | 0.99.9 | |
| quagga | quagga | 0.99.10 | |
| quagga | quagga | 0.99.11 | |
| quagga | quagga | 0.99.12 | |
| quagga | quagga | 0.99.13 | |
| quagga | quagga | 0.99.14 | |
| quagga | quagga | 0.99.15 | |
| quagga | quagga | 0.99.16 | |
| quagga | quagga | 0.99.17 | |
| quagga | quagga | 0.99.18 | |
| quagga | quagga | 0.99.19 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5654C0F-5D45-410A-91FA-96C6AE22280E",
"versionEndIncluding": "0.99.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "CD7A8AD5-A315-4242-960C-05E792B30547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96:*:*:*:*:*:*:*",
"matchCriteriaId": "6B83BCE2-24D0-4B5B-A034-62BFF1894AE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FDD63DD9-1809-4CEC-AB69-955A7B127CA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A2AD1AD-DDE2-477B-8EFD-767B6FD8EDBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.3:*:*:*:*:*:*:*",
"matchCriteriaId": "99BD881B-9B53-4E12-B083-87C9C87CDF62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F910313F-FFE1-470A-A9B6-8A854C73DC97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9B0A9232-968D-4D3E-82A0-F5CC858EAF48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD5F4CFB-BE1F-4424-8D2F-B921704E3AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55FF13-8E56-4A27-B7FD-A855735E1045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F7DDBC3B-99BB-4404-9A73-90ED6581D69A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB09A713-E91E-44E7-8B82-F70F655A97B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.4:*:*:*:*:*:*:*",
"matchCriteriaId": "10173750-690B-4576-AB3F-11A0861AA78B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0EF8693A-D561-4D2E-BD60-5630601C6A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BE43983A-73CB-41A5-889B-1AEA9A27F440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB589E9-85C0-4E87-856B-A2832383B129",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CF5EB8A-8E46-4490-BA88-03D4BED3EB84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C6445BEF-245C-47CE-9779-96C97CFD4DA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.4:*:*:*:*:*:*:*",
"matchCriteriaId": "48D007FD-C1AD-477E-9AA5-DDB4522D3248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D6ADB9F6-B519-45D0-966F-F095372FBB49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6E914BAF-2E3A-415E-BAA7-FA02B4A22E25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55FCB7EC-8060-434B-B485-0DC7DBFE117D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9524E069-2A80-4068-9945-2752EF2126EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9E1B30CC-478C-4BD1-AF4C-D126B8CCE8D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1D713119-F9C6-4656-92C9-A5B863A4B72F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1A5E99C8-3778-416B-915F-7335C72435B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.6:*:*:*:*:*:*:*",
"matchCriteriaId": "578DCE6D-3360-43DA-B22E-E0005A6AF388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D7B93B-0CF5-4CAF-B1F4-8A816A427BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDAF214-1851-4DFC-ACAA-37D8CD83D323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B41BBCA6-237B-4CB6-9208-571D47251E18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FD6CAB29-56F9-4C54-97D8-CBB338658EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C69C603A-34A1-4EF9-A332-6984928BF72C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E8814493-75B4-45DD-886B-054A1C27F870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E98DCCDE-2800-4FC5-BE49-3EC7583F9768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.14:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2C126C-075D-42F0-B9DD-95267D14C818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.15:*:*:*:*:*:*:*",
"matchCriteriaId": "62379505-A869-48AA-8A32-768583F12266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.16:*:*:*:*:*:*:*",
"matchCriteriaId": "737C92B8-185F-4049-A7F4-D9D4DA6DDFDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.17:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF1EAD6-1BAF-4D5E-BEB1-BC433041482D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.18:*:*:*:*:*:*:*",
"matchCriteriaId": "B344123D-1D1D-41B0-BEF5-D3A5A4995B79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.19:*:*:*:*:*:*:*",
"matchCriteriaId": "809D464E-8F60-44E3-8BEB-97760500B508",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the ospf_ls_upd_list_lsa function in ospf_packet.c in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a Link State Update (aka LS Update) packet that is smaller than the length specified in its header."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en la funci\u00f3n ospf_ls_upd_list_lsa en ospf_packet.c en la implementaci\u00f3n de OSPFv2 en ospfd en Quagga antes v0.99.20.1 permite a atacantes remotos causar una denegaci\u00f3n de servicio (error de aserci\u00f3n y salida del demonio) a trav\u00e9s de un paquete de actualizaci\u00f3n de estado de enlace (tambi\u00e9n conocido como LS Update) que es m\u00e1s peque\u00f1o de lo que indica la longitud especificada en su cabecera."
}
],
"id": "CVE-2012-0249",
"lastModified": "2024-11-21T01:34:39.737",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-04-05T13:25:30.553",
"references": [
{
"source": "cret@cert.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078794.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078910.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078926.html"
},
{
"source": "cret@cert.org",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1258.html"
},
{
"source": "cret@cert.org",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1259.html"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/48949"
},
{
"source": "cret@cert.org",
"url": "http://www.debian.org/security/2012/dsa-2459"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/551715"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit",
"Patch"
],
"url": "https://bugzilla.quagga.net/show_bug.cgi?id=705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078794.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078910.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078926.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1258.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1259.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/48949"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2459"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/551715"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://bugzilla.quagga.net/show_bug.cgi?id=705"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-10-10 10:55
Modified
2024-11-21 01:30
Severity ?
Summary
Heap-based buffer overflow in the ecommunity_ecom2str function in bgp_ecommunity.c in bgpd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by sending a crafted BGP UPDATE message over IPv4.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| quagga | quagga | * | |
| quagga | quagga | 0.95 | |
| quagga | quagga | 0.96 | |
| quagga | quagga | 0.96.1 | |
| quagga | quagga | 0.96.2 | |
| quagga | quagga | 0.96.3 | |
| quagga | quagga | 0.96.4 | |
| quagga | quagga | 0.96.5 | |
| quagga | quagga | 0.97.0 | |
| quagga | quagga | 0.97.1 | |
| quagga | quagga | 0.97.2 | |
| quagga | quagga | 0.97.3 | |
| quagga | quagga | 0.97.4 | |
| quagga | quagga | 0.97.5 | |
| quagga | quagga | 0.98.0 | |
| quagga | quagga | 0.98.1 | |
| quagga | quagga | 0.98.2 | |
| quagga | quagga | 0.98.3 | |
| quagga | quagga | 0.98.4 | |
| quagga | quagga | 0.98.5 | |
| quagga | quagga | 0.98.6 | |
| quagga | quagga | 0.99.1 | |
| quagga | quagga | 0.99.2 | |
| quagga | quagga | 0.99.3 | |
| quagga | quagga | 0.99.4 | |
| quagga | quagga | 0.99.5 | |
| quagga | quagga | 0.99.6 | |
| quagga | quagga | 0.99.7 | |
| quagga | quagga | 0.99.8 | |
| quagga | quagga | 0.99.9 | |
| quagga | quagga | 0.99.10 | |
| quagga | quagga | 0.99.11 | |
| quagga | quagga | 0.99.12 | |
| quagga | quagga | 0.99.13 | |
| quagga | quagga | 0.99.14 | |
| quagga | quagga | 0.99.15 | |
| quagga | quagga | 0.99.16 | |
| quagga | quagga | 0.99.17 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDFDF175-4863-4A33-88CA-3539A3D2B936",
"versionEndIncluding": "0.99.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "CD7A8AD5-A315-4242-960C-05E792B30547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96:*:*:*:*:*:*:*",
"matchCriteriaId": "6B83BCE2-24D0-4B5B-A034-62BFF1894AE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FDD63DD9-1809-4CEC-AB69-955A7B127CA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A2AD1AD-DDE2-477B-8EFD-767B6FD8EDBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.3:*:*:*:*:*:*:*",
"matchCriteriaId": "99BD881B-9B53-4E12-B083-87C9C87CDF62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F910313F-FFE1-470A-A9B6-8A854C73DC97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9B0A9232-968D-4D3E-82A0-F5CC858EAF48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD5F4CFB-BE1F-4424-8D2F-B921704E3AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55FF13-8E56-4A27-B7FD-A855735E1045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F7DDBC3B-99BB-4404-9A73-90ED6581D69A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB09A713-E91E-44E7-8B82-F70F655A97B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.4:*:*:*:*:*:*:*",
"matchCriteriaId": "10173750-690B-4576-AB3F-11A0861AA78B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0EF8693A-D561-4D2E-BD60-5630601C6A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BE43983A-73CB-41A5-889B-1AEA9A27F440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB589E9-85C0-4E87-856B-A2832383B129",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CF5EB8A-8E46-4490-BA88-03D4BED3EB84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C6445BEF-245C-47CE-9779-96C97CFD4DA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.4:*:*:*:*:*:*:*",
"matchCriteriaId": "48D007FD-C1AD-477E-9AA5-DDB4522D3248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D6ADB9F6-B519-45D0-966F-F095372FBB49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6E914BAF-2E3A-415E-BAA7-FA02B4A22E25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55FCB7EC-8060-434B-B485-0DC7DBFE117D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9524E069-2A80-4068-9945-2752EF2126EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9E1B30CC-478C-4BD1-AF4C-D126B8CCE8D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1D713119-F9C6-4656-92C9-A5B863A4B72F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1A5E99C8-3778-416B-915F-7335C72435B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.6:*:*:*:*:*:*:*",
"matchCriteriaId": "578DCE6D-3360-43DA-B22E-E0005A6AF388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D7B93B-0CF5-4CAF-B1F4-8A816A427BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDAF214-1851-4DFC-ACAA-37D8CD83D323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B41BBCA6-237B-4CB6-9208-571D47251E18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FD6CAB29-56F9-4C54-97D8-CBB338658EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C69C603A-34A1-4EF9-A332-6984928BF72C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E8814493-75B4-45DD-886B-054A1C27F870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E98DCCDE-2800-4FC5-BE49-3EC7583F9768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.14:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2C126C-075D-42F0-B9DD-95267D14C818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.15:*:*:*:*:*:*:*",
"matchCriteriaId": "62379505-A869-48AA-8A32-768583F12266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.16:*:*:*:*:*:*:*",
"matchCriteriaId": "737C92B8-185F-4049-A7F4-D9D4DA6DDFDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.17:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF1EAD6-1BAF-4D5E-BEB1-BC433041482D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the ecommunity_ecom2str function in bgp_ecommunity.c in bgpd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by sending a crafted BGP UPDATE message over IPv4."
},
{
"lang": "es",
"value": "Desbordamiento de buffer de memoria din\u00e1mica en la funci\u00f3n ecommunity_ecom2str en bgp_ecommunity.c en bgpd en Quagga anterior a v0.99.19 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) o posiblemente ejecutar c\u00f3digo de su elecci\u00f3n enviando mensajes BGP UPDATE manipulados sobre IPv4."
}
],
"id": "CVE-2011-3327",
"lastModified": "2024-11-21T01:30:16.473",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-10-10T10:55:06.690",
"references": [
{
"source": "cret@cert.org",
"url": "http://code.quagga.net/?p=quagga.git%3Ba=commit%3Bh=94431dbc753171b48b5c6806af97fd690813b00a"
},
{
"source": "cret@cert.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00027.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00007.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00010.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html"
},
{
"source": "cret@cert.org",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1258.html"
},
{
"source": "cret@cert.org",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1259.html"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46139"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/46274"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/48106"
},
{
"source": "cret@cert.org",
"url": "http://security.gentoo.org/glsa/glsa-201202-02.xml"
},
{
"source": "cret@cert.org",
"url": "http://www.debian.org/security/2011/dsa-2316"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/668534"
},
{
"source": "cret@cert.org",
"url": "http://www.quagga.net/download/quagga-0.99.19.changelog.txt"
},
{
"source": "cret@cert.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=738400"
},
{
"source": "cret@cert.org",
"url": "https://www.cert.fi/en/reports/2011/vulnerability539178.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.quagga.net/?p=quagga.git%3Ba=commit%3Bh=94431dbc753171b48b5c6806af97fd690813b00a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1258.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1259.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/46274"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/48106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201202-02.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/668534"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.quagga.net/download/quagga-0.99.19.changelog.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=738400"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.cert.fi/en/reports/2011/vulnerability539178.html"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-10-10 10:55
Modified
2024-11-21 01:30
Severity ?
Summary
The OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a denial of service (out-of-bounds memory access and daemon crash) via a Link State Update message with an invalid IPv6 prefix length.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| quagga | quagga | * | |
| quagga | quagga | 0.95 | |
| quagga | quagga | 0.96 | |
| quagga | quagga | 0.96.1 | |
| quagga | quagga | 0.96.2 | |
| quagga | quagga | 0.96.3 | |
| quagga | quagga | 0.96.4 | |
| quagga | quagga | 0.96.5 | |
| quagga | quagga | 0.97.0 | |
| quagga | quagga | 0.97.1 | |
| quagga | quagga | 0.97.2 | |
| quagga | quagga | 0.97.3 | |
| quagga | quagga | 0.97.4 | |
| quagga | quagga | 0.97.5 | |
| quagga | quagga | 0.98.0 | |
| quagga | quagga | 0.98.1 | |
| quagga | quagga | 0.98.2 | |
| quagga | quagga | 0.98.3 | |
| quagga | quagga | 0.98.4 | |
| quagga | quagga | 0.98.5 | |
| quagga | quagga | 0.98.6 | |
| quagga | quagga | 0.99.1 | |
| quagga | quagga | 0.99.2 | |
| quagga | quagga | 0.99.3 | |
| quagga | quagga | 0.99.4 | |
| quagga | quagga | 0.99.5 | |
| quagga | quagga | 0.99.6 | |
| quagga | quagga | 0.99.7 | |
| quagga | quagga | 0.99.8 | |
| quagga | quagga | 0.99.9 | |
| quagga | quagga | 0.99.10 | |
| quagga | quagga | 0.99.11 | |
| quagga | quagga | 0.99.12 | |
| quagga | quagga | 0.99.13 | |
| quagga | quagga | 0.99.14 | |
| quagga | quagga | 0.99.15 | |
| quagga | quagga | 0.99.16 | |
| quagga | quagga | 0.99.17 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDFDF175-4863-4A33-88CA-3539A3D2B936",
"versionEndIncluding": "0.99.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "CD7A8AD5-A315-4242-960C-05E792B30547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96:*:*:*:*:*:*:*",
"matchCriteriaId": "6B83BCE2-24D0-4B5B-A034-62BFF1894AE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FDD63DD9-1809-4CEC-AB69-955A7B127CA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A2AD1AD-DDE2-477B-8EFD-767B6FD8EDBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.3:*:*:*:*:*:*:*",
"matchCriteriaId": "99BD881B-9B53-4E12-B083-87C9C87CDF62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F910313F-FFE1-470A-A9B6-8A854C73DC97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9B0A9232-968D-4D3E-82A0-F5CC858EAF48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD5F4CFB-BE1F-4424-8D2F-B921704E3AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55FF13-8E56-4A27-B7FD-A855735E1045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F7DDBC3B-99BB-4404-9A73-90ED6581D69A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB09A713-E91E-44E7-8B82-F70F655A97B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.4:*:*:*:*:*:*:*",
"matchCriteriaId": "10173750-690B-4576-AB3F-11A0861AA78B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0EF8693A-D561-4D2E-BD60-5630601C6A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BE43983A-73CB-41A5-889B-1AEA9A27F440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB589E9-85C0-4E87-856B-A2832383B129",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CF5EB8A-8E46-4490-BA88-03D4BED3EB84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C6445BEF-245C-47CE-9779-96C97CFD4DA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.4:*:*:*:*:*:*:*",
"matchCriteriaId": "48D007FD-C1AD-477E-9AA5-DDB4522D3248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D6ADB9F6-B519-45D0-966F-F095372FBB49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6E914BAF-2E3A-415E-BAA7-FA02B4A22E25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55FCB7EC-8060-434B-B485-0DC7DBFE117D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9524E069-2A80-4068-9945-2752EF2126EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9E1B30CC-478C-4BD1-AF4C-D126B8CCE8D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1D713119-F9C6-4656-92C9-A5B863A4B72F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1A5E99C8-3778-416B-915F-7335C72435B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.6:*:*:*:*:*:*:*",
"matchCriteriaId": "578DCE6D-3360-43DA-B22E-E0005A6AF388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D7B93B-0CF5-4CAF-B1F4-8A816A427BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDAF214-1851-4DFC-ACAA-37D8CD83D323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B41BBCA6-237B-4CB6-9208-571D47251E18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FD6CAB29-56F9-4C54-97D8-CBB338658EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C69C603A-34A1-4EF9-A332-6984928BF72C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E8814493-75B4-45DD-886B-054A1C27F870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E98DCCDE-2800-4FC5-BE49-3EC7583F9768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.14:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2C126C-075D-42F0-B9DD-95267D14C818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.15:*:*:*:*:*:*:*",
"matchCriteriaId": "62379505-A869-48AA-8A32-768583F12266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.16:*:*:*:*:*:*:*",
"matchCriteriaId": "737C92B8-185F-4049-A7F4-D9D4DA6DDFDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.17:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF1EAD6-1BAF-4D5E-BEB1-BC433041482D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a denial of service (out-of-bounds memory access and daemon crash) via a Link State Update message with an invalid IPv6 prefix length."
},
{
"lang": "es",
"value": "La implementaci\u00f3n de OSPFv3 en ospf6d en Quagga anteriores a v0.99.19 permite a atacantes remotos causar una denegaci\u00f3n de servicio (acceso de memoria fuera de rango y la ca\u00edda del demonio) a trav\u00e9s de un mensaje de actualizaci\u00f3n de enlace del Estado con una longitud de prefijo IPv6 inv\u00e1lida."
}
],
"id": "CVE-2011-3323",
"lastModified": "2024-11-21T01:30:15.803",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-10-10T10:55:06.270",
"references": [
{
"source": "cret@cert.org",
"url": "http://code.quagga.net/?p=quagga.git%3Ba=commit%3Bh=abc7ef44ca05493500865ce81f7b84f5c4eb6594"
},
{
"source": "cret@cert.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00027.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00007.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00010.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html"
},
{
"source": "cret@cert.org",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1258.html"
},
{
"source": "cret@cert.org",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1259.html"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46139"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/46274"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/48106"
},
{
"source": "cret@cert.org",
"url": "http://security.gentoo.org/glsa/glsa-201202-02.xml"
},
{
"source": "cret@cert.org",
"url": "http://www.debian.org/security/2011/dsa-2316"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/668534"
},
{
"source": "cret@cert.org",
"url": "http://www.quagga.net/download/quagga-0.99.19.changelog.txt"
},
{
"source": "cret@cert.org",
"url": "https://www.cert.fi/en/reports/2011/vulnerability539178.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.quagga.net/?p=quagga.git%3Ba=commit%3Bh=abc7ef44ca05493500865ce81f7b84f5c4eb6594"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1258.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1259.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/46274"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/48106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201202-02.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/668534"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.quagga.net/download/quagga-0.99.19.changelog.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.cert.fi/en/reports/2011/vulnerability539178.html"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-29 18:55
Modified
2024-11-21 01:14
Severity ?
Summary
The extended-community parser in bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed Extended Communities attribute.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| quagga | quagga | * | |
| quagga | quagga | 0.95 | |
| quagga | quagga | 0.96 | |
| quagga | quagga | 0.96.1 | |
| quagga | quagga | 0.96.2 | |
| quagga | quagga | 0.96.3 | |
| quagga | quagga | 0.96.4 | |
| quagga | quagga | 0.96.5 | |
| quagga | quagga | 0.97.0 | |
| quagga | quagga | 0.97.1 | |
| quagga | quagga | 0.97.2 | |
| quagga | quagga | 0.97.3 | |
| quagga | quagga | 0.97.4 | |
| quagga | quagga | 0.97.5 | |
| quagga | quagga | 0.98.0 | |
| quagga | quagga | 0.98.1 | |
| quagga | quagga | 0.98.2 | |
| quagga | quagga | 0.98.3 | |
| quagga | quagga | 0.98.4 | |
| quagga | quagga | 0.98.5 | |
| quagga | quagga | 0.98.6 | |
| quagga | quagga | 0.99.1 | |
| quagga | quagga | 0.99.2 | |
| quagga | quagga | 0.99.3 | |
| quagga | quagga | 0.99.4 | |
| quagga | quagga | 0.99.5 | |
| quagga | quagga | 0.99.6 | |
| quagga | quagga | 0.99.7 | |
| quagga | quagga | 0.99.8 | |
| quagga | quagga | 0.99.9 | |
| quagga | quagga | 0.99.10 | |
| quagga | quagga | 0.99.11 | |
| quagga | quagga | 0.99.12 | |
| quagga | quagga | 0.99.13 | |
| quagga | quagga | 0.99.14 | |
| quagga | quagga | 0.99.15 | |
| quagga | quagga | 0.99.16 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC571045-E383-4B76-B026-629CFDA1E93F",
"versionEndIncluding": "0.99.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "CD7A8AD5-A315-4242-960C-05E792B30547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96:*:*:*:*:*:*:*",
"matchCriteriaId": "6B83BCE2-24D0-4B5B-A034-62BFF1894AE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FDD63DD9-1809-4CEC-AB69-955A7B127CA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A2AD1AD-DDE2-477B-8EFD-767B6FD8EDBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.3:*:*:*:*:*:*:*",
"matchCriteriaId": "99BD881B-9B53-4E12-B083-87C9C87CDF62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F910313F-FFE1-470A-A9B6-8A854C73DC97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9B0A9232-968D-4D3E-82A0-F5CC858EAF48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD5F4CFB-BE1F-4424-8D2F-B921704E3AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55FF13-8E56-4A27-B7FD-A855735E1045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F7DDBC3B-99BB-4404-9A73-90ED6581D69A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB09A713-E91E-44E7-8B82-F70F655A97B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.4:*:*:*:*:*:*:*",
"matchCriteriaId": "10173750-690B-4576-AB3F-11A0861AA78B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0EF8693A-D561-4D2E-BD60-5630601C6A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BE43983A-73CB-41A5-889B-1AEA9A27F440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB589E9-85C0-4E87-856B-A2832383B129",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CF5EB8A-8E46-4490-BA88-03D4BED3EB84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C6445BEF-245C-47CE-9779-96C97CFD4DA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.4:*:*:*:*:*:*:*",
"matchCriteriaId": "48D007FD-C1AD-477E-9AA5-DDB4522D3248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D6ADB9F6-B519-45D0-966F-F095372FBB49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6E914BAF-2E3A-415E-BAA7-FA02B4A22E25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55FCB7EC-8060-434B-B485-0DC7DBFE117D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9524E069-2A80-4068-9945-2752EF2126EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9E1B30CC-478C-4BD1-AF4C-D126B8CCE8D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1D713119-F9C6-4656-92C9-A5B863A4B72F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1A5E99C8-3778-416B-915F-7335C72435B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.6:*:*:*:*:*:*:*",
"matchCriteriaId": "578DCE6D-3360-43DA-B22E-E0005A6AF388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D7B93B-0CF5-4CAF-B1F4-8A816A427BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDAF214-1851-4DFC-ACAA-37D8CD83D323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B41BBCA6-237B-4CB6-9208-571D47251E18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FD6CAB29-56F9-4C54-97D8-CBB338658EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C69C603A-34A1-4EF9-A332-6984928BF72C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E8814493-75B4-45DD-886B-054A1C27F870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E98DCCDE-2800-4FC5-BE49-3EC7583F9768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.14:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2C126C-075D-42F0-B9DD-95267D14C818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.15:*:*:*:*:*:*:*",
"matchCriteriaId": "62379505-A869-48AA-8A32-768583F12266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.16:*:*:*:*:*:*:*",
"matchCriteriaId": "737C92B8-185F-4049-A7F4-D9D4DA6DDFDC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The extended-community parser in bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed Extended Communities attribute."
},
{
"lang": "es",
"value": "El parser \"extended-community\" de bgpd de Quagga en versiones anteriores a la 0.99.18 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (resoluci\u00f3n de puntero NULL y ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de un atributo \"Extended Communities\" mal formado."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/476.html \r\n\u0027CWE-476: NULL Pointer Dereference\u0027",
"id": "CVE-2010-1674",
"lastModified": "2024-11-21T01:14:58.020",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-03-29T18:55:01.127",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1258.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43499"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43770"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/48106"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201202-02.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2011/dsa-2197"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:058"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/71259"
},
{
"source": "cve@mitre.org",
"url": "http://www.quagga.net/news2.php?y=2011\u0026m=3\u0026d=21#id1300723200"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/46942"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0711"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=654603"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66211"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1258.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43499"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/48106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201202-02.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/71259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.quagga.net/news2.php?y=2011\u0026m=3\u0026d=21#id1300723200"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/46942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0711"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=654603"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66211"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-04-12 10:19
Modified
2024-11-21 00:29
Severity ?
Summary
bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| quagga | quagga | * | |
| quagga | quagga | 0.95 | |
| quagga | quagga | 0.96 | |
| quagga | quagga | 0.96.1 | |
| quagga | quagga | 0.96.2 | |
| quagga | quagga | 0.96.3 | |
| quagga | quagga | 0.96.4 | |
| quagga | quagga | 0.96.5 | |
| quagga | quagga | 0.97.0 | |
| quagga | quagga | 0.97.1 | |
| quagga | quagga | 0.97.2 | |
| quagga | quagga | 0.97.3 | |
| quagga | quagga | 0.97.4 | |
| quagga | quagga | 0.97.5 | |
| quagga | quagga | 0.98.0 | |
| quagga | quagga | 0.98.1 | |
| quagga | quagga | 0.98.2 | |
| quagga | quagga | 0.98.3 | |
| quagga | quagga | 0.98.4 | |
| quagga | quagga | 0.98.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4390D804-1FBF-4A25-8E44-9598A11657CA",
"versionEndIncluding": "0.98.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "CD7A8AD5-A315-4242-960C-05E792B30547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96:*:*:*:*:*:*:*",
"matchCriteriaId": "6B83BCE2-24D0-4B5B-A034-62BFF1894AE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FDD63DD9-1809-4CEC-AB69-955A7B127CA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A2AD1AD-DDE2-477B-8EFD-767B6FD8EDBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.3:*:*:*:*:*:*:*",
"matchCriteriaId": "99BD881B-9B53-4E12-B083-87C9C87CDF62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F910313F-FFE1-470A-A9B6-8A854C73DC97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.96.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9B0A9232-968D-4D3E-82A0-F5CC858EAF48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD5F4CFB-BE1F-4424-8D2F-B921704E3AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A55FF13-8E56-4A27-B7FD-A855735E1045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F7DDBC3B-99BB-4404-9A73-90ED6581D69A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB09A713-E91E-44E7-8B82-F70F655A97B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.4:*:*:*:*:*:*:*",
"matchCriteriaId": "10173750-690B-4576-AB3F-11A0861AA78B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.97.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0EF8693A-D561-4D2E-BD60-5630601C6A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BE43983A-73CB-41A5-889B-1AEA9A27F440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB589E9-85C0-4E87-856B-A2832383B129",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CF5EB8A-8E46-4490-BA88-03D4BED3EB84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C6445BEF-245C-47CE-9779-96C97CFD4DA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.4:*:*:*:*:*:*:*",
"matchCriteriaId": "48D007FD-C1AD-477E-9AA5-DDB4522D3248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D6ADB9F6-B519-45D0-966F-F095372FBB49",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read."
},
{
"lang": "es",
"value": "bgpd/bgp_attr.c en Quagga 0.98.6 y versiones anteriores, y 0.99.6 y versiones 0.99 anteriores, no validan la longitud de los valores en los atributos MP_REACH_NLRI y MP_UNREACH_NLRI, lo cual permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda o finalizaci\u00f3n de demonio) mediante mensajes UPDATE manipulados que disparan un error de aserci\u00f3n o lectura fuera de l\u00edmites."
}
],
"id": "CVE-2007-1995",
"lastModified": "2024-11-21T00:29:38.683",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-04-12T10:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugzilla.quagga.net/show_bug.cgi?id=354"
},
{
"source": "cve@mitre.org",
"url": "http://bugzilla.quagga.net/show_bug.cgi?id=355"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24808"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25084"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25119"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25255"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25293"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25312"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25428"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29743"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200705-05.xml"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-236141-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2007/dsa-1293"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:096"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2007_9_sr.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.015.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.quagga.net/news2.php?y=2007\u0026m=4\u0026d=8#id1176073740"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0389.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/23417"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018142"
},
{
"source": "cve@mitre.org",
"url": "http://www.trustix.org/errata/2007/0017/"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-461-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/1336"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/1195/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33547"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11048"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugzilla.quagga.net/show_bug.cgi?id=354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugzilla.quagga.net/show_bug.cgi?id=355"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24808"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25119"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25255"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25293"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25312"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25428"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29743"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200705-05.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-236141-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2007/dsa-1293"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:096"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_9_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.quagga.net/news2.php?y=2007\u0026m=4\u0026d=8#id1176073740"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0389.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/23417"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018142"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trustix.org/errata/2007/0017/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-461-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/1336"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/1195/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33547"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11048"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-14 17:21
Modified
2024-11-21 01:58
Severity ?
Summary
The bgp_attr_unknown function in bgp_attr.c in Quagga 0.99.21 does not properly initialize the total variable, which allows remote attackers to cause a denial of service (bgpd crash) via a crafted BGP update.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.21:*:*:*:*:*:*:*",
"matchCriteriaId": "4739E6D9-4F17-4CDA-8320-9832D65D94A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The bgp_attr_unknown function in bgp_attr.c in Quagga 0.99.21 does not properly initialize the total variable, which allows remote attackers to cause a denial of service (bgpd crash) via a crafted BGP update."
},
{
"lang": "es",
"value": "La funci\u00f3n bgp_attr_unknown en bgp_attr.c en Quagga 0.99.21 no inicializa correctamente la variable total, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda bgpd) a trav\u00e9s de una actualizaci\u00f3n manipulada de BGP."
}
],
"id": "CVE-2013-6051",
"lastModified": "2024-11-21T01:58:41.583",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-14T17:21:46.397",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730513"
},
{
"source": "cve@mitre.org",
"url": "http://git.savannah.gnu.org/gitweb/?p=quagga.git%3Ba=commitdiff%3Bh=8794e8d229dc9fe29ea31424883433d4880ef408"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2013/dsa-2803"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730513"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.savannah.gnu.org/gitweb/?p=quagga.git%3Ba=commitdiff%3Bh=8794e8d229dc9fe29ea31424883433d4880ef408"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2803"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-07-24 15:29
Modified
2024-11-21 03:25
Severity ?
Summary
Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State Advertisement (LSA) recency for LSAs with MaxSequenceNumber. According to RFC 2328 section 13.1, for two instances of the same LSA, recency is determined by first comparing sequence numbers, then checksums, and finally MaxAge. In a case where the sequence numbers are the same, the LSA with the larger checksum is considered more recent, and will not be flushed from the Link State Database (LSDB). Since the RFC does not explicitly state that the values of links carried by a LSA must be the same when prematurely aging a self-originating LSA with MaxSequenceNumber, it is possible in vulnerable OSPF implementations for an attacker to craft a LSA with MaxSequenceNumber and invalid links that will result in a larger checksum and thus a 'newer' LSA that will not be flushed from the LSDB. Propagation of the crafted LSA can result in the erasure or alteration of the routing tables of routers within the routing domain, creating a denial of service condition or the re-routing of traffic on the network. CVE-2017-3224 has been reserved for Quagga and downstream implementations (SUSE, openSUSE, and Red Hat packages).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | https://www.kb.cert.org/vuls/id/793496 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.kb.cert.org/vuls/id/793496 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| quagga | quagga | - | |
| suse | opensuse | - | |
| suse | suse_linux | - | |
| redhat | package_manager | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quagga:quagga:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C94C24FF-068A-4944-863B-9E936DD6DE32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:suse:opensuse:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12E45392-D24F-46FC-8DBC-456D2D6EDDB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FB65EF0-0E6A-4178-8564-3CC96891A072",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:package_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8B51A2D-AD64-4F47-A148-0565B6A1974D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State Advertisement (LSA) recency for LSAs with MaxSequenceNumber. According to RFC 2328 section 13.1, for two instances of the same LSA, recency is determined by first comparing sequence numbers, then checksums, and finally MaxAge. In a case where the sequence numbers are the same, the LSA with the larger checksum is considered more recent, and will not be flushed from the Link State Database (LSDB). Since the RFC does not explicitly state that the values of links carried by a LSA must be the same when prematurely aging a self-originating LSA with MaxSequenceNumber, it is possible in vulnerable OSPF implementations for an attacker to craft a LSA with MaxSequenceNumber and invalid links that will result in a larger checksum and thus a \u0027newer\u0027 LSA that will not be flushed from the LSDB. Propagation of the crafted LSA can result in the erasure or alteration of the routing tables of routers within the routing domain, creating a denial of service condition or the re-routing of traffic on the network. CVE-2017-3224 has been reserved for Quagga and downstream implementations (SUSE, openSUSE, and Red Hat packages)."
},
{
"lang": "es",
"value": "Las implementaciones del protocolo Open Shortest Path First (OSPF) podr\u00edan determinar el recency Link State Advertisement (LSA) para los LSA con MaxSequenceNumber. Seg\u00fan la secci\u00f3n 13.1 de RFC 2328, para dos instancias del mismo LSA, el recency se determina comparando, en primer lugar, los n\u00fameros de secuencia, las sumas de verificaci\u00f3n y, finalmente, MaxAge. En el caso en el que los n\u00fameros de secuencia son los mismos, el LSA con la suma de verificaci\u00f3n m\u00e1s grande se considera m\u00e1s reciente y no ser\u00e1 vaciado del LSDB (Link State Database). Debido a que el RFC no indica expl\u00edcitamente que los valores de los enlaces conducidos por un LSA deben ser los mismos cuando un LSA autogenerado se caduca prematuramente con MaxSequenceNumber, en las implementaciones OSPF vulnerables es posible que un atacante manipule un LSA con MaxSequenceNumber y enlaces inv\u00e1lidos que resultar\u00e1n en una suma de verificaci\u00f3n m\u00e1s grande y, por lo tanto, no se vaciar\u00e1 un LSA \"m\u00e1s nuevo\" desde el LSDB. La propagaci\u00f3n del LSA manipulado puede resultar en la eliminaci\u00f3n o alteraci\u00f3n de las tablas de enrutamiento en el dominio de enrutamiento, lo que crea una condici\u00f3n de denegaci\u00f3n de servicio (DoS) o el reenrutamiento de tr\u00e1fico en la red. CVE-2017-3224 ha sido reservado para Quagga y las implementaciones descendientes (paquetes SUSE, openSUSE y Red Hat)."
}
],
"id": "CVE-2017-3224",
"lastModified": "2024-11-21T03:25:04.350",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-24T15:29:00.890",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/793496"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/793496"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-354"
}
],
"source": "cret@cert.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-345"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-05-05 19:02
Modified
2024-11-21 00:10
Severity ?
Summary
RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly implement configurations that (1) disable RIPv1 or (2) require plaintext or MD5 authentication, which allows remote attackers to obtain sensitive information (routing state) via REQUEST packets such as SEND UPDATE.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quagga:quagga:0.98.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D6ADB9F6-B519-45D0-966F-F095372FBB49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:quagga:quagga:0.99.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9E1B30CC-478C-4BD1-AF4C-D126B8CCE8D6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly implement configurations that (1) disable RIPv1 or (2) require plaintext or MD5 authentication, which allows remote attackers to obtain sensitive information (routing state) via REQUEST packets such as SEND UPDATE."
},
{
"lang": "es",
"value": "RIPd en Quagga 0.98 y 0.99 anteriores a 20060503 no implementa adecuadamente configuraciones que (1) deshabiliten RIPv1 o (2) necesiten autenticaci\u00f3n MD5 o en texto plano, lo que permite a atacantes remotos obtener informaci\u00f3n sensible (estado de encaminamiento) mediante paquetes \"REQUEST\" como \"SEND UPDATE\".\u00ba"
}
],
"id": "CVE-2006-2223",
"lastModified": "2024-11-21T00:10:49.670",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-05-05T19:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc"
},
{
"source": "cve@mitre.org",
"url": "http://bugzilla.quagga.net/show_bug.cgi?id=261"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19910"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20137"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20138"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20221"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20420"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20421"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20782"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21159"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016204"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-1059"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200605-15.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2006_17_sr.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/25224"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0525.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0533.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/432822/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/432823/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/17808"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26243"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9985"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/284-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugzilla.quagga.net/show_bug.cgi?id=261"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19910"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20137"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20138"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20421"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20782"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21159"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016204"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200605-15.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2006_17_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/25224"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0525.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0533.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/432822/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/432823/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/17808"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26243"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9985"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/284-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-24 07:59
Modified
2024-11-21 03:27
Severity ?
Summary
All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading to a Denial-of-Service of Quagga daemons, or even the entire host. When Quagga daemons are configured with their telnet CLI enabled, anyone who can connect to the TCP ports can trigger this vulnerability, prior to authentication. Most distributions restrict the Quagga telnet interface to local access only by default. The Quagga telnet interface 'vty' input buffer grows automatically, without bound, so long as a newline is not entered. This allows an attacker to cause the Quagga daemon to allocate unbounded memory by sending very long strings without a newline. Eventually the daemon is terminated by the system, or the system itself runs out of memory. This is fixed in Quagga 1.1.1 and Free Range Routing (FRR) Protocol Suite 2017-01-10.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A460953-662D-47E0-B16E-06CFC2378895",
"versionEndIncluding": "1.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet \u0027vty\u0027 CLI, leading to a Denial-of-Service of Quagga daemons, or even the entire host. When Quagga daemons are configured with their telnet CLI enabled, anyone who can connect to the TCP ports can trigger this vulnerability, prior to authentication. Most distributions restrict the Quagga telnet interface to local access only by default. The Quagga telnet interface \u0027vty\u0027 input buffer grows automatically, without bound, so long as a newline is not entered. This allows an attacker to cause the Quagga daemon to allocate unbounded memory by sending very long strings without a newline. Eventually the daemon is terminated by the system, or the system itself runs out of memory. This is fixed in Quagga 1.1.1 and Free Range Routing (FRR) Protocol Suite 2017-01-10."
},
{
"lang": "es",
"value": "Todas las versiones de Quagga, 0.93 hasta la versi\u00f3n 1.1.0, son vulnerables a una asignaci\u00f3n de memoria ilimitada en la CLI de telnet \u0027vty\u0027, conduciendo a una denegaci\u00f3n de servicio de los demonios de Quagga, o incluso a todo el host. Cuando los demonios de Quagga son configurados con su CLI de telnet habilitada, cualquiera que pueda conectarse a los puertos TCP puede desencadenar esta vulnerabilidad antes de la autenticaci\u00f3n. La mayor\u00eda de las distribuciones restringen la interfaz de telnet de Quagga para el acceso local s\u00f3lo por defecto. El b\u00fafer de entrada \u0027vty\u0027 de la interfaz de telnet de Quagga crece autom\u00e1ticamente, sin limite, siempre y cuando no se introduzca una nueva l\u00ednea. Esto permite a un atacante hacer que el demonio de Quagga asigne memoria ilimitada enviando cadenas muy largas sin una nueva l\u00ednea. Eventualmente el demonio es finalizado por el sistema, o el propio sistema se queda sin memoria. Esto se corrige en Quagga 1.1.1 y Free Range Routing (FRR) Protocol Suite 2017-01-10."
}
],
"id": "CVE-2017-5495",
"lastModified": "2024-11-21T03:27:45.293",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-24T07:59:00.287",
"references": [
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0794.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://savannah.nongnu.org/forum/forum.php?forum_id=8783"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/95745"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1037688"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/freerangerouting/frr/pull/63"
},
{
"source": "cve@mitre.org",
"url": "https://lists.quagga.net/pipermail/quagga-dev/2017-January/016586.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0794.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://savannah.nongnu.org/forum/forum.php?forum_id=8783"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/95745"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037688"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/freerangerouting/frr/pull/63"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.quagga.net/pipermail/quagga-dev/2017-January/016586.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2012-0250
Vulnerability from cvelistv5
Published
2012-04-05 10:00
Modified
2024-08-06 18:16
Severity ?
EPSS score ?
Summary
Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (daemon crash) via a Link State Update (aka LS Update) packet containing a network-LSA link-state advertisement for which the data-structure length is smaller than the value in the Length header field.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2012-1259.html | vendor-advisory, x_refsource_REDHAT | |
| http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078910.html | vendor-advisory, x_refsource_FEDORA | |
| http://www.debian.org/security/2012/dsa-2459 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.kb.cert.org/vuls/id/551715 | third-party-advisory, x_refsource_CERT-VN | |
| http://secunia.com/advisories/48949 | third-party-advisory, x_refsource_SECUNIA | |
| http://rhn.redhat.com/errata/RHSA-2012-1258.html | vendor-advisory, x_refsource_REDHAT | |
| http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078926.html | vendor-advisory, x_refsource_FEDORA | |
| http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078794.html | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:16:20.090Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2012:1259",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1259.html"
},
{
"name": "FEDORA-2012-5411",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078910.html"
},
{
"name": "DSA-2459",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2459"
},
{
"name": "VU#551715",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/551715"
},
{
"name": "48949",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48949"
},
{
"name": "RHSA-2012:1258",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1258.html"
},
{
"name": "FEDORA-2012-5436",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078926.html"
},
{
"name": "FEDORA-2012-5352",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078794.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (daemon crash) via a Link State Update (aka LS Update) packet containing a network-LSA link-state advertisement for which the data-structure length is smaller than the value in the Length header field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-17T19:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "RHSA-2012:1259",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1259.html"
},
{
"name": "FEDORA-2012-5411",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078910.html"
},
{
"name": "DSA-2459",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2459"
},
{
"name": "VU#551715",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/551715"
},
{
"name": "48949",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48949"
},
{
"name": "RHSA-2012:1258",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1258.html"
},
{
"name": "FEDORA-2012-5436",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078926.html"
},
{
"name": "FEDORA-2012-5352",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078794.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-0250",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (daemon crash) via a Link State Update (aka LS Update) packet containing a network-LSA link-state advertisement for which the data-structure length is smaller than the value in the Length header field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2012:1259",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1259.html"
},
{
"name": "FEDORA-2012-5411",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078910.html"
},
{
"name": "DSA-2459",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2459"
},
{
"name": "VU#551715",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/551715"
},
{
"name": "48949",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48949"
},
{
"name": "RHSA-2012:1258",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1258.html"
},
{
"name": "FEDORA-2012-5436",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078926.html"
},
{
"name": "FEDORA-2012-5352",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078794.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2012-0250",
"datePublished": "2012-04-05T10:00:00",
"dateReserved": "2011-12-21T00:00:00",
"dateUpdated": "2024-08-06T18:16:20.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-2948
Vulnerability from cvelistv5
Published
2010-09-10 18:00
Modified
2024-08-07 02:55
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the bgp_route_refresh_receive function in bgp_packet.c in bgpd in Quagga before 0.99.17 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a malformed Outbound Route Filtering (ORF) record in a BGP ROUTE-REFRESH (RR) message.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:55:45.517Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2010-2304",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2304"
},
{
"name": "42635",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/42635"
},
{
"name": "42498",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42498"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=626783"
},
{
"name": "[oss-security] 20100824 CVE Request -- Quagga (bgpd) [two ids] -- 1, Stack buffer overflow by processing crafted Refresh-Route msgs 2, NULL ptr deref by parsing certain AS paths by BGP update request",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/08/24/3"
},
{
"name": "41238",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41238"
},
{
"name": "SUSE-SR:2010:022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.quagga.net/?p=quagga.git%3Ba=commit%3Bh=d64379e8f3c0636df53ed08d5b2f1946cfedd0e3"
},
{
"name": "41038",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41038"
},
{
"name": "GLSA-201202-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201202-02.xml"
},
{
"name": "42397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42397"
},
{
"name": "DSA-2104",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2104"
},
{
"name": "USN-1027-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1027-1"
},
{
"name": "42446",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42446"
},
{
"name": "SUSE-SU-2011:1316",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html"
},
{
"name": "MDVSA-2010:174",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:174"
},
{
"name": "48106",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48106"
},
{
"name": "ADV-2010-3097",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3097"
},
{
"name": "[oss-security] 20100825 Re: CVE Request -- Quagga (bgpd) [two ids] -- 1, Stack buffer overflow by processing crafted Refresh-Route msgs 2, NULL ptr deref by parsing certain AS paths by BGP update request",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/08/25/4"
},
{
"name": "RHSA-2010:0785",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0785.html"
},
{
"name": "RHSA-2010:0945",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0945.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.quagga.net/news2.php?y=2010\u0026m=8\u0026d=19"
},
{
"name": "ADV-2010-3124",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3124"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-08-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the bgp_route_refresh_receive function in bgp_packet.c in bgpd in Quagga before 0.99.17 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a malformed Outbound Route Filtering (ORF) record in a BGP ROUTE-REFRESH (RR) message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-05T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "ADV-2010-2304",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2304"
},
{
"name": "42635",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/42635"
},
{
"name": "42498",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42498"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=626783"
},
{
"name": "[oss-security] 20100824 CVE Request -- Quagga (bgpd) [two ids] -- 1, Stack buffer overflow by processing crafted Refresh-Route msgs 2, NULL ptr deref by parsing certain AS paths by BGP update request",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/08/24/3"
},
{
"name": "41238",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41238"
},
{
"name": "SUSE-SR:2010:022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.quagga.net/?p=quagga.git%3Ba=commit%3Bh=d64379e8f3c0636df53ed08d5b2f1946cfedd0e3"
},
{
"name": "41038",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41038"
},
{
"name": "GLSA-201202-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201202-02.xml"
},
{
"name": "42397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42397"
},
{
"name": "DSA-2104",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2104"
},
{
"name": "USN-1027-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1027-1"
},
{
"name": "42446",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42446"
},
{
"name": "SUSE-SU-2011:1316",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html"
},
{
"name": "MDVSA-2010:174",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:174"
},
{
"name": "48106",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48106"
},
{
"name": "ADV-2010-3097",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3097"
},
{
"name": "[oss-security] 20100825 Re: CVE Request -- Quagga (bgpd) [two ids] -- 1, Stack buffer overflow by processing crafted Refresh-Route msgs 2, NULL ptr deref by parsing certain AS paths by BGP update request",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/08/25/4"
},
{
"name": "RHSA-2010:0785",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0785.html"
},
{
"name": "RHSA-2010:0945",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0945.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.quagga.net/news2.php?y=2010\u0026m=8\u0026d=19"
},
{
"name": "ADV-2010-3124",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3124"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-2948",
"datePublished": "2010-09-10T18:00:00",
"dateReserved": "2010-08-04T00:00:00",
"dateUpdated": "2024-08-07T02:55:45.517Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-2949
Vulnerability from cvelistv5
Published
2010-09-10 18:00
Modified
2024-08-07 02:55
Severity ?
EPSS score ?
Summary
bgpd in Quagga before 0.99.17 does not properly parse AS paths, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unknown AS type in an AS path attribute in a BGP UPDATE message.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:55:45.507Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2010-2304",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2304"
},
{
"name": "42498",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42498"
},
{
"name": "[oss-security] 20100824 CVE Request -- Quagga (bgpd) [two ids] -- 1, Stack buffer overflow by processing crafted Refresh-Route msgs 2, NULL ptr deref by parsing certain AS paths by BGP update request",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/08/24/3"
},
{
"name": "41238",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41238"
},
{
"name": "SUSE-SR:2010:022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html"
},
{
"name": "42642",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/42642"
},
{
"name": "41038",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41038"
},
{
"name": "GLSA-201202-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201202-02.xml"
},
{
"name": "42397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42397"
},
{
"name": "DSA-2104",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2104"
},
{
"name": "USN-1027-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1027-1"
},
{
"name": "42446",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42446"
},
{
"name": "SUSE-SU-2011:1316",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.quagga.net/?p=quagga.git%3Ba=commit%3Bh=cddb8112b80fa9867156c637d63e6e79eeac67bb"
},
{
"name": "MDVSA-2010:174",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:174"
},
{
"name": "48106",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48106"
},
{
"name": "ADV-2010-3097",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3097"
},
{
"name": "[oss-security] 20100825 Re: CVE Request -- Quagga (bgpd) [two ids] -- 1, Stack buffer overflow by processing crafted Refresh-Route msgs 2, NULL ptr deref by parsing certain AS paths by BGP update request",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/08/25/4"
},
{
"name": "RHSA-2010:0945",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0945.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.quagga.net/news2.php?y=2010\u0026m=8\u0026d=19"
},
{
"name": "ADV-2010-3124",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3124"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=626795"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-08-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "bgpd in Quagga before 0.99.17 does not properly parse AS paths, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unknown AS type in an AS path attribute in a BGP UPDATE message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-05T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "ADV-2010-2304",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2304"
},
{
"name": "42498",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42498"
},
{
"name": "[oss-security] 20100824 CVE Request -- Quagga (bgpd) [two ids] -- 1, Stack buffer overflow by processing crafted Refresh-Route msgs 2, NULL ptr deref by parsing certain AS paths by BGP update request",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/08/24/3"
},
{
"name": "41238",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41238"
},
{
"name": "SUSE-SR:2010:022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html"
},
{
"name": "42642",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/42642"
},
{
"name": "41038",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41038"
},
{
"name": "GLSA-201202-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201202-02.xml"
},
{
"name": "42397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42397"
},
{
"name": "DSA-2104",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2104"
},
{
"name": "USN-1027-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1027-1"
},
{
"name": "42446",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42446"
},
{
"name": "SUSE-SU-2011:1316",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.quagga.net/?p=quagga.git%3Ba=commit%3Bh=cddb8112b80fa9867156c637d63e6e79eeac67bb"
},
{
"name": "MDVSA-2010:174",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:174"
},
{
"name": "48106",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48106"
},
{
"name": "ADV-2010-3097",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3097"
},
{
"name": "[oss-security] 20100825 Re: CVE Request -- Quagga (bgpd) [two ids] -- 1, Stack buffer overflow by processing crafted Refresh-Route msgs 2, NULL ptr deref by parsing certain AS paths by BGP update request",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/08/25/4"
},
{
"name": "RHSA-2010:0945",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0945.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.quagga.net/news2.php?y=2010\u0026m=8\u0026d=19"
},
{
"name": "ADV-2010-3124",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3124"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=626795"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-2949",
"datePublished": "2010-09-10T18:00:00",
"dateReserved": "2010-08-04T00:00:00",
"dateUpdated": "2024-08-07T02:55:45.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-0255
Vulnerability from cvelistv5
Published
2012-04-05 10:00
Modified
2024-08-06 18:16
Severity ?
EPSS score ?
Summary
The BGP implementation in bgpd in Quagga before 0.99.20.1 does not properly use message buffers for OPEN messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a message associated with a malformed Four-octet AS Number Capability (aka AS4 capability).
References
| ▼ | URL | Tags |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2012-1259.html | vendor-advisory, x_refsource_REDHAT | |
| http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078910.html | vendor-advisory, x_refsource_FEDORA | |
| http://www.debian.org/security/2012/dsa-2459 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.kb.cert.org/vuls/id/551715 | third-party-advisory, x_refsource_CERT-VN | |
| http://secunia.com/advisories/48949 | third-party-advisory, x_refsource_SECUNIA | |
| http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078926.html | vendor-advisory, x_refsource_FEDORA | |
| http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078794.html | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:16:19.957Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2012:1259",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1259.html"
},
{
"name": "FEDORA-2012-5411",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078910.html"
},
{
"name": "DSA-2459",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2459"
},
{
"name": "VU#551715",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/551715"
},
{
"name": "48949",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48949"
},
{
"name": "FEDORA-2012-5436",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078926.html"
},
{
"name": "FEDORA-2012-5352",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078794.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The BGP implementation in bgpd in Quagga before 0.99.20.1 does not properly use message buffers for OPEN messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a message associated with a malformed Four-octet AS Number Capability (aka AS4 capability)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-17T19:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "RHSA-2012:1259",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1259.html"
},
{
"name": "FEDORA-2012-5411",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078910.html"
},
{
"name": "DSA-2459",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2459"
},
{
"name": "VU#551715",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/551715"
},
{
"name": "48949",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48949"
},
{
"name": "FEDORA-2012-5436",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078926.html"
},
{
"name": "FEDORA-2012-5352",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078794.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-0255",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The BGP implementation in bgpd in Quagga before 0.99.20.1 does not properly use message buffers for OPEN messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a message associated with a malformed Four-octet AS Number Capability (aka AS4 capability)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2012:1259",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1259.html"
},
{
"name": "FEDORA-2012-5411",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078910.html"
},
{
"name": "DSA-2459",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2459"
},
{
"name": "VU#551715",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/551715"
},
{
"name": "48949",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48949"
},
{
"name": "FEDORA-2012-5436",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078926.html"
},
{
"name": "FEDORA-2012-5352",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078794.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2012-0255",
"datePublished": "2012-04-05T10:00:00",
"dateReserved": "2011-12-21T00:00:00",
"dateUpdated": "2024-08-06T18:16:19.957Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-6051
Vulnerability from cvelistv5
Published
2013-12-14 17:00
Modified
2024-08-06 17:29
Severity ?
EPSS score ?
Summary
The bgp_attr_unknown function in bgp_attr.c in Quagga 0.99.21 does not properly initialize the total variable, which allows remote attackers to cause a denial of service (bgpd crash) via a crafted BGP update.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2013/dsa-2803 | vendor-advisory, x_refsource_DEBIAN | |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730513 | x_refsource_CONFIRM | |
| http://git.savannah.gnu.org/gitweb/?p=quagga.git%3Ba=commitdiff%3Bh=8794e8d229dc9fe29ea31424883433d4880ef408 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:42.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-2803",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2803"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730513"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://git.savannah.gnu.org/gitweb/?p=quagga.git%3Ba=commitdiff%3Bh=8794e8d229dc9fe29ea31424883433d4880ef408"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The bgp_attr_unknown function in bgp_attr.c in Quagga 0.99.21 does not properly initialize the total variable, which allows remote attackers to cause a denial of service (bgpd crash) via a crafted BGP update."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-14T16:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-2803",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2803"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730513"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://git.savannah.gnu.org/gitweb/?p=quagga.git%3Ba=commitdiff%3Bh=8794e8d229dc9fe29ea31424883433d4880ef408"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6051",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The bgp_attr_unknown function in bgp_attr.c in Quagga 0.99.21 does not properly initialize the total variable, which allows remote attackers to cause a denial of service (bgpd crash) via a crafted BGP update."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2803",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2803"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730513",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730513"
},
{
"name": "http://git.savannah.gnu.org/gitweb/?p=quagga.git;a=commitdiff;h=8794e8d229dc9fe29ea31424883433d4880ef408",
"refsource": "MISC",
"url": "http://git.savannah.gnu.org/gitweb/?p=quagga.git;a=commitdiff;h=8794e8d229dc9fe29ea31424883433d4880ef408"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-6051",
"datePublished": "2013-12-14T17:00:00",
"dateReserved": "2013-10-08T00:00:00",
"dateUpdated": "2024-08-06T17:29:42.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-3224
Vulnerability from cvelistv5
Published
2018-07-24 15:00
Modified
2024-08-05 14:16
Severity ?
EPSS score ?
Summary
Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State Advertisement (LSA) recency for LSAs with MaxSequenceNumber. According to RFC 2328 section 13.1, for two instances of the same LSA, recency is determined by first comparing sequence numbers, then checksums, and finally MaxAge. In a case where the sequence numbers are the same, the LSA with the larger checksum is considered more recent, and will not be flushed from the Link State Database (LSDB). Since the RFC does not explicitly state that the values of links carried by a LSA must be the same when prematurely aging a self-originating LSA with MaxSequenceNumber, it is possible in vulnerable OSPF implementations for an attacker to craft a LSA with MaxSequenceNumber and invalid links that will result in a larger checksum and thus a 'newer' LSA that will not be flushed from the LSDB. Propagation of the crafted LSA can result in the erasure or alteration of the routing tables of routers within the routing domain, creating a denial of service condition or the re-routing of traffic on the network. CVE-2017-3224 has been reserved for Quagga and downstream implementations (SUSE, openSUSE, and Red Hat packages).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.kb.cert.org/vuls/id/793496 | third-party-advisory, x_refsource_CERT-VN |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Open Shortest Path First (OSPF) | Protocol | |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:16:28.299Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#793496",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/793496"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Protocol",
"vendor": "Open Shortest Path First (OSPF)",
"versions": [
{
"status": "unknown",
"version": "N/A"
}
]
}
],
"datePublic": "2017-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State Advertisement (LSA) recency for LSAs with MaxSequenceNumber. According to RFC 2328 section 13.1, for two instances of the same LSA, recency is determined by first comparing sequence numbers, then checksums, and finally MaxAge. In a case where the sequence numbers are the same, the LSA with the larger checksum is considered more recent, and will not be flushed from the Link State Database (LSDB). Since the RFC does not explicitly state that the values of links carried by a LSA must be the same when prematurely aging a self-originating LSA with MaxSequenceNumber, it is possible in vulnerable OSPF implementations for an attacker to craft a LSA with MaxSequenceNumber and invalid links that will result in a larger checksum and thus a \u0027newer\u0027 LSA that will not be flushed from the LSDB. Propagation of the crafted LSA can result in the erasure or alteration of the routing tables of routers within the routing domain, creating a denial of service condition or the re-routing of traffic on the network. CVE-2017-3224 has been reserved for Quagga and downstream implementations (SUSE, openSUSE, and Red Hat packages)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-354",
"description": "CWE-354",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-24T14:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#793496",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/793496"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Open Shortest Path First (OSPF) protocol implementations may improperly determine LSA recency in affected Quagga and downstream implementations (SUSE, openSUSE, and Red Hat packages)",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2017-3224",
"STATE": "PUBLIC",
"TITLE": "Open Shortest Path First (OSPF) protocol implementations may improperly determine LSA recency in affected Quagga and downstream implementations (SUSE, openSUSE, and Red Hat packages)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Protocol",
"version": {
"version_data": [
{
"affected": "?",
"version_affected": "?",
"version_value": "N/A"
}
]
}
}
]
},
"vendor_name": "Open Shortest Path First (OSPF)"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State Advertisement (LSA) recency for LSAs with MaxSequenceNumber. According to RFC 2328 section 13.1, for two instances of the same LSA, recency is determined by first comparing sequence numbers, then checksums, and finally MaxAge. In a case where the sequence numbers are the same, the LSA with the larger checksum is considered more recent, and will not be flushed from the Link State Database (LSDB). Since the RFC does not explicitly state that the values of links carried by a LSA must be the same when prematurely aging a self-originating LSA with MaxSequenceNumber, it is possible in vulnerable OSPF implementations for an attacker to craft a LSA with MaxSequenceNumber and invalid links that will result in a larger checksum and thus a \u0027newer\u0027 LSA that will not be flushed from the LSDB. Propagation of the crafted LSA can result in the erasure or alteration of the routing tables of routers within the routing domain, creating a denial of service condition or the re-routing of traffic on the network. CVE-2017-3224 has been reserved for Quagga and downstream implementations (SUSE, openSUSE, and Red Hat packages)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-354"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#793496",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/793496"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2017-3224",
"datePublished": "2018-07-24T15:00:00",
"dateReserved": "2016-12-05T00:00:00",
"dateUpdated": "2024-08-05T14:16:28.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-5380
Vulnerability from cvelistv5
Published
2018-02-19 13:00
Modified
2024-09-17 01:05
Severity ?
EPSS score ?
Summary
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input.
References
| ▼ | URL | Tags |
|---|---|---|
| https://usn.ubuntu.com/3573-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://www.debian.org/security/2018/dsa-4115 | vendor-advisory, x_refsource_DEBIAN | |
| http://savannah.nongnu.org/forum/forum.php?forum_id=9095 | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/201804-17 | vendor-advisory, x_refsource_GENTOO | |
| https://lists.debian.org/debian-lts-announce/2018/02/msg00021.html | mailing-list, x_refsource_MLIST | |
| https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1550.txt | x_refsource_CONFIRM | |
| http://www.kb.cert.org/vuls/id/940439 | third-party-advisory, x_refsource_CERT-VN | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdf | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:44.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3573-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3573-1/"
},
{
"name": "DSA-4115",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4115"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://savannah.nongnu.org/forum/forum.php?forum_id=9095"
},
{
"name": "GLSA-201804-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201804-17"
},
{
"name": "[debian-lts-announce] 20180216 [SECURITY] [DLA 1286-1] quagga security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1550.txt"
},
{
"name": "VU#940439",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/940439"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "bgpd",
"vendor": "Quagga",
"versions": [
{
"lessThan": "1.2.3",
"status": "affected",
"version": "bpgd",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-02-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-09T12:06:07",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "USN-3573-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3573-1/"
},
{
"name": "DSA-4115",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4115"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://savannah.nongnu.org/forum/forum.php?forum_id=9095"
},
{
"name": "GLSA-201804-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201804-17"
},
{
"name": "[debian-lts-announce] 20180216 [SECURITY] [DLA 1286-1] quagga security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1550.txt"
},
{
"name": "VU#940439",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/940439"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2018-02-15T00:00:00.000Z",
"ID": "CVE-2018-5380",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "bgpd",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "bpgd",
"version_value": "1.2.3"
}
]
}
}
]
},
"vendor_name": "Quagga"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3573-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3573-1/"
},
{
"name": "DSA-4115",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4115"
},
{
"name": "http://savannah.nongnu.org/forum/forum.php?forum_id=9095",
"refsource": "CONFIRM",
"url": "http://savannah.nongnu.org/forum/forum.php?forum_id=9095"
},
{
"name": "GLSA-201804-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201804-17"
},
{
"name": "[debian-lts-announce] 20180216 [SECURITY] [DLA 1286-1] quagga security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00021.html"
},
{
"name": "https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1550.txt",
"refsource": "CONFIRM",
"url": "https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1550.txt"
},
{
"name": "VU#940439",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/940439"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdf"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2018-5380",
"datePublished": "2018-02-19T13:00:00Z",
"dateReserved": "2018-01-12T00:00:00",
"dateUpdated": "2024-09-17T01:05:46.243Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1674
Vulnerability from cvelistv5
Published
2011-03-29 18:00
Modified
2024-08-07 01:35
Severity ?
EPSS score ?
Summary
The extended-community parser in bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed Extended Communities attribute.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:35:53.351Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46942",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46942"
},
{
"name": "SUSE-SR:2011:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
},
{
"name": "GLSA-201202-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201202-02.xml"
},
{
"name": "RHSA-2012:1258",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1258.html"
},
{
"name": "SUSE-SU-2011:1316",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=654603"
},
{
"name": "43770",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43770"
},
{
"name": "48106",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48106"
},
{
"name": "DSA-2197",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2197"
},
{
"name": "ADV-2011-0711",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0711"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.quagga.net/news2.php?y=2011\u0026m=3\u0026d=21#id1300723200"
},
{
"name": "MDVSA-2011:058",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:058"
},
{
"name": "quagga-community-dos(66211)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66211"
},
{
"name": "71259",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/71259"
},
{
"name": "43499",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43499"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The extended-community parser in bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed Extended Communities attribute."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "46942",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46942"
},
{
"name": "SUSE-SR:2011:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
},
{
"name": "GLSA-201202-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201202-02.xml"
},
{
"name": "RHSA-2012:1258",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1258.html"
},
{
"name": "SUSE-SU-2011:1316",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=654603"
},
{
"name": "43770",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43770"
},
{
"name": "48106",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48106"
},
{
"name": "DSA-2197",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2197"
},
{
"name": "ADV-2011-0711",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0711"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.quagga.net/news2.php?y=2011\u0026m=3\u0026d=21#id1300723200"
},
{
"name": "MDVSA-2011:058",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:058"
},
{
"name": "quagga-community-dos(66211)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66211"
},
{
"name": "71259",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/71259"
},
{
"name": "43499",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43499"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1674",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The extended-community parser in bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed Extended Communities attribute."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46942",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46942"
},
{
"name": "SUSE-SR:2011:005",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
},
{
"name": "GLSA-201202-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201202-02.xml"
},
{
"name": "RHSA-2012:1258",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1258.html"
},
{
"name": "SUSE-SU-2011:1316",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=654603",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=654603"
},
{
"name": "43770",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43770"
},
{
"name": "48106",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48106"
},
{
"name": "DSA-2197",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2197"
},
{
"name": "ADV-2011-0711",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0711"
},
{
"name": "http://www.quagga.net/news2.php?y=2011\u0026m=3\u0026d=21#id1300723200",
"refsource": "CONFIRM",
"url": "http://www.quagga.net/news2.php?y=2011\u0026m=3\u0026d=21#id1300723200"
},
{
"name": "MDVSA-2011:058",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:058"
},
{
"name": "quagga-community-dos(66211)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66211"
},
{
"name": "71259",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/71259"
},
{
"name": "43499",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43499"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1674",
"datePublished": "2011-03-29T18:00:00",
"dateReserved": "2010-04-30T00:00:00",
"dateUpdated": "2024-08-07T01:35:53.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-1995
Vulnerability from cvelistv5
Published
2007-04-12 10:00
Modified
2024-08-07 13:13
Severity ?
EPSS score ?
Summary
bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:13:42.070Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1018142",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018142"
},
{
"name": "25119",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25119"
},
{
"name": "25084",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25084"
},
{
"name": "25312",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25312"
},
{
"name": "ADV-2007-1336",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1336"
},
{
"name": "ADV-2008-1195",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1195/references"
},
{
"name": "23417",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23417"
},
{
"name": "236141",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-236141-1"
},
{
"name": "DSA-1293",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1293"
},
{
"name": "24808",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24808"
},
{
"name": "25428",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25428"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugzilla.quagga.net/show_bug.cgi?id=354"
},
{
"name": "2007-0017",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2007/0017/"
},
{
"name": "OpenPKG-SA-2007.015",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG",
"x_transferred"
],
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.015.html"
},
{
"name": "RHSA-2007:0389",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0389.html"
},
{
"name": "SUSE-SR:2007:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_9_sr.html"
},
{
"name": "oval:org.mitre.oval:def:11048",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11048"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.quagga.net/news2.php?y=2007\u0026m=4\u0026d=8#id1176073740"
},
{
"name": "25293",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25293"
},
{
"name": "quagga-bgpattributes-dos(33547)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33547"
},
{
"name": "29743",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29743"
},
{
"name": "USN-461-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-461-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugzilla.quagga.net/show_bug.cgi?id=355"
},
{
"name": "MDKSA-2007:096",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:096"
},
{
"name": "25255",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25255"
},
{
"name": "GLSA-200705-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200705-05.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1018142",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018142"
},
{
"name": "25119",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25119"
},
{
"name": "25084",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25084"
},
{
"name": "25312",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25312"
},
{
"name": "ADV-2007-1336",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1336"
},
{
"name": "ADV-2008-1195",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1195/references"
},
{
"name": "23417",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23417"
},
{
"name": "236141",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-236141-1"
},
{
"name": "DSA-1293",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1293"
},
{
"name": "24808",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24808"
},
{
"name": "25428",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25428"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugzilla.quagga.net/show_bug.cgi?id=354"
},
{
"name": "2007-0017",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2007/0017/"
},
{
"name": "OpenPKG-SA-2007.015",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG"
],
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.015.html"
},
{
"name": "RHSA-2007:0389",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0389.html"
},
{
"name": "SUSE-SR:2007:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_9_sr.html"
},
{
"name": "oval:org.mitre.oval:def:11048",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11048"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.quagga.net/news2.php?y=2007\u0026m=4\u0026d=8#id1176073740"
},
{
"name": "25293",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25293"
},
{
"name": "quagga-bgpattributes-dos(33547)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33547"
},
{
"name": "29743",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29743"
},
{
"name": "USN-461-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-461-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugzilla.quagga.net/show_bug.cgi?id=355"
},
{
"name": "MDKSA-2007:096",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:096"
},
{
"name": "25255",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25255"
},
{
"name": "GLSA-200705-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200705-05.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1995",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1018142",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018142"
},
{
"name": "25119",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25119"
},
{
"name": "25084",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25084"
},
{
"name": "25312",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25312"
},
{
"name": "ADV-2007-1336",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1336"
},
{
"name": "ADV-2008-1195",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1195/references"
},
{
"name": "23417",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23417"
},
{
"name": "236141",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-236141-1"
},
{
"name": "DSA-1293",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1293"
},
{
"name": "24808",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24808"
},
{
"name": "25428",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25428"
},
{
"name": "http://bugzilla.quagga.net/show_bug.cgi?id=354",
"refsource": "CONFIRM",
"url": "http://bugzilla.quagga.net/show_bug.cgi?id=354"
},
{
"name": "2007-0017",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2007/0017/"
},
{
"name": "OpenPKG-SA-2007.015",
"refsource": "OPENPKG",
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.015.html"
},
{
"name": "RHSA-2007:0389",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0389.html"
},
{
"name": "SUSE-SR:2007:009",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_9_sr.html"
},
{
"name": "oval:org.mitre.oval:def:11048",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11048"
},
{
"name": "http://www.quagga.net/news2.php?y=2007\u0026m=4\u0026d=8#id1176073740",
"refsource": "CONFIRM",
"url": "http://www.quagga.net/news2.php?y=2007\u0026m=4\u0026d=8#id1176073740"
},
{
"name": "25293",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25293"
},
{
"name": "quagga-bgpattributes-dos(33547)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33547"
},
{
"name": "29743",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29743"
},
{
"name": "USN-461-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-461-1"
},
{
"name": "http://bugzilla.quagga.net/show_bug.cgi?id=355",
"refsource": "CONFIRM",
"url": "http://bugzilla.quagga.net/show_bug.cgi?id=355"
},
{
"name": "MDKSA-2007:096",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:096"
},
{
"name": "25255",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25255"
},
{
"name": "GLSA-200705-05",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200705-05.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1995",
"datePublished": "2007-04-12T10:00:00",
"dateReserved": "2007-04-11T00:00:00",
"dateUpdated": "2024-08-07T13:13:42.070Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1675
Vulnerability from cvelistv5
Published
2011-03-29 18:00
Modified
2024-08-07 01:35
Severity ?
EPSS score ?
Summary
bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (session reset) via a malformed AS_PATHLIMIT path attribute.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:35:53.453Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=654614"
},
{
"name": "71258",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/71258"
},
{
"name": "SUSE-SR:2011:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
},
{
"name": "quagga-aspath-dos(66212)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66212"
},
{
"name": "GLSA-201202-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201202-02.xml"
},
{
"name": "SUSE-SU-2011:1316",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html"
},
{
"name": "43770",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43770"
},
{
"name": "48106",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48106"
},
{
"name": "DSA-2197",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2197"
},
{
"name": "ADV-2011-0711",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0711"
},
{
"name": "46943",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46943"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.quagga.net/news2.php?y=2011\u0026m=3\u0026d=21#id1300723200"
},
{
"name": "MDVSA-2011:058",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:058"
},
{
"name": "43499",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43499"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (session reset) via a malformed AS_PATHLIMIT path attribute."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=654614"
},
{
"name": "71258",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/71258"
},
{
"name": "SUSE-SR:2011:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
},
{
"name": "quagga-aspath-dos(66212)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66212"
},
{
"name": "GLSA-201202-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201202-02.xml"
},
{
"name": "SUSE-SU-2011:1316",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html"
},
{
"name": "43770",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43770"
},
{
"name": "48106",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48106"
},
{
"name": "DSA-2197",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2197"
},
{
"name": "ADV-2011-0711",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0711"
},
{
"name": "46943",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46943"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.quagga.net/news2.php?y=2011\u0026m=3\u0026d=21#id1300723200"
},
{
"name": "MDVSA-2011:058",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:058"
},
{
"name": "43499",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43499"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1675",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (session reset) via a malformed AS_PATHLIMIT path attribute."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=654614",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=654614"
},
{
"name": "71258",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/71258"
},
{
"name": "SUSE-SR:2011:005",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
},
{
"name": "quagga-aspath-dos(66212)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66212"
},
{
"name": "GLSA-201202-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201202-02.xml"
},
{
"name": "SUSE-SU-2011:1316",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html"
},
{
"name": "43770",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43770"
},
{
"name": "48106",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48106"
},
{
"name": "DSA-2197",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2197"
},
{
"name": "ADV-2011-0711",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0711"
},
{
"name": "46943",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46943"
},
{
"name": "http://www.quagga.net/news2.php?y=2011\u0026m=3\u0026d=21#id1300723200",
"refsource": "CONFIRM",
"url": "http://www.quagga.net/news2.php?y=2011\u0026m=3\u0026d=21#id1300723200"
},
{
"name": "MDVSA-2011:058",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:058"
},
{
"name": "43499",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43499"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1675",
"datePublished": "2011-03-29T18:00:00",
"dateReserved": "2010-04-30T00:00:00",
"dateUpdated": "2024-08-07T01:35:53.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-5495
Vulnerability from cvelistv5
Published
2017-01-24 07:40
Modified
2024-08-05 15:04
Severity ?
EPSS score ?
Summary
All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading to a Denial-of-Service of Quagga daemons, or even the entire host. When Quagga daemons are configured with their telnet CLI enabled, anyone who can connect to the TCP ports can trigger this vulnerability, prior to authentication. Most distributions restrict the Quagga telnet interface to local access only by default. The Quagga telnet interface 'vty' input buffer grows automatically, without bound, so long as a newline is not entered. This allows an attacker to cause the Quagga daemon to allocate unbounded memory by sending very long strings without a newline. Eventually the daemon is terminated by the system, or the system itself runs out of memory. This is fixed in Quagga 1.1.1 and Free Range Routing (FRR) Protocol Suite 2017-01-10.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2017-0794.html | vendor-advisory, x_refsource_REDHAT | |
| http://savannah.nongnu.org/forum/forum.php?forum_id=8783 | x_refsource_CONFIRM | |
| https://github.com/freerangerouting/frr/pull/63 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1037688 | vdb-entry, x_refsource_SECTRACK | |
| https://lists.quagga.net/pipermail/quagga-dev/2017-January/016586.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/95745 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:04:14.942Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:0794",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0794.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://savannah.nongnu.org/forum/forum.php?forum_id=8783"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/freerangerouting/frr/pull/63"
},
{
"name": "1037688",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037688"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lists.quagga.net/pipermail/quagga-dev/2017-January/016586.html"
},
{
"name": "95745",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95745"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet \u0027vty\u0027 CLI, leading to a Denial-of-Service of Quagga daemons, or even the entire host. When Quagga daemons are configured with their telnet CLI enabled, anyone who can connect to the TCP ports can trigger this vulnerability, prior to authentication. Most distributions restrict the Quagga telnet interface to local access only by default. The Quagga telnet interface \u0027vty\u0027 input buffer grows automatically, without bound, so long as a newline is not entered. This allows an attacker to cause the Quagga daemon to allocate unbounded memory by sending very long strings without a newline. Eventually the daemon is terminated by the system, or the system itself runs out of memory. This is fixed in Quagga 1.1.1 and Free Range Routing (FRR) Protocol Suite 2017-01-10."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2017:0794",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0794.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://savannah.nongnu.org/forum/forum.php?forum_id=8783"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/freerangerouting/frr/pull/63"
},
{
"name": "1037688",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037688"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lists.quagga.net/pipermail/quagga-dev/2017-January/016586.html"
},
{
"name": "95745",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95745"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet \u0027vty\u0027 CLI, leading to a Denial-of-Service of Quagga daemons, or even the entire host. When Quagga daemons are configured with their telnet CLI enabled, anyone who can connect to the TCP ports can trigger this vulnerability, prior to authentication. Most distributions restrict the Quagga telnet interface to local access only by default. The Quagga telnet interface \u0027vty\u0027 input buffer grows automatically, without bound, so long as a newline is not entered. This allows an attacker to cause the Quagga daemon to allocate unbounded memory by sending very long strings without a newline. Eventually the daemon is terminated by the system, or the system itself runs out of memory. This is fixed in Quagga 1.1.1 and Free Range Routing (FRR) Protocol Suite 2017-01-10."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:0794",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0794.html"
},
{
"name": "http://savannah.nongnu.org/forum/forum.php?forum_id=8783",
"refsource": "CONFIRM",
"url": "http://savannah.nongnu.org/forum/forum.php?forum_id=8783"
},
{
"name": "https://github.com/freerangerouting/frr/pull/63",
"refsource": "CONFIRM",
"url": "https://github.com/freerangerouting/frr/pull/63"
},
{
"name": "1037688",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037688"
},
{
"name": "https://lists.quagga.net/pipermail/quagga-dev/2017-January/016586.html",
"refsource": "CONFIRM",
"url": "https://lists.quagga.net/pipermail/quagga-dev/2017-January/016586.html"
},
{
"name": "95745",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95745"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5495",
"datePublished": "2017-01-24T07:40:00",
"dateReserved": "2017-01-15T00:00:00",
"dateUpdated": "2024-08-05T15:04:14.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0795
Vulnerability from cvelistv5
Published
2003-11-18 05:00
Modified
2024-08-08 02:05
Severity ?
EPSS score ?
Summary
The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.redhat.com/support/errata/RHSA-2003-305.html | vendor-advisory, x_refsource_REDHAT | |
| http://marc.info/?l=bugtraq&m=106883387304266&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.debian.org/security/2004/dsa-415 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/10563 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.redhat.com/support/errata/RHSA-2003-307.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:12.613Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2003:305",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-305.html"
},
{
"name": "20031114 Quagga remote vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106883387304266\u0026w=2"
},
{
"name": "DSA-415",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-415"
},
{
"name": "10563",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/10563"
},
{
"name": "RHSA-2003:307",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-307.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-11-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2003:305",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-305.html"
},
{
"name": "20031114 Quagga remote vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106883387304266\u0026w=2"
},
{
"name": "DSA-415",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-415"
},
{
"name": "10563",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/10563"
},
{
"name": "RHSA-2003:307",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-307.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0795",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2003:305",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-305.html"
},
{
"name": "20031114 Quagga remote vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106883387304266\u0026w=2"
},
{
"name": "DSA-415",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-415"
},
{
"name": "10563",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10563"
},
{
"name": "RHSA-2003:307",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-307.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0795",
"datePublished": "2003-11-18T05:00:00",
"dateReserved": "2003-09-17T00:00:00",
"dateUpdated": "2024-08-08T02:05:12.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-3323
Vulnerability from cvelistv5
Published
2011-10-10 10:00
Modified
2024-08-06 23:29
Severity ?
EPSS score ?
Summary
The OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a denial of service (out-of-bounds memory access and daemon crash) via a Link State Update message with an invalid IPv6 prefix length.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:29:56.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.quagga.net/?p=quagga.git%3Ba=commit%3Bh=abc7ef44ca05493500865ce81f7b84f5c4eb6594"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.quagga.net/download/quagga-0.99.19.changelog.txt"
},
{
"name": "VU#668534",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/668534"
},
{
"name": "DSA-2316",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2316"
},
{
"name": "RHSA-2012:1259",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1259.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cert.fi/en/reports/2011/vulnerability539178.html"
},
{
"name": "46139",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46139"
},
{
"name": "SUSE-SU-2011:1075",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00027.html"
},
{
"name": "openSUSE-SU-2011:1155",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00007.html"
},
{
"name": "GLSA-201202-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201202-02.xml"
},
{
"name": "RHSA-2012:1258",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1258.html"
},
{
"name": "SUSE-SU-2011:1316",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html"
},
{
"name": "46274",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46274"
},
{
"name": "48106",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48106"
},
{
"name": "SUSE-SU-2011:1171",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00010.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a denial of service (out-of-bounds memory access and daemon crash) via a Link State Update message with an invalid IPv6 prefix length."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-05T18:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.quagga.net/?p=quagga.git%3Ba=commit%3Bh=abc7ef44ca05493500865ce81f7b84f5c4eb6594"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.quagga.net/download/quagga-0.99.19.changelog.txt"
},
{
"name": "VU#668534",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/668534"
},
{
"name": "DSA-2316",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2316"
},
{
"name": "RHSA-2012:1259",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1259.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cert.fi/en/reports/2011/vulnerability539178.html"
},
{
"name": "46139",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46139"
},
{
"name": "SUSE-SU-2011:1075",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00027.html"
},
{
"name": "openSUSE-SU-2011:1155",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00007.html"
},
{
"name": "GLSA-201202-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201202-02.xml"
},
{
"name": "RHSA-2012:1258",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1258.html"
},
{
"name": "SUSE-SU-2011:1316",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html"
},
{
"name": "46274",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46274"
},
{
"name": "48106",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48106"
},
{
"name": "SUSE-SU-2011:1171",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00010.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-3323",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a denial of service (out-of-bounds memory access and daemon crash) via a Link State Update message with an invalid IPv6 prefix length."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code.quagga.net/?p=quagga.git;a=commit;h=abc7ef44ca05493500865ce81f7b84f5c4eb6594",
"refsource": "CONFIRM",
"url": "http://code.quagga.net/?p=quagga.git;a=commit;h=abc7ef44ca05493500865ce81f7b84f5c4eb6594"
},
{
"name": "http://www.quagga.net/download/quagga-0.99.19.changelog.txt",
"refsource": "CONFIRM",
"url": "http://www.quagga.net/download/quagga-0.99.19.changelog.txt"
},
{
"name": "VU#668534",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/668534"
},
{
"name": "DSA-2316",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2316"
},
{
"name": "RHSA-2012:1259",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1259.html"
},
{
"name": "https://www.cert.fi/en/reports/2011/vulnerability539178.html",
"refsource": "MISC",
"url": "https://www.cert.fi/en/reports/2011/vulnerability539178.html"
},
{
"name": "46139",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46139"
},
{
"name": "SUSE-SU-2011:1075",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00027.html"
},
{
"name": "openSUSE-SU-2011:1155",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00007.html"
},
{
"name": "GLSA-201202-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201202-02.xml"
},
{
"name": "RHSA-2012:1258",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1258.html"
},
{
"name": "SUSE-SU-2011:1316",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html"
},
{
"name": "46274",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46274"
},
{
"name": "48106",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48106"
},
{
"name": "SUSE-SU-2011:1171",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00010.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-3323",
"datePublished": "2011-10-10T10:00:00",
"dateReserved": "2011-08-29T00:00:00",
"dateUpdated": "2024-08-06T23:29:56.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-3325
Vulnerability from cvelistv5
Published
2011-10-10 10:00
Modified
2024-08-06 23:29
Severity ?
EPSS score ?
Summary
ospf_packet.c in ospfd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) via (1) a 0x0a type field in an IPv4 packet header or (2) a truncated IPv4 Hello packet.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:29:56.718Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.quagga.net/download/quagga-0.99.19.changelog.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.quagga.net/?p=quagga.git%3Ba=commit%3Bh=61ab0301606053192f45c188bc48afc837518770"
},
{
"name": "VU#668534",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/668534"
},
{
"name": "DSA-2316",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2316"
},
{
"name": "RHSA-2012:1259",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1259.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.quagga.net/?p=quagga.git%3Ba=commit%3Bh=717750433839762d23a5f8d88fe0b4d57c8d490a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cert.fi/en/reports/2011/vulnerability539178.html"
},
{
"name": "46139",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46139"
},
{
"name": "SUSE-SU-2011:1075",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00027.html"
},
{
"name": "openSUSE-SU-2011:1155",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00007.html"
},
{
"name": "GLSA-201202-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201202-02.xml"
},
{
"name": "RHSA-2012:1258",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1258.html"
},
{
"name": "SUSE-SU-2011:1316",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html"
},
{
"name": "46274",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46274"
},
{
"name": "48106",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48106"
},
{
"name": "SUSE-SU-2011:1171",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00010.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=738396"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ospf_packet.c in ospfd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) via (1) a 0x0a type field in an IPv4 packet header or (2) a truncated IPv4 Hello packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-05T18:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.quagga.net/download/quagga-0.99.19.changelog.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.quagga.net/?p=quagga.git%3Ba=commit%3Bh=61ab0301606053192f45c188bc48afc837518770"
},
{
"name": "VU#668534",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/668534"
},
{
"name": "DSA-2316",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2316"
},
{
"name": "RHSA-2012:1259",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1259.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.quagga.net/?p=quagga.git%3Ba=commit%3Bh=717750433839762d23a5f8d88fe0b4d57c8d490a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cert.fi/en/reports/2011/vulnerability539178.html"
},
{
"name": "46139",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46139"
},
{
"name": "SUSE-SU-2011:1075",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00027.html"
},
{
"name": "openSUSE-SU-2011:1155",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00007.html"
},
{
"name": "GLSA-201202-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201202-02.xml"
},
{
"name": "RHSA-2012:1258",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1258.html"
},
{
"name": "SUSE-SU-2011:1316",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html"
},
{
"name": "46274",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46274"
},
{
"name": "48106",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48106"
},
{
"name": "SUSE-SU-2011:1171",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00010.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=738396"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-3325",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ospf_packet.c in ospfd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) via (1) a 0x0a type field in an IPv4 packet header or (2) a truncated IPv4 Hello packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.quagga.net/download/quagga-0.99.19.changelog.txt",
"refsource": "CONFIRM",
"url": "http://www.quagga.net/download/quagga-0.99.19.changelog.txt"
},
{
"name": "http://code.quagga.net/?p=quagga.git;a=commit;h=61ab0301606053192f45c188bc48afc837518770",
"refsource": "CONFIRM",
"url": "http://code.quagga.net/?p=quagga.git;a=commit;h=61ab0301606053192f45c188bc48afc837518770"
},
{
"name": "VU#668534",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/668534"
},
{
"name": "DSA-2316",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2316"
},
{
"name": "RHSA-2012:1259",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1259.html"
},
{
"name": "http://code.quagga.net/?p=quagga.git;a=commit;h=717750433839762d23a5f8d88fe0b4d57c8d490a",
"refsource": "CONFIRM",
"url": "http://code.quagga.net/?p=quagga.git;a=commit;h=717750433839762d23a5f8d88fe0b4d57c8d490a"
},
{
"name": "https://www.cert.fi/en/reports/2011/vulnerability539178.html",
"refsource": "MISC",
"url": "https://www.cert.fi/en/reports/2011/vulnerability539178.html"
},
{
"name": "46139",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46139"
},
{
"name": "SUSE-SU-2011:1075",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00027.html"
},
{
"name": "openSUSE-SU-2011:1155",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00007.html"
},
{
"name": "GLSA-201202-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201202-02.xml"
},
{
"name": "RHSA-2012:1258",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1258.html"
},
{
"name": "SUSE-SU-2011:1316",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html"
},
{
"name": "46274",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46274"
},
{
"name": "48106",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48106"
},
{
"name": "SUSE-SU-2011:1171",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00010.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=738396",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=738396"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-3325",
"datePublished": "2011-10-10T10:00:00",
"dateReserved": "2011-08-29T00:00:00",
"dateUpdated": "2024-08-06T23:29:56.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1572
Vulnerability from cvelistv5
Published
2009-05-06 17:00
Modified
2024-08-07 05:20
Severity ?
EPSS score ?
Summary
The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote attackers to cause a denial of service (crash) via an AS path containing ASN elements whose string representation is longer than expected, which triggers an assert error.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:20:34.055Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "54200",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/54200"
},
{
"name": "35203",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35203"
},
{
"name": "34999",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34999"
},
{
"name": "MDVSA-2009:109",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:109"
},
{
"name": "1022164",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022164"
},
{
"name": "USN-775-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-775-1"
},
{
"name": "[oss-security] 20090501 CVE request (sort of): Quagga BGP crasher",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/05/01/1"
},
{
"name": "[quagga-dev] 20090203 [quagga-dev 6391] [PATCH] BGP 4-byte ASN bug fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=quagga-dev\u0026m=123364779626078\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://thread.gmane.org/gmane.network.quagga.devel/6513"
},
{
"name": "DSA-1788",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1788"
},
{
"name": "quagga-systemnumber-dos(50317)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50317"
},
{
"name": "35685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35685"
},
{
"name": "FEDORA-2009-5324",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01107.html"
},
{
"name": "35061",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35061"
},
{
"name": "SUSE-SR:2009:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526311"
},
{
"name": "FEDORA-2009-5284",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01037.html"
},
{
"name": "34817",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34817"
},
{
"name": "[oss-security] 20090501 Re: CVE request (sort of): Quagga BGP crasher",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/05/01/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote attackers to cause a denial of service (crash) via an AS path containing ASN elements whose string representation is longer than expected, which triggers an assert error."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "54200",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/54200"
},
{
"name": "35203",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35203"
},
{
"name": "34999",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34999"
},
{
"name": "MDVSA-2009:109",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:109"
},
{
"name": "1022164",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022164"
},
{
"name": "USN-775-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-775-1"
},
{
"name": "[oss-security] 20090501 CVE request (sort of): Quagga BGP crasher",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/05/01/1"
},
{
"name": "[quagga-dev] 20090203 [quagga-dev 6391] [PATCH] BGP 4-byte ASN bug fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=quagga-dev\u0026m=123364779626078\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://thread.gmane.org/gmane.network.quagga.devel/6513"
},
{
"name": "DSA-1788",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1788"
},
{
"name": "quagga-systemnumber-dos(50317)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50317"
},
{
"name": "35685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35685"
},
{
"name": "FEDORA-2009-5324",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01107.html"
},
{
"name": "35061",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35061"
},
{
"name": "SUSE-SR:2009:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526311"
},
{
"name": "FEDORA-2009-5284",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01037.html"
},
{
"name": "34817",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34817"
},
{
"name": "[oss-security] 20090501 Re: CVE request (sort of): Quagga BGP crasher",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/05/01/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1572",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote attackers to cause a denial of service (crash) via an AS path containing ASN elements whose string representation is longer than expected, which triggers an assert error."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "54200",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/54200"
},
{
"name": "35203",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35203"
},
{
"name": "34999",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34999"
},
{
"name": "MDVSA-2009:109",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:109"
},
{
"name": "1022164",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022164"
},
{
"name": "USN-775-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-775-1"
},
{
"name": "[oss-security] 20090501 CVE request (sort of): Quagga BGP crasher",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/05/01/1"
},
{
"name": "[quagga-dev] 20090203 [quagga-dev 6391] [PATCH] BGP 4-byte ASN bug fixes",
"refsource": "MLIST",
"url": "http://marc.info/?l=quagga-dev\u0026m=123364779626078\u0026w=2"
},
{
"name": "http://thread.gmane.org/gmane.network.quagga.devel/6513",
"refsource": "MISC",
"url": "http://thread.gmane.org/gmane.network.quagga.devel/6513"
},
{
"name": "DSA-1788",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1788"
},
{
"name": "quagga-systemnumber-dos(50317)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50317"
},
{
"name": "35685",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35685"
},
{
"name": "FEDORA-2009-5324",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01107.html"
},
{
"name": "35061",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35061"
},
{
"name": "SUSE-SR:2009:012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526311",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526311"
},
{
"name": "FEDORA-2009-5284",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01037.html"
},
{
"name": "34817",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34817"
},
{
"name": "[oss-security] 20090501 Re: CVE request (sort of): Quagga BGP crasher",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/05/01/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1572",
"datePublished": "2009-05-06T17:00:00",
"dateReserved": "2009-05-06T00:00:00",
"dateUpdated": "2024-08-07T05:20:34.055Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-1245
Vulnerability from cvelistv5
Published
2017-02-22 23:00
Modified
2024-08-05 22:48
Severity ?
EPSS score ?
Summary
It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size; however, BUFSIZ is system-dependent.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2017-0794.html | vendor-advisory, x_refsource_REDHAT | |
| https://security.gentoo.org/glsa/201701-48 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securityfocus.com/bid/93775 | vdb-entry, x_refsource_BID | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1386109 | x_refsource_CONFIRM | |
| http://www.gossamer-threads.com/lists/quagga/users/31952 | x_refsource_CONFIRM | |
| https://www.debian.org/security/2016/dsa-3695 | vendor-advisory, x_refsource_DEBIAN | |
| https://github.com/Quagga/quagga/commit/cfb1fae25f8c092e0d17073eaf7bd428ce1cd546 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Quagga before 1.0.20161017 |
Version: Quagga before 1.0.20161017 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:48:13.613Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:0794",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0794.html"
},
{
"name": "GLSA-201701-48",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-48"
},
{
"name": "93775",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93775"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1386109"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.gossamer-threads.com/lists/quagga/users/31952"
},
{
"name": "DSA-3695",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2016/dsa-3695"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Quagga/quagga/commit/cfb1fae25f8c092e0d17073eaf7bd428ce1cd546"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Quagga before 1.0.20161017",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Quagga before 1.0.20161017"
}
]
}
],
"datePublic": "2017-02-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size; however, BUFSIZ is system-dependent."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "stack-based buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "RHSA-2017:0794",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0794.html"
},
{
"name": "GLSA-201701-48",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-48"
},
{
"name": "93775",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93775"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1386109"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.gossamer-threads.com/lists/quagga/users/31952"
},
{
"name": "DSA-3695",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2016/dsa-3695"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Quagga/quagga/commit/cfb1fae25f8c092e0d17073eaf7bd428ce1cd546"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-1245",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Quagga before 1.0.20161017",
"version": {
"version_data": [
{
"version_value": "Quagga before 1.0.20161017"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size; however, BUFSIZ is system-dependent."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "stack-based buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:0794",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0794.html"
},
{
"name": "GLSA-201701-48",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-48"
},
{
"name": "93775",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93775"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1386109",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1386109"
},
{
"name": "http://www.gossamer-threads.com/lists/quagga/users/31952",
"refsource": "CONFIRM",
"url": "http://www.gossamer-threads.com/lists/quagga/users/31952"
},
{
"name": "DSA-3695",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2016/dsa-3695"
},
{
"name": "https://github.com/Quagga/quagga/commit/cfb1fae25f8c092e0d17073eaf7bd428ce1cd546",
"refsource": "CONFIRM",
"url": "https://github.com/Quagga/quagga/commit/cfb1fae25f8c092e0d17073eaf7bd428ce1cd546"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2016-1245",
"datePublished": "2017-02-22T23:00:00",
"dateReserved": "2015-12-27T00:00:00",
"dateUpdated": "2024-08-05T22:48:13.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-2276
Vulnerability from cvelistv5
Published
2006-05-09 23:00
Modified
2024-08-07 17:43
Severity ?
EPSS score ?
Summary
bgpd in Quagga 0.98 and 0.99 before 20060504 allows local users to cause a denial of service (CPU consumption) via a certain sh ip bgp command entered in the telnet interface.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:43:29.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-284-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/284-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.quagga.net/news2.php?y=2006\u0026m=5\u0026d=4#id1146764580"
},
{
"name": "oval:org.mitre.oval:def:10651",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10651"
},
{
"name": "25245",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25245"
},
{
"name": "20782",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20782"
},
{
"name": "20138",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20138"
},
{
"name": "20421",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20421"
},
{
"name": "20060602-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc"
},
{
"name": "RHSA-2006:0525",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0525.html"
},
{
"name": "20137",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20137"
},
{
"name": "[quagga-dev] 20060329 quagga locks with command sh ip bgp community 1:*",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.quagga.net/pipermail/quagga-dev/2006-March/004052.html"
},
{
"name": "1016204",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016204"
},
{
"name": "RHSA-2006:0533",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0533.html"
},
{
"name": "GLSA-200605-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200605-15.xml"
},
{
"name": "DSA-1059",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1059"
},
{
"name": "20221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20221"
},
{
"name": "20116",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20116"
},
{
"name": "20420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20420"
},
{
"name": "17979",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17979"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "bgpd in Quagga 0.98 and 0.99 before 20060504 allows local users to cause a denial of service (CPU consumption) via a certain sh ip bgp command entered in the telnet interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-284-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/284-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.quagga.net/news2.php?y=2006\u0026m=5\u0026d=4#id1146764580"
},
{
"name": "oval:org.mitre.oval:def:10651",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10651"
},
{
"name": "25245",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25245"
},
{
"name": "20782",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20782"
},
{
"name": "20138",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20138"
},
{
"name": "20421",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20421"
},
{
"name": "20060602-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc"
},
{
"name": "RHSA-2006:0525",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0525.html"
},
{
"name": "20137",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20137"
},
{
"name": "[quagga-dev] 20060329 quagga locks with command sh ip bgp community 1:*",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.quagga.net/pipermail/quagga-dev/2006-March/004052.html"
},
{
"name": "1016204",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016204"
},
{
"name": "RHSA-2006:0533",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0533.html"
},
{
"name": "GLSA-200605-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200605-15.xml"
},
{
"name": "DSA-1059",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1059"
},
{
"name": "20221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20221"
},
{
"name": "20116",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20116"
},
{
"name": "20420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20420"
},
{
"name": "17979",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17979"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bgpd in Quagga 0.98 and 0.99 before 20060504 allows local users to cause a denial of service (CPU consumption) via a certain sh ip bgp command entered in the telnet interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-284-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/284-1/"
},
{
"name": "http://www.quagga.net/news2.php?y=2006\u0026m=5\u0026d=4#id1146764580",
"refsource": "CONFIRM",
"url": "http://www.quagga.net/news2.php?y=2006\u0026m=5\u0026d=4#id1146764580"
},
{
"name": "oval:org.mitre.oval:def:10651",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10651"
},
{
"name": "25245",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25245"
},
{
"name": "20782",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20782"
},
{
"name": "20138",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20138"
},
{
"name": "20421",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20421"
},
{
"name": "20060602-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc"
},
{
"name": "RHSA-2006:0525",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0525.html"
},
{
"name": "20137",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20137"
},
{
"name": "[quagga-dev] 20060329 quagga locks with command sh ip bgp community 1:*",
"refsource": "MLIST",
"url": "http://lists.quagga.net/pipermail/quagga-dev/2006-March/004052.html"
},
{
"name": "1016204",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016204"
},
{
"name": "RHSA-2006:0533",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0533.html"
},
{
"name": "GLSA-200605-15",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200605-15.xml"
},
{
"name": "DSA-1059",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1059"
},
{
"name": "20221",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20221"
},
{
"name": "20116",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20116"
},
{
"name": "20420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20420"
},
{
"name": "17979",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17979"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2276",
"datePublished": "2006-05-09T23:00:00",
"dateReserved": "2006-05-09T00:00:00",
"dateUpdated": "2024-08-07T17:43:29.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-2236
Vulnerability from cvelistv5
Published
2013-10-24 01:00
Modified
2024-08-06 15:27
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the new_msg_lsa_change_notify function in the OSPFD API (ospf_api.c) in Quagga before 0.99.22.2, when --enable-opaque-lsa and the -a command line option are used, allows remote attackers to cause a denial of service (crash) via a large LSA.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2017-0794.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.securityfocus.com/bid/60955 | vdb-entry, x_refsource_BID | |
| http://nongnu.mirrors.hostinginnederland.nl//quagga/quagga-0.99.22.3.changelog.txt | x_refsource_CONFIRM | |
| http://git.savannah.gnu.org/gitweb/?p=quagga.git%3Ba=commitdiff%3Bh=3f872fe60463a931c5c766dbf8c36870c0023e88 | x_refsource_CONFIRM | |
| http://lists.quagga.net/pipermail/quagga-dev/2013-July/010622.html | mailing-list, x_refsource_MLIST | |
| http://www.debian.org/security/2013/dsa-2803 | vendor-advisory, x_refsource_DEBIAN | |
| http://seclists.org/oss-sec/2013/q3/24 | mailing-list, x_refsource_MLIST | |
| http://www.ubuntu.com/usn/USN-2941-1 | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:27:41.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:0794",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0794.html"
},
{
"name": "60955",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/60955"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://nongnu.mirrors.hostinginnederland.nl//quagga/quagga-0.99.22.3.changelog.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.savannah.gnu.org/gitweb/?p=quagga.git%3Ba=commitdiff%3Bh=3f872fe60463a931c5c766dbf8c36870c0023e88"
},
{
"name": "[quagga-dev] 20130702 [quagga-dev 10568] ospfd, new_msg_lsa_change_notify: looks like a buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.quagga.net/pipermail/quagga-dev/2013-July/010622.html"
},
{
"name": "DSA-2803",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2803"
},
{
"name": "[oss-security] 20130703 Re: CVE request: Quagga OSPF-API stack overrun",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q3/24"
},
{
"name": "USN-2941-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2941-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the new_msg_lsa_change_notify function in the OSPFD API (ospf_api.c) in Quagga before 0.99.22.2, when --enable-opaque-lsa and the -a command line option are used, allows remote attackers to cause a denial of service (crash) via a large LSA."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2017:0794",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0794.html"
},
{
"name": "60955",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/60955"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://nongnu.mirrors.hostinginnederland.nl//quagga/quagga-0.99.22.3.changelog.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.savannah.gnu.org/gitweb/?p=quagga.git%3Ba=commitdiff%3Bh=3f872fe60463a931c5c766dbf8c36870c0023e88"
},
{
"name": "[quagga-dev] 20130702 [quagga-dev 10568] ospfd, new_msg_lsa_change_notify: looks like a buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.quagga.net/pipermail/quagga-dev/2013-July/010622.html"
},
{
"name": "DSA-2803",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2803"
},
{
"name": "[oss-security] 20130703 Re: CVE request: Quagga OSPF-API stack overrun",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q3/24"
},
{
"name": "USN-2941-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2941-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2236",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the new_msg_lsa_change_notify function in the OSPFD API (ospf_api.c) in Quagga before 0.99.22.2, when --enable-opaque-lsa and the -a command line option are used, allows remote attackers to cause a denial of service (crash) via a large LSA."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:0794",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0794.html"
},
{
"name": "60955",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/60955"
},
{
"name": "http://nongnu.mirrors.hostinginnederland.nl//quagga/quagga-0.99.22.3.changelog.txt",
"refsource": "CONFIRM",
"url": "http://nongnu.mirrors.hostinginnederland.nl//quagga/quagga-0.99.22.3.changelog.txt"
},
{
"name": "http://git.savannah.gnu.org/gitweb/?p=quagga.git;a=commitdiff;h=3f872fe60463a931c5c766dbf8c36870c0023e88",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/gitweb/?p=quagga.git;a=commitdiff;h=3f872fe60463a931c5c766dbf8c36870c0023e88"
},
{
"name": "[quagga-dev] 20130702 [quagga-dev 10568] ospfd, new_msg_lsa_change_notify: looks like a buffer overflow",
"refsource": "MLIST",
"url": "http://lists.quagga.net/pipermail/quagga-dev/2013-July/010622.html"
},
{
"name": "DSA-2803",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2803"
},
{
"name": "[oss-security] 20130703 Re: CVE request: Quagga OSPF-API stack overrun",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q3/24"
},
{
"name": "USN-2941-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2941-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2236",
"datePublished": "2013-10-24T01:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:27:41.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-5379
Vulnerability from cvelistv5
Published
2018-02-19 13:00
Modified
2024-09-17 03:22
Severity ?
EPSS score ?
Summary
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://usn.ubuntu.com/3573-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://www.debian.org/security/2018/dsa-4115 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/103105 | vdb-entry, x_refsource_BID | |
| http://savannah.nongnu.org/forum/forum.php?forum_id=9095 | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/201804-17 | vendor-advisory, x_refsource_GENTOO | |
| https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1114.txt | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2018/02/msg00021.html | mailing-list, x_refsource_MLIST | |
| http://www.kb.cert.org/vuls/id/940439 | third-party-advisory, x_refsource_CERT-VN | |
| https://access.redhat.com/errata/RHSA-2018:0377 | vendor-advisory, x_refsource_REDHAT | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdf | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:44.333Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3573-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3573-1/"
},
{
"name": "DSA-4115",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4115"
},
{
"name": "103105",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103105"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://savannah.nongnu.org/forum/forum.php?forum_id=9095"
},
{
"name": "GLSA-201804-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201804-17"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1114.txt"
},
{
"name": "[debian-lts-announce] 20180216 [SECURITY] [DLA 1286-1] quagga security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00021.html"
},
{
"name": "VU#940439",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/940439"
},
{
"name": "RHSA-2018:0377",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0377"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "bgpd",
"vendor": "Quagga",
"versions": [
{
"lessThan": "1.2.3",
"status": "affected",
"version": "bpgd",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-02-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-415",
"description": "CWE-415: Double Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-09T12:06:06",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "USN-3573-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3573-1/"
},
{
"name": "DSA-4115",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4115"
},
{
"name": "103105",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103105"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://savannah.nongnu.org/forum/forum.php?forum_id=9095"
},
{
"name": "GLSA-201804-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201804-17"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1114.txt"
},
{
"name": "[debian-lts-announce] 20180216 [SECURITY] [DLA 1286-1] quagga security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00021.html"
},
{
"name": "VU#940439",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/940439"
},
{
"name": "RHSA-2018:0377",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0377"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2018-02-15T00:00:00.000Z",
"ID": "CVE-2018-5379",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "bgpd",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "bpgd",
"version_value": "1.2.3"
}
]
}
}
]
},
"vendor_name": "Quagga"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-415: Double Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3573-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3573-1/"
},
{
"name": "DSA-4115",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4115"
},
{
"name": "103105",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103105"
},
{
"name": "http://savannah.nongnu.org/forum/forum.php?forum_id=9095",
"refsource": "CONFIRM",
"url": "http://savannah.nongnu.org/forum/forum.php?forum_id=9095"
},
{
"name": "GLSA-201804-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201804-17"
},
{
"name": "https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1114.txt",
"refsource": "CONFIRM",
"url": "https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1114.txt"
},
{
"name": "[debian-lts-announce] 20180216 [SECURITY] [DLA 1286-1] quagga security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00021.html"
},
{
"name": "VU#940439",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/940439"
},
{
"name": "RHSA-2018:0377",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0377"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdf"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2018-5379",
"datePublished": "2018-02-19T13:00:00Z",
"dateReserved": "2018-01-12T00:00:00",
"dateUpdated": "2024-09-17T03:22:36.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-0249
Vulnerability from cvelistv5
Published
2012-04-05 10:00
Modified
2024-08-06 18:16
Severity ?
EPSS score ?
Summary
Buffer overflow in the ospf_ls_upd_list_lsa function in ospf_packet.c in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a Link State Update (aka LS Update) packet that is smaller than the length specified in its header.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2012-1259.html | vendor-advisory, x_refsource_REDHAT | |
| http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078910.html | vendor-advisory, x_refsource_FEDORA | |
| http://www.debian.org/security/2012/dsa-2459 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.kb.cert.org/vuls/id/551715 | third-party-advisory, x_refsource_CERT-VN | |
| https://bugzilla.quagga.net/show_bug.cgi?id=705 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/48949 | third-party-advisory, x_refsource_SECUNIA | |
| http://rhn.redhat.com/errata/RHSA-2012-1258.html | vendor-advisory, x_refsource_REDHAT | |
| http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078926.html | vendor-advisory, x_refsource_FEDORA | |
| http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078794.html | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:16:19.939Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2012:1259",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1259.html"
},
{
"name": "FEDORA-2012-5411",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078910.html"
},
{
"name": "DSA-2459",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2459"
},
{
"name": "VU#551715",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/551715"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.quagga.net/show_bug.cgi?id=705"
},
{
"name": "48949",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48949"
},
{
"name": "RHSA-2012:1258",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1258.html"
},
{
"name": "FEDORA-2012-5436",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078926.html"
},
{
"name": "FEDORA-2012-5352",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078794.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the ospf_ls_upd_list_lsa function in ospf_packet.c in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a Link State Update (aka LS Update) packet that is smaller than the length specified in its header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-17T19:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "RHSA-2012:1259",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1259.html"
},
{
"name": "FEDORA-2012-5411",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078910.html"
},
{
"name": "DSA-2459",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2459"
},
{
"name": "VU#551715",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/551715"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.quagga.net/show_bug.cgi?id=705"
},
{
"name": "48949",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48949"
},
{
"name": "RHSA-2012:1258",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1258.html"
},
{
"name": "FEDORA-2012-5436",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078926.html"
},
{
"name": "FEDORA-2012-5352",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078794.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-0249",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the ospf_ls_upd_list_lsa function in ospf_packet.c in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a Link State Update (aka LS Update) packet that is smaller than the length specified in its header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2012:1259",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1259.html"
},
{
"name": "FEDORA-2012-5411",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078910.html"
},
{
"name": "DSA-2459",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2459"
},
{
"name": "VU#551715",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/551715"
},
{
"name": "https://bugzilla.quagga.net/show_bug.cgi?id=705",
"refsource": "CONFIRM",
"url": "https://bugzilla.quagga.net/show_bug.cgi?id=705"
},
{
"name": "48949",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48949"
},
{
"name": "RHSA-2012:1258",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1258.html"
},
{
"name": "FEDORA-2012-5436",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078926.html"
},
{
"name": "FEDORA-2012-5352",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078794.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2012-0249",
"datePublished": "2012-04-05T10:00:00",
"dateReserved": "2011-12-21T00:00:00",
"dateUpdated": "2024-08-06T18:16:19.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5521
Vulnerability from cvelistv5
Published
2019-11-25 13:15
Modified
2024-08-06 21:05
Severity ?
EPSS score ?
Summary
quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon performs routes removal
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2012-5521 | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5521 | x_refsource_MISC | |
| https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-5521 | x_refsource_MISC | |
| https://access.redhat.com/security/cve/cve-2012-5521 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/80096 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2012/11/13/14 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/56530 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-5521"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5521"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-5521"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2012-5521"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80096"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/13/14"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56530"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "quagga",
"vendor": "quagga",
"versions": [
{
"status": "affected",
"version": "0.99.21"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon performs routes removal"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "UNKNOWN_TYPE",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-25T13:15:50",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-5521"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5521"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-5521"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2012-5521"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80096"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/13/14"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/56530"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5521",
"datePublished": "2019-11-25T13:15:50",
"dateReserved": "2012-10-24T00:00:00",
"dateUpdated": "2024-08-06T21:05:47.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2342
Vulnerability from cvelistv5
Published
2016-03-17 14:00
Modified
2024-08-05 23:24
Severity ?
EPSS score ?
Summary
The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted packet.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/84318 | vdb-entry, x_refsource_BID | |
| http://rhn.redhat.com/errata/RHSA-2017-0794.html | vendor-advisory, x_refsource_REDHAT | |
| http://lists.opensuse.org/opensuse-updates/2016-03/msg00102.html | vendor-advisory, x_refsource_SUSE | |
| http://www.debian.org/security/2016/dsa-3532 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.kb.cert.org/vuls/id/270232 | third-party-advisory, x_refsource_CERT-VN | |
| http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=a3bc7e9400b214a0f078fdb19596ba54214a1442 | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/201610-03 | vendor-advisory, x_refsource_GENTOO | |
| http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-updates/2016-03/msg00117.html | vendor-advisory, x_refsource_SUSE | |
| http://nongnu.askapache.com//quagga/quagga-1.0.20160309.changelog.txt | x_refsource_CONFIRM | |
| http://www.ubuntu.com/usn/USN-2941-1 | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:49.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "84318",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/84318"
},
{
"name": "RHSA-2017:0794",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0794.html"
},
{
"name": "openSUSE-SU-2016:0863",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00102.html"
},
{
"name": "DSA-3532",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3532"
},
{
"name": "VU#270232",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/270232"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=a3bc7e9400b214a0f078fdb19596ba54214a1442"
},
{
"name": "GLSA-201610-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201610-03"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "openSUSE-SU-2016:0888",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00117.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://nongnu.askapache.com//quagga/quagga-1.0.20160309.changelog.txt"
},
{
"name": "USN-2941-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2941-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "84318",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/84318"
},
{
"name": "RHSA-2017:0794",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0794.html"
},
{
"name": "openSUSE-SU-2016:0863",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00102.html"
},
{
"name": "DSA-3532",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3532"
},
{
"name": "VU#270232",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/270232"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=a3bc7e9400b214a0f078fdb19596ba54214a1442"
},
{
"name": "GLSA-201610-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201610-03"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "openSUSE-SU-2016:0888",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00117.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://nongnu.askapache.com//quagga/quagga-1.0.20160309.changelog.txt"
},
{
"name": "USN-2941-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2941-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-2342",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "84318",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84318"
},
{
"name": "RHSA-2017:0794",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0794.html"
},
{
"name": "openSUSE-SU-2016:0863",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00102.html"
},
{
"name": "DSA-3532",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3532"
},
{
"name": "VU#270232",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/270232"
},
{
"name": "http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=a3bc7e9400b214a0f078fdb19596ba54214a1442",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=a3bc7e9400b214a0f078fdb19596ba54214a1442"
},
{
"name": "GLSA-201610-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201610-03"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "openSUSE-SU-2016:0888",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00117.html"
},
{
"name": "http://nongnu.askapache.com//quagga/quagga-1.0.20160309.changelog.txt",
"refsource": "CONFIRM",
"url": "http://nongnu.askapache.com//quagga/quagga-1.0.20160309.changelog.txt"
},
{
"name": "USN-2941-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2941-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-2342",
"datePublished": "2016-03-17T14:00:00",
"dateReserved": "2016-02-12T00:00:00",
"dateUpdated": "2024-08-05T23:24:49.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-3327
Vulnerability from cvelistv5
Published
2011-10-10 10:00
Modified
2024-08-06 23:29
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in the ecommunity_ecom2str function in bgp_ecommunity.c in bgpd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by sending a crafted BGP UPDATE message over IPv4.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:29:56.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.quagga.net/download/quagga-0.99.19.changelog.txt"
},
{
"name": "VU#668534",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/668534"
},
{
"name": "DSA-2316",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2316"
},
{
"name": "RHSA-2012:1259",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1259.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cert.fi/en/reports/2011/vulnerability539178.html"
},
{
"name": "46139",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46139"
},
{
"name": "SUSE-SU-2011:1075",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00027.html"
},
{
"name": "openSUSE-SU-2011:1155",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.quagga.net/?p=quagga.git%3Ba=commit%3Bh=94431dbc753171b48b5c6806af97fd690813b00a"
},
{
"name": "GLSA-201202-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201202-02.xml"
},
{
"name": "RHSA-2012:1258",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1258.html"
},
{
"name": "SUSE-SU-2011:1316",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html"
},
{
"name": "46274",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46274"
},
{
"name": "48106",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48106"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=738400"
},
{
"name": "SUSE-SU-2011:1171",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00010.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the ecommunity_ecom2str function in bgp_ecommunity.c in bgpd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by sending a crafted BGP UPDATE message over IPv4."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-05T18:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.quagga.net/download/quagga-0.99.19.changelog.txt"
},
{
"name": "VU#668534",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/668534"
},
{
"name": "DSA-2316",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2316"
},
{
"name": "RHSA-2012:1259",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1259.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cert.fi/en/reports/2011/vulnerability539178.html"
},
{
"name": "46139",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46139"
},
{
"name": "SUSE-SU-2011:1075",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00027.html"
},
{
"name": "openSUSE-SU-2011:1155",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.quagga.net/?p=quagga.git%3Ba=commit%3Bh=94431dbc753171b48b5c6806af97fd690813b00a"
},
{
"name": "GLSA-201202-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201202-02.xml"
},
{
"name": "RHSA-2012:1258",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1258.html"
},
{
"name": "SUSE-SU-2011:1316",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html"
},
{
"name": "46274",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46274"
},
{
"name": "48106",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48106"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=738400"
},
{
"name": "SUSE-SU-2011:1171",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00010.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-3327",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the ecommunity_ecom2str function in bgp_ecommunity.c in bgpd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by sending a crafted BGP UPDATE message over IPv4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.quagga.net/download/quagga-0.99.19.changelog.txt",
"refsource": "CONFIRM",
"url": "http://www.quagga.net/download/quagga-0.99.19.changelog.txt"
},
{
"name": "VU#668534",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/668534"
},
{
"name": "DSA-2316",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2316"
},
{
"name": "RHSA-2012:1259",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1259.html"
},
{
"name": "https://www.cert.fi/en/reports/2011/vulnerability539178.html",
"refsource": "MISC",
"url": "https://www.cert.fi/en/reports/2011/vulnerability539178.html"
},
{
"name": "46139",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46139"
},
{
"name": "SUSE-SU-2011:1075",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00027.html"
},
{
"name": "openSUSE-SU-2011:1155",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00007.html"
},
{
"name": "http://code.quagga.net/?p=quagga.git;a=commit;h=94431dbc753171b48b5c6806af97fd690813b00a",
"refsource": "CONFIRM",
"url": "http://code.quagga.net/?p=quagga.git;a=commit;h=94431dbc753171b48b5c6806af97fd690813b00a"
},
{
"name": "GLSA-201202-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201202-02.xml"
},
{
"name": "RHSA-2012:1258",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1258.html"
},
{
"name": "SUSE-SU-2011:1316",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html"
},
{
"name": "46274",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46274"
},
{
"name": "48106",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48106"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=738400",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=738400"
},
{
"name": "SUSE-SU-2011:1171",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00010.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-3327",
"datePublished": "2011-10-10T10:00:00",
"dateReserved": "2011-08-29T00:00:00",
"dateUpdated": "2024-08-06T23:29:56.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-3324
Vulnerability from cvelistv5
Published
2011-10-10 10:00
Modified
2024-08-06 23:29
Severity ?
EPSS score ?
Summary
The ospf6_lsa_is_changed function in ospf6_lsa.c in the OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via trailing zero values in the Link State Advertisement (LSA) header list of an IPv6 Database Description message.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:29:56.886Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.quagga.net/download/quagga-0.99.19.changelog.txt"
},
{
"name": "VU#668534",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/668534"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.quagga.net/?p=quagga.git%3Ba=commit%3Bh=09395e2a0e93b2cf4258cb1de91887948796bb68"
},
{
"name": "DSA-2316",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2316"
},
{
"name": "RHSA-2012:1259",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1259.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cert.fi/en/reports/2011/vulnerability539178.html"
},
{
"name": "46139",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46139"
},
{
"name": "SUSE-SU-2011:1075",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00027.html"
},
{
"name": "openSUSE-SU-2011:1155",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00007.html"
},
{
"name": "GLSA-201202-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201202-02.xml"
},
{
"name": "RHSA-2012:1258",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1258.html"
},
{
"name": "SUSE-SU-2011:1316",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html"
},
{
"name": "46274",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46274"
},
{
"name": "48106",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48106"
},
{
"name": "SUSE-SU-2011:1171",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00010.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ospf6_lsa_is_changed function in ospf6_lsa.c in the OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via trailing zero values in the Link State Advertisement (LSA) header list of an IPv6 Database Description message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-05T18:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.quagga.net/download/quagga-0.99.19.changelog.txt"
},
{
"name": "VU#668534",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/668534"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.quagga.net/?p=quagga.git%3Ba=commit%3Bh=09395e2a0e93b2cf4258cb1de91887948796bb68"
},
{
"name": "DSA-2316",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2316"
},
{
"name": "RHSA-2012:1259",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1259.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cert.fi/en/reports/2011/vulnerability539178.html"
},
{
"name": "46139",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46139"
},
{
"name": "SUSE-SU-2011:1075",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00027.html"
},
{
"name": "openSUSE-SU-2011:1155",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00007.html"
},
{
"name": "GLSA-201202-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201202-02.xml"
},
{
"name": "RHSA-2012:1258",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1258.html"
},
{
"name": "SUSE-SU-2011:1316",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html"
},
{
"name": "46274",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46274"
},
{
"name": "48106",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48106"
},
{
"name": "SUSE-SU-2011:1171",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00010.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-3324",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ospf6_lsa_is_changed function in ospf6_lsa.c in the OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via trailing zero values in the Link State Advertisement (LSA) header list of an IPv6 Database Description message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.quagga.net/download/quagga-0.99.19.changelog.txt",
"refsource": "CONFIRM",
"url": "http://www.quagga.net/download/quagga-0.99.19.changelog.txt"
},
{
"name": "VU#668534",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/668534"
},
{
"name": "http://code.quagga.net/?p=quagga.git;a=commit;h=09395e2a0e93b2cf4258cb1de91887948796bb68",
"refsource": "CONFIRM",
"url": "http://code.quagga.net/?p=quagga.git;a=commit;h=09395e2a0e93b2cf4258cb1de91887948796bb68"
},
{
"name": "DSA-2316",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2316"
},
{
"name": "RHSA-2012:1259",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1259.html"
},
{
"name": "https://www.cert.fi/en/reports/2011/vulnerability539178.html",
"refsource": "MISC",
"url": "https://www.cert.fi/en/reports/2011/vulnerability539178.html"
},
{
"name": "46139",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46139"
},
{
"name": "SUSE-SU-2011:1075",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00027.html"
},
{
"name": "openSUSE-SU-2011:1155",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00007.html"
},
{
"name": "GLSA-201202-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201202-02.xml"
},
{
"name": "RHSA-2012:1258",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1258.html"
},
{
"name": "SUSE-SU-2011:1316",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html"
},
{
"name": "46274",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46274"
},
{
"name": "48106",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48106"
},
{
"name": "SUSE-SU-2011:1171",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00010.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-3324",
"datePublished": "2011-10-10T10:00:00",
"dateReserved": "2011-08-29T00:00:00",
"dateUpdated": "2024-08-06T23:29:56.886Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-44038
Vulnerability from cvelistv5
Published
2021-11-19 18:29
Modified
2024-08-04 04:10
Severity ?
EPSS score ?
Summary
An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users (with control of the non-root-owned directory /etc/quagga) to escalate their privileges to root upon package installation or update.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=1191890 | x_refsource_MISC | |
| https://github.com/Quagga/quagga/releases | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:10:17.181Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1191890"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Quagga/quagga/releases"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users (with control of the non-root-owned directory /etc/quagga) to escalate their privileges to root upon package installation or update."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-19T18:29:55",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1191890"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Quagga/quagga/releases"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-44038",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users (with control of the non-root-owned directory /etc/quagga) to escalate their privileges to root upon package installation or update."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1191890",
"refsource": "MISC",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1191890"
},
{
"name": "https://github.com/Quagga/quagga/releases",
"refsource": "MISC",
"url": "https://github.com/Quagga/quagga/releases"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-44038",
"datePublished": "2021-11-19T18:29:55",
"dateReserved": "2021-11-19T00:00:00",
"dateUpdated": "2024-08-04T04:10:17.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-4826
Vulnerability from cvelistv5
Published
2007-09-12 10:00
Modified
2024-08-07 15:08
Severity ?
EPSS score ?
Summary
bgpd in Quagga before 0.99.9 allows explicitly configured BGP peers to cause a denial of service (crash) via a malformed (1) OPEN message or (2) a COMMUNITY attribute, which triggers a NULL pointer dereference. NOTE: vector 2 only exists when debugging is enabled.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:08:33.741Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "quagga-bgpd-dos(36551)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36551"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://quagga.net/news2.php?y=2007\u0026m=9\u0026d=7#id1189190760"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.quagga.net/download/quagga-0.99.9.changelog.txt"
},
{
"name": "ADV-2008-1195",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1195/references"
},
{
"name": "26744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26744"
},
{
"name": "236141",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-236141-1"
},
{
"name": "ADV-2007-3129",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3129"
},
{
"name": "26863",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26863"
},
{
"name": "2007-0028",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2007/0028/"
},
{
"name": "FEDORA-2007-2196",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA-2007-219.shtml"
},
{
"name": "29743",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29743"
},
{
"name": "26829",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26829"
},
{
"name": "RHSA-2010:0785",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0785.html"
},
{
"name": "USN-512-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-512-1"
},
{
"name": "MDKSA-2007:182",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:182"
},
{
"name": "DSA-1382",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1382"
},
{
"name": "25634",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25634"
},
{
"name": "[debian-security-announce] 20071003 [SECURITY] [DSA 1379-1] New quagga packages fix denial of service",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00153.html"
},
{
"name": "27049",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27049"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "bgpd in Quagga before 0.99.9 allows explicitly configured BGP peers to cause a denial of service (crash) via a malformed (1) OPEN message or (2) a COMMUNITY attribute, which triggers a NULL pointer dereference. NOTE: vector 2 only exists when debugging is enabled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "quagga-bgpd-dos(36551)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36551"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://quagga.net/news2.php?y=2007\u0026m=9\u0026d=7#id1189190760"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.quagga.net/download/quagga-0.99.9.changelog.txt"
},
{
"name": "ADV-2008-1195",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1195/references"
},
{
"name": "26744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26744"
},
{
"name": "236141",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-236141-1"
},
{
"name": "ADV-2007-3129",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3129"
},
{
"name": "26863",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26863"
},
{
"name": "2007-0028",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2007/0028/"
},
{
"name": "FEDORA-2007-2196",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA-2007-219.shtml"
},
{
"name": "29743",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29743"
},
{
"name": "26829",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26829"
},
{
"name": "RHSA-2010:0785",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0785.html"
},
{
"name": "USN-512-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-512-1"
},
{
"name": "MDKSA-2007:182",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:182"
},
{
"name": "DSA-1382",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1382"
},
{
"name": "25634",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25634"
},
{
"name": "[debian-security-announce] 20071003 [SECURITY] [DSA 1379-1] New quagga packages fix denial of service",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00153.html"
},
{
"name": "27049",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27049"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2007-4826",
"datePublished": "2007-09-12T10:00:00",
"dateReserved": "2007-09-11T00:00:00",
"dateUpdated": "2024-08-07T15:08:33.741Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-16227
Vulnerability from cvelistv5
Published
2017-10-29 20:00
Modified
2024-08-05 20:20
Severity ?
EPSS score ?
Summary
The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.debian.org/879474 | x_refsource_MISC | |
| http://download.savannah.gnu.org/releases/quagga/quagga-1.2.2.changelog.txt | x_refsource_MISC | |
| http://www.debian.org/security/2017/dsa-4011 | vendor-advisory, x_refsource_DEBIAN | |
| https://git.savannah.gnu.org/cgit/quagga.git/commit/?id=7a42b78be9a4108d98833069a88e6fddb9285008 | x_refsource_MISC | |
| https://lists.quagga.net/pipermail/quagga-dev/2017-September/033284.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:20:04.858Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/879474"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://download.savannah.gnu.org/releases/quagga/quagga-1.2.2.changelog.txt"
},
{
"name": "DSA-4011",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-4011"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.savannah.gnu.org/cgit/quagga.git/commit/?id=7a42b78be9a4108d98833069a88e6fddb9285008"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.quagga.net/pipermail/quagga-dev/2017-September/033284.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/879474"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://download.savannah.gnu.org/releases/quagga/quagga-1.2.2.changelog.txt"
},
{
"name": "DSA-4011",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-4011"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.savannah.gnu.org/cgit/quagga.git/commit/?id=7a42b78be9a4108d98833069a88e6fddb9285008"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.quagga.net/pipermail/quagga-dev/2017-September/033284.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16227",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/879474",
"refsource": "MISC",
"url": "https://bugs.debian.org/879474"
},
{
"name": "http://download.savannah.gnu.org/releases/quagga/quagga-1.2.2.changelog.txt",
"refsource": "MISC",
"url": "http://download.savannah.gnu.org/releases/quagga/quagga-1.2.2.changelog.txt"
},
{
"name": "DSA-4011",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-4011"
},
{
"name": "https://git.savannah.gnu.org/cgit/quagga.git/commit/?id=7a42b78be9a4108d98833069a88e6fddb9285008",
"refsource": "MISC",
"url": "https://git.savannah.gnu.org/cgit/quagga.git/commit/?id=7a42b78be9a4108d98833069a88e6fddb9285008"
},
{
"name": "https://lists.quagga.net/pipermail/quagga-dev/2017-September/033284.html",
"refsource": "MISC",
"url": "https://lists.quagga.net/pipermail/quagga-dev/2017-September/033284.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-16227",
"datePublished": "2017-10-29T20:00:00",
"dateReserved": "2017-10-29T00:00:00",
"dateUpdated": "2024-08-05T20:20:04.858Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-2223
Vulnerability from cvelistv5
Published
2006-05-05 19:00
Modified
2024-08-07 17:43
Severity ?
EPSS score ?
Summary
RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly implement configurations that (1) disable RIPv1 or (2) require plaintext or MD5 authentication, which allows remote attackers to obtain sensitive information (routing state) via REQUEST packets such as SEND UPDATE.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:43:28.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SR:2006:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_17_sr.html"
},
{
"name": "USN-284-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/284-1/"
},
{
"name": "quagga-ripv1-information-disclosure(26243)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26243"
},
{
"name": "20782",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20782"
},
{
"name": "20138",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20138"
},
{
"name": "20060503 Re: Quagga RIPD unauthenticated route injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/432823/100/0/threaded"
},
{
"name": "20421",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20421"
},
{
"name": "20060602-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc"
},
{
"name": "25224",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25224"
},
{
"name": "RHSA-2006:0525",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0525.html"
},
{
"name": "20137",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20137"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugzilla.quagga.net/show_bug.cgi?id=261"
},
{
"name": "1016204",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016204"
},
{
"name": "19910",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19910"
},
{
"name": "oval:org.mitre.oval:def:9985",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9985"
},
{
"name": "17808",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17808"
},
{
"name": "RHSA-2006:0533",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0533.html"
},
{
"name": "GLSA-200605-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200605-15.xml"
},
{
"name": "21159",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21159"
},
{
"name": "20060503 Quagga RIPD unauthenticated route table broadcast",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/432822/100/0/threaded"
},
{
"name": "DSA-1059",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1059"
},
{
"name": "20221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20221"
},
{
"name": "20420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20420"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly implement configurations that (1) disable RIPv1 or (2) require plaintext or MD5 authentication, which allows remote attackers to obtain sensitive information (routing state) via REQUEST packets such as SEND UPDATE."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SR:2006:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_17_sr.html"
},
{
"name": "USN-284-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/284-1/"
},
{
"name": "quagga-ripv1-information-disclosure(26243)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26243"
},
{
"name": "20782",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20782"
},
{
"name": "20138",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20138"
},
{
"name": "20060503 Re: Quagga RIPD unauthenticated route injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/432823/100/0/threaded"
},
{
"name": "20421",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20421"
},
{
"name": "20060602-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc"
},
{
"name": "25224",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25224"
},
{
"name": "RHSA-2006:0525",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0525.html"
},
{
"name": "20137",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20137"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugzilla.quagga.net/show_bug.cgi?id=261"
},
{
"name": "1016204",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016204"
},
{
"name": "19910",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19910"
},
{
"name": "oval:org.mitre.oval:def:9985",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9985"
},
{
"name": "17808",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17808"
},
{
"name": "RHSA-2006:0533",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0533.html"
},
{
"name": "GLSA-200605-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200605-15.xml"
},
{
"name": "21159",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21159"
},
{
"name": "20060503 Quagga RIPD unauthenticated route table broadcast",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/432822/100/0/threaded"
},
{
"name": "DSA-1059",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1059"
},
{
"name": "20221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20221"
},
{
"name": "20420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20420"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2223",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly implement configurations that (1) disable RIPv1 or (2) require plaintext or MD5 authentication, which allows remote attackers to obtain sensitive information (routing state) via REQUEST packets such as SEND UPDATE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SR:2006:017",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_17_sr.html"
},
{
"name": "USN-284-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/284-1/"
},
{
"name": "quagga-ripv1-information-disclosure(26243)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26243"
},
{
"name": "20782",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20782"
},
{
"name": "20138",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20138"
},
{
"name": "20060503 Re: Quagga RIPD unauthenticated route injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/432823/100/0/threaded"
},
{
"name": "20421",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20421"
},
{
"name": "20060602-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc"
},
{
"name": "25224",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25224"
},
{
"name": "RHSA-2006:0525",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0525.html"
},
{
"name": "20137",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20137"
},
{
"name": "http://bugzilla.quagga.net/show_bug.cgi?id=261",
"refsource": "CONFIRM",
"url": "http://bugzilla.quagga.net/show_bug.cgi?id=261"
},
{
"name": "1016204",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016204"
},
{
"name": "19910",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19910"
},
{
"name": "oval:org.mitre.oval:def:9985",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9985"
},
{
"name": "17808",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17808"
},
{
"name": "RHSA-2006:0533",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0533.html"
},
{
"name": "GLSA-200605-15",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200605-15.xml"
},
{
"name": "21159",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21159"
},
{
"name": "20060503 Quagga RIPD unauthenticated route table broadcast",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/432822/100/0/threaded"
},
{
"name": "DSA-1059",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1059"
},
{
"name": "20221",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20221"
},
{
"name": "20420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20420"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2223",
"datePublished": "2006-05-05T19:00:00",
"dateReserved": "2006-05-05T00:00:00",
"dateUpdated": "2024-08-07T17:43:28.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1820
Vulnerability from cvelistv5
Published
2012-06-13 15:00
Modified
2024-08-06 19:08
Severity ?
EPSS score ?
Summary
The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering (ORF) capability TLV in an OPEN message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/962587 | third-party-advisory, x_refsource_CERT-VN | |
| http://rhn.redhat.com/errata/RHSA-2012-1259.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.ubuntu.com/usn/USN-1605-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.debian.org/security/2012/dsa-2497 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/53775 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/50941 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:08:38.564Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#962587",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/962587"
},
{
"name": "RHSA-2012:1259",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1259.html"
},
{
"name": "USN-1605-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1605-1"
},
{
"name": "DSA-2497",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2497"
},
{
"name": "53775",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53775"
},
{
"name": "50941",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50941"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-06-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering (ORF) capability TLV in an OPEN message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-07-23T09:00:00",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#962587",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/962587"
},
{
"name": "RHSA-2012:1259",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1259.html"
},
{
"name": "USN-1605-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1605-1"
},
{
"name": "DSA-2497",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2497"
},
{
"name": "53775",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53775"
},
{
"name": "50941",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50941"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-1820",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering (ORF) capability TLV in an OPEN message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#962587",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/962587"
},
{
"name": "RHSA-2012:1259",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1259.html"
},
{
"name": "USN-1605-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1605-1"
},
{
"name": "DSA-2497",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2497"
},
{
"name": "53775",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53775"
},
{
"name": "50941",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50941"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2012-1820",
"datePublished": "2012-06-13T15:00:00",
"dateReserved": "2012-03-21T00:00:00",
"dateUpdated": "2024-08-06T19:08:38.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-5381
Vulnerability from cvelistv5
Published
2018-02-19 13:00
Modified
2024-09-16 16:17
Severity ?
EPSS score ?
Summary
The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI, causing a denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1975.txt | x_refsource_CONFIRM | |
| https://usn.ubuntu.com/3573-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://www.debian.org/security/2018/dsa-4115 | vendor-advisory, x_refsource_DEBIAN | |
| http://savannah.nongnu.org/forum/forum.php?forum_id=9095 | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/201804-17 | vendor-advisory, x_refsource_GENTOO | |
| https://lists.debian.org/debian-lts-announce/2018/02/msg00021.html | mailing-list, x_refsource_MLIST | |
| http://www.kb.cert.org/vuls/id/940439 | third-party-advisory, x_refsource_CERT-VN | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdf | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:44.219Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1975.txt"
},
{
"name": "USN-3573-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3573-1/"
},
{
"name": "DSA-4115",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4115"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://savannah.nongnu.org/forum/forum.php?forum_id=9095"
},
{
"name": "GLSA-201804-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201804-17"
},
{
"name": "[debian-lts-announce] 20180216 [SECURITY] [DLA 1286-1] quagga security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00021.html"
},
{
"name": "VU#940439",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/940439"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "bgpd",
"vendor": "Quagga",
"versions": [
{
"lessThan": "1.2.3",
"status": "affected",
"version": "bpgd",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-02-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of \"Capabilities\" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI, causing a denial of service."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-228",
"description": "CWE-228: Improper Handling of Syntactically Invalid Structure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-09T12:06:07",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1975.txt"
},
{
"name": "USN-3573-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3573-1/"
},
{
"name": "DSA-4115",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4115"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://savannah.nongnu.org/forum/forum.php?forum_id=9095"
},
{
"name": "GLSA-201804-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201804-17"
},
{
"name": "[debian-lts-announce] 20180216 [SECURITY] [DLA 1286-1] quagga security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00021.html"
},
{
"name": "VU#940439",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/940439"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2018-02-15T00:00:00.000Z",
"ID": "CVE-2018-5381",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "bgpd",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "bpgd",
"version_value": "1.2.3"
}
]
}
}
]
},
"vendor_name": "Quagga"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of \"Capabilities\" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI, causing a denial of service."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-228: Improper Handling of Syntactically Invalid Structure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1975.txt",
"refsource": "CONFIRM",
"url": "https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1975.txt"
},
{
"name": "USN-3573-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3573-1/"
},
{
"name": "DSA-4115",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4115"
},
{
"name": "http://savannah.nongnu.org/forum/forum.php?forum_id=9095",
"refsource": "CONFIRM",
"url": "http://savannah.nongnu.org/forum/forum.php?forum_id=9095"
},
{
"name": "GLSA-201804-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201804-17"
},
{
"name": "[debian-lts-announce] 20180216 [SECURITY] [DLA 1286-1] quagga security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00021.html"
},
{
"name": "VU#940439",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/940439"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdf"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2018-5381",
"datePublished": "2018-02-19T13:00:00Z",
"dateReserved": "2018-01-12T00:00:00",
"dateUpdated": "2024-09-16T16:17:27.709Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-3326
Vulnerability from cvelistv5
Published
2011-10-10 10:00
Modified
2024-08-06 23:29
Severity ?
EPSS score ?
Summary
The ospf_flood function in ospf_flood.c in ospfd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) via an invalid Link State Advertisement (LSA) type in an IPv4 Link State Update message.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:29:56.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.quagga.net/download/quagga-0.99.19.changelog.txt"
},
{
"name": "VU#668534",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/668534"
},
{
"name": "DSA-2316",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2316"
},
{
"name": "RHSA-2012:1259",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1259.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cert.fi/en/reports/2011/vulnerability539178.html"
},
{
"name": "46139",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46139"
},
{
"name": "SUSE-SU-2011:1075",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00027.html"
},
{
"name": "openSUSE-SU-2011:1155",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00007.html"
},
{
"name": "GLSA-201202-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201202-02.xml"
},
{
"name": "RHSA-2012:1258",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1258.html"
},
{
"name": "SUSE-SU-2011:1316",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html"
},
{
"name": "46274",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46274"
},
{
"name": "48106",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48106"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.quagga.net/?p=quagga.git%3Ba=commit%3Bh=6b161fc12a15aba8824c84d1eb38e529aaf70769"
},
{
"name": "SUSE-SU-2011:1171",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00010.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ospf_flood function in ospf_flood.c in ospfd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) via an invalid Link State Advertisement (LSA) type in an IPv4 Link State Update message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-05T18:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.quagga.net/download/quagga-0.99.19.changelog.txt"
},
{
"name": "VU#668534",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/668534"
},
{
"name": "DSA-2316",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2316"
},
{
"name": "RHSA-2012:1259",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1259.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cert.fi/en/reports/2011/vulnerability539178.html"
},
{
"name": "46139",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46139"
},
{
"name": "SUSE-SU-2011:1075",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00027.html"
},
{
"name": "openSUSE-SU-2011:1155",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00007.html"
},
{
"name": "GLSA-201202-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201202-02.xml"
},
{
"name": "RHSA-2012:1258",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1258.html"
},
{
"name": "SUSE-SU-2011:1316",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html"
},
{
"name": "46274",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46274"
},
{
"name": "48106",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48106"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.quagga.net/?p=quagga.git%3Ba=commit%3Bh=6b161fc12a15aba8824c84d1eb38e529aaf70769"
},
{
"name": "SUSE-SU-2011:1171",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00010.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-3326",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ospf_flood function in ospf_flood.c in ospfd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) via an invalid Link State Advertisement (LSA) type in an IPv4 Link State Update message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.quagga.net/download/quagga-0.99.19.changelog.txt",
"refsource": "CONFIRM",
"url": "http://www.quagga.net/download/quagga-0.99.19.changelog.txt"
},
{
"name": "VU#668534",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/668534"
},
{
"name": "DSA-2316",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2316"
},
{
"name": "RHSA-2012:1259",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1259.html"
},
{
"name": "https://www.cert.fi/en/reports/2011/vulnerability539178.html",
"refsource": "MISC",
"url": "https://www.cert.fi/en/reports/2011/vulnerability539178.html"
},
{
"name": "46139",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46139"
},
{
"name": "SUSE-SU-2011:1075",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00027.html"
},
{
"name": "openSUSE-SU-2011:1155",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00007.html"
},
{
"name": "GLSA-201202-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201202-02.xml"
},
{
"name": "RHSA-2012:1258",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1258.html"
},
{
"name": "SUSE-SU-2011:1316",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html"
},
{
"name": "46274",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46274"
},
{
"name": "48106",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48106"
},
{
"name": "http://code.quagga.net/?p=quagga.git;a=commit;h=6b161fc12a15aba8824c84d1eb38e529aaf70769",
"refsource": "CONFIRM",
"url": "http://code.quagga.net/?p=quagga.git;a=commit;h=6b161fc12a15aba8824c84d1eb38e529aaf70769"
},
{
"name": "SUSE-SU-2011:1171",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00010.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-3326",
"datePublished": "2011-10-10T10:00:00",
"dateReserved": "2011-08-29T00:00:00",
"dateUpdated": "2024-08-06T23:29:56.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4049
Vulnerability from cvelistv5
Published
2016-05-23 19:00
Modified
2024-08-06 00:17
Severity ?
EPSS score ?
Summary
The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to cause a denial of service (assertion failure and daemon crash) via a large BGP packet.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2017-0794.html | vendor-advisory, x_refsource_REDHAT | |
| https://security.gentoo.org/glsa/201701-48 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securitytracker.com/id/1035699 | vdb-entry, x_refsource_SECTRACK | |
| http://www.openwall.com/lists/oss-security/2016/04/27/7 | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-updates/2016-05/msg00062.html | vendor-advisory, x_refsource_SUSE | |
| https://lists.quagga.net/pipermail/quagga-dev/2016-January/014699.html | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/88561 | vdb-entry, x_refsource_BID | |
| https://lists.quagga.net/pipermail/quagga-dev/2016-February/014743.html | mailing-list, x_refsource_MLIST | |
| http://www.debian.org/security/2016/dsa-3654 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:17:30.643Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:0794",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0794.html"
},
{
"name": "GLSA-201701-48",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-48"
},
{
"name": "1035699",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035699"
},
{
"name": "[oss-security] 20160427 CVE-2016-4049: Denial of Service Vulnerability in Quagga BGP Routing Daemon (bgpd)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/27/7"
},
{
"name": "openSUSE-SU-2016:1313",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00062.html"
},
{
"name": "[quagga-dev] 20160125 [quagga-dev 14619] SIGABRT while dumping BGP routes (bgpd)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.quagga.net/pipermail/quagga-dev/2016-January/014699.html"
},
{
"name": "88561",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/88561"
},
{
"name": "[quagga-dev] 20160203 [quagga-dev 14663] Re: SIGABRT while dumping BGP routes (bgpd)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.quagga.net/pipermail/quagga-dev/2016-February/014743.html"
},
{
"name": "DSA-3654",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3654"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to cause a denial of service (assertion failure and daemon crash) via a large BGP packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2017:0794",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0794.html"
},
{
"name": "GLSA-201701-48",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-48"
},
{
"name": "1035699",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035699"
},
{
"name": "[oss-security] 20160427 CVE-2016-4049: Denial of Service Vulnerability in Quagga BGP Routing Daemon (bgpd)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/27/7"
},
{
"name": "openSUSE-SU-2016:1313",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00062.html"
},
{
"name": "[quagga-dev] 20160125 [quagga-dev 14619] SIGABRT while dumping BGP routes (bgpd)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.quagga.net/pipermail/quagga-dev/2016-January/014699.html"
},
{
"name": "88561",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/88561"
},
{
"name": "[quagga-dev] 20160203 [quagga-dev 14663] Re: SIGABRT while dumping BGP routes (bgpd)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.quagga.net/pipermail/quagga-dev/2016-February/014743.html"
},
{
"name": "DSA-3654",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3654"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4049",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to cause a denial of service (assertion failure and daemon crash) via a large BGP packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:0794",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0794.html"
},
{
"name": "GLSA-201701-48",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-48"
},
{
"name": "1035699",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035699"
},
{
"name": "[oss-security] 20160427 CVE-2016-4049: Denial of Service Vulnerability in Quagga BGP Routing Daemon (bgpd)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/04/27/7"
},
{
"name": "openSUSE-SU-2016:1313",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00062.html"
},
{
"name": "[quagga-dev] 20160125 [quagga-dev 14619] SIGABRT while dumping BGP routes (bgpd)",
"refsource": "MLIST",
"url": "https://lists.quagga.net/pipermail/quagga-dev/2016-January/014699.html"
},
{
"name": "88561",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/88561"
},
{
"name": "[quagga-dev] 20160203 [quagga-dev 14663] Re: SIGABRT while dumping BGP routes (bgpd)",
"refsource": "MLIST",
"url": "https://lists.quagga.net/pipermail/quagga-dev/2016-February/014743.html"
},
{
"name": "DSA-3654",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3654"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4049",
"datePublished": "2016-05-23T19:00:00",
"dateReserved": "2016-04-20T00:00:00",
"dateUpdated": "2024-08-06T00:17:30.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-5378
Vulnerability from cvelistv5
Published
2018-02-19 13:00
Modified
2024-09-16 20:16
Severity ?
EPSS score ?
Summary
The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may crash.
References
| ▼ | URL | Tags |
|---|---|---|
| https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-0543.txt | x_refsource_CONFIRM | |
| https://usn.ubuntu.com/3573-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://www.debian.org/security/2018/dsa-4115 | vendor-advisory, x_refsource_DEBIAN | |
| http://savannah.nongnu.org/forum/forum.php?forum_id=9095 | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/201804-17 | vendor-advisory, x_refsource_GENTOO | |
| http://www.kb.cert.org/vuls/id/940439 | third-party-advisory, x_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:44.377Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-0543.txt"
},
{
"name": "USN-3573-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3573-1/"
},
{
"name": "DSA-4115",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4115"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://savannah.nongnu.org/forum/forum.php?forum_id=9095"
},
{
"name": "GLSA-201804-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201804-17"
},
{
"name": "VU#940439",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/940439"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "bgpd",
"vendor": "Quagga",
"versions": [
{
"lessThan": "1.2.3",
"status": "affected",
"version": "bpgd",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-02-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may crash."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-21T09:57:02",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-0543.txt"
},
{
"name": "USN-3573-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3573-1/"
},
{
"name": "DSA-4115",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4115"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://savannah.nongnu.org/forum/forum.php?forum_id=9095"
},
{
"name": "GLSA-201804-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201804-17"
},
{
"name": "VU#940439",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/940439"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2018-02-15T00:00:00.000Z",
"ID": "CVE-2018-5378",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "bgpd",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "bpgd",
"version_value": "1.2.3"
}
]
}
}
]
},
"vendor_name": "Quagga"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may crash."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-0543.txt",
"refsource": "CONFIRM",
"url": "https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-0543.txt"
},
{
"name": "USN-3573-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3573-1/"
},
{
"name": "DSA-4115",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4115"
},
{
"name": "http://savannah.nongnu.org/forum/forum.php?forum_id=9095",
"refsource": "CONFIRM",
"url": "http://savannah.nongnu.org/forum/forum.php?forum_id=9095"
},
{
"name": "GLSA-201804-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201804-17"
},
{
"name": "VU#940439",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/940439"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2018-5378",
"datePublished": "2018-02-19T13:00:00Z",
"dateReserved": "2018-01-12T00:00:00",
"dateUpdated": "2024-09-16T20:16:44.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}