Red Hat Security Advisory 2012-1259-01 - Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP routing protocol. The Quagga ospfd and ospf6d daemons implement the OSPF routing protocol. A heap-based buffer overflow flaw was found in the way the bgpd daemon processed malformed Extended Communities path attributes. An attacker could send a specially-crafted BGP message, causing bgpd on a target system to crash or, possibly, execute arbitrary code with the privileges of the user running bgpd. The UPDATE message would have to arrive from an explicitly configured BGP peer, but could have originated elsewhere in the BGP network.
37b20bb55b5cac2a78ef3d512a2dcd040a9fa6e30e2802150f11501eda2c1742Red Hat Security Advisory 2012-1258-01 - Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP routing protocol. The Quagga ospfd and ospf6d daemons implement the OSPF routing protocol. A heap-based buffer overflow flaw was found in the way the bgpd daemon processed malformed Extended Communities path attributes. An attacker could send a specially-crafted BGP message, causing bgpd on a target system to crash or, possibly, execute arbitrary code with the privileges of the user running bgpd. The UPDATE message would have to arrive from an explicitly configured BGP peer, but could have originated elsewhere in the BGP network.
e7c3357cb6c8f7846df113bcf13f4689158037c3437cb2228958e385d53137beGentoo Linux Security Advisory 201202-2 - Multiple vulnerabilities were found in Quagga, the worst of which leading to remote execution of arbitrary code. Versions less than 0.99.20 are affected.
b8876c9ae50f95f261a5d9e36d175f49669c64dc3f0cceabc82a13bd6ce2da34Ubuntu Security Notice 1261-1 - Riku Hietamaki, Tuomo Untinen and Jukka Taimisto discovered that Quagga incorrectly handled Link State Update messages with invalid lengths. A remote attacker could use this flaw to cause Quagga to crash, resulting in a denial of service. Riku Hietamaki, Tuomo Untinen and Jukka Taimisto discovered that Quagga incorrectly handled certain IPv6 Database Description messages. A remote attacker could use this flaw to cause Quagga to crash, resulting in a denial of service. Various other issues were also addressed.
cc237894f9fe5dc28a82da6bb1a9a41d11c6b4d9e54b5633e6166b3666d5a430Debian Linux Security Advisory 2316-1 - Riku Hietamaki, Tuomo Untinen and Jukka Taimisto discovered several vulnerabilities in Quagga, an Internet routing daemon.
226eeb090aa5146956e6b044b5a8e27c4ae8962d7002eb3d05759fccd255ed83
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed