Vulnerabilities > CVE-2011-3327 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Quagga
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Heap-based buffer overflow in the ecommunity_ecom2str function in bgp_ecommunity.c in bgpd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by sending a crafted BGP UPDATE message over IPv4.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_11_3_QUAGGA-111013.NASL description This update fixes the following security issues : - 718056: OSPF6D buffer overflow while decoding Link State Update with Inter Area Prefix Lsa (CVE-2011-3323) - 718058: OSPF6D DoS while decoding Database Description packet (CVE-2011-3324) - 718059: OSPFD DoS while decoding Hello packet (CVE-2011-3325) - 718061: OSPFD DoS while decoding Link State Update (CVE-2011-3326) - 718062: DoS while decoding EXTENDED_COMMUNITIES in Quagga last seen 2020-06-01 modified 2020-06-02 plugin id 75723 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75723 title openSUSE Security Update : quagga (openSUSE-SU-2011:1155-1) NASL family Fedora Local Security Checks NASL id FEDORA_2011-13504.NASL description fixes CVE-2011-332{3..7} update to latest upstream 0.99.20 fixes memory leak Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 56540 published 2011-10-19 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56540 title Fedora 15 : quagga-0.99.20-2.fc15 (2011-13504) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2012-1259.NASL description From Red Hat Security Advisory 2012:1259 : Updated quagga packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP (Border Gateway Protocol) routing protocol. The Quagga ospfd and ospf6d daemons implement the OSPF (Open Shortest Path First) routing protocol. A heap-based buffer overflow flaw was found in the way the bgpd daemon processed malformed Extended Communities path attributes. An attacker could send a specially crafted BGP message, causing bgpd on a target system to crash or, possibly, execute arbitrary code with the privileges of the user running bgpd. The UPDATE message would have to arrive from an explicitly configured BGP peer, but could have originated elsewhere in the BGP network. (CVE-2011-3327) A stack-based buffer overflow flaw was found in the way the ospf6d daemon processed malformed Link State Update packets. An OSPF router could use this flaw to crash ospf6d on an adjacent router. (CVE-2011-3323) A flaw was found in the way the ospf6d daemon processed malformed link state advertisements. An OSPF neighbor could use this flaw to crash ospf6d on a target system. (CVE-2011-3324) A flaw was found in the way the ospfd daemon processed malformed Hello packets. An OSPF neighbor could use this flaw to crash ospfd on a target system. (CVE-2011-3325) A flaw was found in the way the ospfd daemon processed malformed link state advertisements. An OSPF router in the autonomous system could use this flaw to crash ospfd on a target system. (CVE-2011-3326) An assertion failure was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to cause ospfd on an adjacent router to abort. (CVE-2012-0249) A buffer overflow flaw was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to crash ospfd on an adjacent router. (CVE-2012-0250) Two flaws were found in the way the bgpd daemon processed certain BGP OPEN messages. A configured BGP peer could cause bgpd on a target system to abort via a specially crafted BGP OPEN message. (CVE-2012-0255, CVE-2012-1820) Red Hat would like to thank CERT-FI for reporting CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326; and the CERT/CC for reporting CVE-2012-0249, CVE-2012-0250, CVE-2012-0255, and CVE-2012-1820. CERT-FI acknowledges Riku Hietamaki, Tuomo Untinen and Jukka Taimisto of the Codenomicon CROSS project as the original reporters of CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326. The CERT/CC acknowledges Martin Winter at OpenSourceRouting.org as the original reporter of CVE-2012-0249, CVE-2012-0250, and CVE-2012-0255, and Denis Ovsienko as the original reporter of CVE-2012-1820. Users of quagga should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the bgpd, ospfd, and ospf6d daemons will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 68618 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68618 title Oracle Linux 6 : quagga (ELSA-2012-1259) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_AB9BE2C8EF9111E0AD5A00215C6A37BB.NASL description CERT-FI reports : Five vulnerabilities have been found in the BGP, OSPF, and OSPFv3 components of Quagga. The vulnerabilities allow an attacker to cause a denial of service or potentially to execute his own code by sending a specially modified packets to an affected server. Routing messages are typically accepted from the routing peers. Exploiting these vulnerabilities may require an established routing session (BGP peering or OSPF/OSPFv3 adjacency) to the router. The vulnerability CVE-2011-3327 is related to the extended communities handling in BGP messages. Receiving a malformed BGP update can result in a buffer overflow and disruption of IPv4 routing. The vulnerability CVE-2011-3326 results from the handling of LSA (Link State Advertisement) states in the OSPF service. Receiving a modified Link State Update message with malicious state information can result in denial of service in IPv4 routing. The vulnerability CVE-2011-3325 is a denial of service vulnerability related to Hello message handling by the OSPF service. As Hello messages are used to initiate adjacencies, exploiting the vulnerability may be feasible from the same broadcast domain without an established adjacency. A malformed packet may result in denial of service in IPv4 routing. The vulnerabilities CVE-2011-3324 and CVE-2011-3323 are related to the IPv6 routing protocol (OSPFv3) implemented in ospf6d daemon. Receiving modified Database Description and Link State Update messages, respectively, can result in denial of service in IPv6 routing. last seen 2020-06-01 modified 2020-06-02 plugin id 56399 published 2011-10-06 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56399 title FreeBSD : quagga -- multiple vulnerabilities (ab9be2c8-ef91-11e0-ad5a-00215c6a37bb) NASL family Fedora Local Security Checks NASL id FEDORA_2011-13499.NASL description fixes CVE-2011-332{3..7} update to latest upstream 0.99.20 fixes memory leak Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 56539 published 2011-10-19 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56539 title Fedora 14 : quagga-0.99.20-2.fc14 (2011-13499) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-1258.NASL description Updated quagga packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP (Border Gateway Protocol) routing protocol. The Quagga ospfd and ospf6d daemons implement the OSPF (Open Shortest Path First) routing protocol. A heap-based buffer overflow flaw was found in the way the bgpd daemon processed malformed Extended Communities path attributes. An attacker could send a specially crafted BGP message, causing bgpd on a target system to crash or, possibly, execute arbitrary code with the privileges of the user running bgpd. The UPDATE message would have to arrive from an explicitly configured BGP peer, but could have originated elsewhere in the BGP network. (CVE-2011-3327) A NULL pointer dereference flaw was found in the way the bgpd daemon processed malformed route Extended Communities attributes. A configured BGP peer could crash bgpd on a target system via a specially crafted BGP message. (CVE-2010-1674) A stack-based buffer overflow flaw was found in the way the ospf6d daemon processed malformed Link State Update packets. An OSPF router could use this flaw to crash ospf6d on an adjacent router. (CVE-2011-3323) A flaw was found in the way the ospf6d daemon processed malformed link state advertisements. An OSPF neighbor could use this flaw to crash ospf6d on a target system. (CVE-2011-3324) A flaw was found in the way the ospfd daemon processed malformed Hello packets. An OSPF neighbor could use this flaw to crash ospfd on a target system. (CVE-2011-3325) A flaw was found in the way the ospfd daemon processed malformed link state advertisements. An OSPF router in the autonomous system could use this flaw to crash ospfd on a target system. (CVE-2011-3326) An assertion failure was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to cause ospfd on an adjacent router to abort. (CVE-2012-0249) A buffer overflow flaw was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to crash ospfd on an adjacent router. (CVE-2012-0250) Red Hat would like to thank CERT-FI for reporting CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326; and the CERT/CC for reporting CVE-2012-0249 and CVE-2012-0250. CERT-FI acknowledges Riku Hietamaki, Tuomo Untinen and Jukka Taimisto of the Codenomicon CROSS project as the original reporters of CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326. The CERT/CC acknowledges Martin Winter at OpenSourceRouting.org as the original reporter of CVE-2012-0249 and CVE-2012-0250. Users of quagga should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the bgpd, ospfd, and ospf6d daemons will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 62069 published 2012-09-13 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62069 title RHEL 5 : quagga (RHSA-2012:1258) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-1259.NASL description Updated quagga packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP (Border Gateway Protocol) routing protocol. The Quagga ospfd and ospf6d daemons implement the OSPF (Open Shortest Path First) routing protocol. A heap-based buffer overflow flaw was found in the way the bgpd daemon processed malformed Extended Communities path attributes. An attacker could send a specially crafted BGP message, causing bgpd on a target system to crash or, possibly, execute arbitrary code with the privileges of the user running bgpd. The UPDATE message would have to arrive from an explicitly configured BGP peer, but could have originated elsewhere in the BGP network. (CVE-2011-3327) A stack-based buffer overflow flaw was found in the way the ospf6d daemon processed malformed Link State Update packets. An OSPF router could use this flaw to crash ospf6d on an adjacent router. (CVE-2011-3323) A flaw was found in the way the ospf6d daemon processed malformed link state advertisements. An OSPF neighbor could use this flaw to crash ospf6d on a target system. (CVE-2011-3324) A flaw was found in the way the ospfd daemon processed malformed Hello packets. An OSPF neighbor could use this flaw to crash ospfd on a target system. (CVE-2011-3325) A flaw was found in the way the ospfd daemon processed malformed link state advertisements. An OSPF router in the autonomous system could use this flaw to crash ospfd on a target system. (CVE-2011-3326) An assertion failure was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to cause ospfd on an adjacent router to abort. (CVE-2012-0249) A buffer overflow flaw was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to crash ospfd on an adjacent router. (CVE-2012-0250) Two flaws were found in the way the bgpd daemon processed certain BGP OPEN messages. A configured BGP peer could cause bgpd on a target system to abort via a specially crafted BGP OPEN message. (CVE-2012-0255, CVE-2012-1820) Red Hat would like to thank CERT-FI for reporting CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326; and the CERT/CC for reporting CVE-2012-0249, CVE-2012-0250, CVE-2012-0255, and CVE-2012-1820. CERT-FI acknowledges Riku Hietamaki, Tuomo Untinen and Jukka Taimisto of the Codenomicon CROSS project as the original reporters of CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326. The CERT/CC acknowledges Martin Winter at OpenSourceRouting.org as the original reporter of CVE-2012-0249, CVE-2012-0250, and CVE-2012-0255, and Denis Ovsienko as the original reporter of CVE-2012-1820. Users of quagga should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the bgpd, ospfd, and ospf6d daemons will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 62070 published 2012-09-13 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62070 title RHEL 6 : quagga (RHSA-2012:1259) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2012-1258.NASL description Updated quagga packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP (Border Gateway Protocol) routing protocol. The Quagga ospfd and ospf6d daemons implement the OSPF (Open Shortest Path First) routing protocol. A heap-based buffer overflow flaw was found in the way the bgpd daemon processed malformed Extended Communities path attributes. An attacker could send a specially crafted BGP message, causing bgpd on a target system to crash or, possibly, execute arbitrary code with the privileges of the user running bgpd. The UPDATE message would have to arrive from an explicitly configured BGP peer, but could have originated elsewhere in the BGP network. (CVE-2011-3327) A NULL pointer dereference flaw was found in the way the bgpd daemon processed malformed route Extended Communities attributes. A configured BGP peer could crash bgpd on a target system via a specially crafted BGP message. (CVE-2010-1674) A stack-based buffer overflow flaw was found in the way the ospf6d daemon processed malformed Link State Update packets. An OSPF router could use this flaw to crash ospf6d on an adjacent router. (CVE-2011-3323) A flaw was found in the way the ospf6d daemon processed malformed link state advertisements. An OSPF neighbor could use this flaw to crash ospf6d on a target system. (CVE-2011-3324) A flaw was found in the way the ospfd daemon processed malformed Hello packets. An OSPF neighbor could use this flaw to crash ospfd on a target system. (CVE-2011-3325) A flaw was found in the way the ospfd daemon processed malformed link state advertisements. An OSPF router in the autonomous system could use this flaw to crash ospfd on a target system. (CVE-2011-3326) An assertion failure was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to cause ospfd on an adjacent router to abort. (CVE-2012-0249) A buffer overflow flaw was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to crash ospfd on an adjacent router. (CVE-2012-0250) Red Hat would like to thank CERT-FI for reporting CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326; and the CERT/CC for reporting CVE-2012-0249 and CVE-2012-0250. CERT-FI acknowledges Riku Hietamaki, Tuomo Untinen and Jukka Taimisto of the Codenomicon CROSS project as the original reporters of CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326. The CERT/CC acknowledges Martin Winter at OpenSourceRouting.org as the original reporter of CVE-2012-0249 and CVE-2012-0250. Users of quagga should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the bgpd, ospfd, and ospf6d daemons will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 62066 published 2012-09-13 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62066 title CentOS 5 : quagga (CESA-2012:1258) NASL family SuSE Local Security Checks NASL id SUSE_QUAGGA-7767.NASL description This update fixes the following security issues : - 718056: OSPF6D buffer overflow while decoding Link State Update with Inter Area Prefix Lsa. (CVE-2011-3323) - 718058: OSPF6D DoS while decoding Database Description packet. (CVE-2011-3324) - 718059: OSPFD DoS while decoding Hello packet. (CVE-2011-3325) - 718061: OSPFD DoS while decoding Link State Update. (CVE-2011-3326) - 718062: DoS while decoding EXTENDED_COMMUNITIES in Quagga last seen 2020-06-01 modified 2020-06-02 plugin id 56615 published 2011-10-24 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56615 title SuSE 10 Security Update : quagga (ZYPP Patch Number 7767) NASL family Scientific Linux Local Security Checks NASL id SL_20120912_QUAGGA_ON_SL5_X.NASL description A heap-based buffer overflow flaw was found in the way the bgpd daemon processed malformed Extended Communities path attributes. An attacker could send a specially crafted BGP message, causing bgpd on a target system to crash or, possibly, execute arbitrary code with the privileges of the user running bgpd. The UPDATE message would have to arrive from an explicitly configured BGP peer, but could have originated elsewhere in the BGP network. (CVE-2011-3327) A NULL pointer dereference flaw was found in the way the bgpd daemon processed malformed route Extended Communities attributes. A configured BGP peer could crash bgpd on a target system via a specially crafted BGP message. (CVE-2010-1674) A stack-based buffer overflow flaw was found in the way the ospf6d daemon processed malformed Link State Update packets. An OSPF router could use this flaw to crash ospf6d on an adjacent router. (CVE-2011-3323) A flaw was found in the way the ospf6d daemon processed malformed link state advertisements. An OSPF neighbor could use this flaw to crash ospf6d on a target system. (CVE-2011-3324) A flaw was found in the way the ospfd daemon processed malformed Hello packets. An OSPF neighbor could use this flaw to crash ospfd on a target system. (CVE-2011-3325) A flaw was found in the way the ospfd daemon processed malformed link state advertisements. An OSPF router in the autonomous system could use this flaw to crash ospfd on a target system. (CVE-2011-3326) An assertion failure was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to cause ospfd on an adjacent router to abort. (CVE-2012-0249) A buffer overflow flaw was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to crash ospfd on an adjacent router. (CVE-2012-0250) We would like to thank CERT-FI for reporting CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326; and the CERT/CC for reporting CVE-2012-0249 and CVE-2012-0250. CERT-FI acknowledges Riku Hietamki, Tuomo Untinen and Jukka Taimisto of the Codenomicon CROSS project as the original reporters of CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326. The CERT/CC acknowledges Martin Winter at OpenSourceRouting.org as the original reporter of CVE-2012-0249 and CVE-2012-0250. After installing the updated packages, the bgpd, ospfd, and ospf6d daemons will be restarted automatically. last seen 2020-03-18 modified 2012-09-14 plugin id 62094 published 2012-09-14 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62094 title Scientific Linux Security Update : quagga on SL5.x i386/x86_64 (20120912) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2316.NASL description Riku Hietamaki, Tuomo Untinen and Jukka Taimisto discovered several vulnerabilities in Quagga, an Internet routing daemon : - CVE-2011-3323 A stack-based buffer overflow while decoding Link State Update packets with a malformed Inter Area Prefix LSA can cause the ospf6d process to crash or (potentially) execute arbitrary code. - CVE-2011-3324 The ospf6d process can crash while processing a Database Description packet with a crafted Link-State-Advertisement. - CVE-2011-3325 The ospfd process can crash while processing a crafted Hello packet. - CVE-2011-3326 The ospfd process crashes while processing Link-State-Advertisements of a type not known to Quagga. - CVE-2011-3327 A heap-based buffer overflow while processing BGP UPDATE messages containing an Extended Communities path attribute can cause the bgpd process to crash or (potentially) execute arbitrary code. The OSPF-related vulnerabilities require that potential attackers send packets to a vulnerable Quagga router; the packets are not distributed over OSPF. In contrast, the BGP UPDATE messages could be propagated by some routers. last seen 2020-03-17 modified 2011-10-06 plugin id 56394 published 2011-10-06 reporter This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56394 title Debian DSA-2316-1 : quagga - several vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_11_QUAGGA-110921.NASL description This update fixes the following security issues : - 718056: OSPF6D buffer overflow while decoding Link State Update with Inter Area Prefix Lsa. (CVE-2011-3323) - 718058: OSPF6D DoS while decoding Database Description packet. (CVE-2011-3324) - 718059: OSPFD DoS while decoding Hello packet. (CVE-2011-3325) - 718061: OSPFD DoS while decoding Link State Update. (CVE-2011-3326) - 718062: DoS while decoding EXTENDED_COMMUNITIES in Quagga last seen 2020-06-01 modified 2020-06-02 plugin id 57132 published 2011-12-13 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57132 title SuSE 11.1 Security Update : quagga (SAT Patch Number 5169) NASL family SuSE Local Security Checks NASL id SUSE_QUAGGA-7768.NASL description This update fixes the following security issues : - 718056: OSPF6D buffer overflow while decoding Link State Update with Inter Area Prefix Lsa. (CVE-2011-3323) - 718058: OSPF6D DoS while decoding Database Description packet. (CVE-2011-3324) - 718059: OSPFD DoS while decoding Hello packet. (CVE-2011-3325) - 718061: OSPFD DoS while decoding Link State Update. (CVE-2011-3326) - 718062: DoS while decoding EXTENDED_COMMUNITIES in Quagga last seen 2020-06-01 modified 2020-06-02 plugin id 57250 published 2011-12-13 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57250 title SuSE 10 Security Update : quagga (ZYPP Patch Number 7768) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2012-1258.NASL description From Red Hat Security Advisory 2012:1258 : Updated quagga packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP (Border Gateway Protocol) routing protocol. The Quagga ospfd and ospf6d daemons implement the OSPF (Open Shortest Path First) routing protocol. A heap-based buffer overflow flaw was found in the way the bgpd daemon processed malformed Extended Communities path attributes. An attacker could send a specially crafted BGP message, causing bgpd on a target system to crash or, possibly, execute arbitrary code with the privileges of the user running bgpd. The UPDATE message would have to arrive from an explicitly configured BGP peer, but could have originated elsewhere in the BGP network. (CVE-2011-3327) A NULL pointer dereference flaw was found in the way the bgpd daemon processed malformed route Extended Communities attributes. A configured BGP peer could crash bgpd on a target system via a specially crafted BGP message. (CVE-2010-1674) A stack-based buffer overflow flaw was found in the way the ospf6d daemon processed malformed Link State Update packets. An OSPF router could use this flaw to crash ospf6d on an adjacent router. (CVE-2011-3323) A flaw was found in the way the ospf6d daemon processed malformed link state advertisements. An OSPF neighbor could use this flaw to crash ospf6d on a target system. (CVE-2011-3324) A flaw was found in the way the ospfd daemon processed malformed Hello packets. An OSPF neighbor could use this flaw to crash ospfd on a target system. (CVE-2011-3325) A flaw was found in the way the ospfd daemon processed malformed link state advertisements. An OSPF router in the autonomous system could use this flaw to crash ospfd on a target system. (CVE-2011-3326) An assertion failure was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to cause ospfd on an adjacent router to abort. (CVE-2012-0249) A buffer overflow flaw was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to crash ospfd on an adjacent router. (CVE-2012-0250) Red Hat would like to thank CERT-FI for reporting CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326; and the CERT/CC for reporting CVE-2012-0249 and CVE-2012-0250. CERT-FI acknowledges Riku Hietamaki, Tuomo Untinen and Jukka Taimisto of the Codenomicon CROSS project as the original reporters of CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326. The CERT/CC acknowledges Martin Winter at OpenSourceRouting.org as the original reporter of CVE-2012-0249 and CVE-2012-0250. Users of quagga should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the bgpd, ospfd, and ospf6d daemons will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 68617 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68617 title Oracle Linux 5 : quagga (ELSA-2012-1258) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1261-1.NASL description Riku Hietamaki, Tuomo Untinen and Jukka Taimisto discovered that Quagga incorrectly handled Link State Update messages with invalid lengths. A remote attacker could use this flaw to cause Quagga to crash, resulting in a denial of service. (CVE-2011-3323) Riku Hietamaki, Tuomo Untinen and Jukka Taimisto discovered that Quagga incorrectly handled certain IPv6 Database Description messages. A remote attacker could use this flaw to cause Quagga to crash, resulting in a denial of service. (CVE-2011-3324) Riku Hietamaki, Tuomo Untinen and Jukka Taimisto discovered that Quagga incorrectly handled certain IPv4 packets. A remote attacker could use this flaw to cause Quagga to crash, resulting in a denial of service. (CVE-2011-3325) Riku Hietamaki, Tuomo Untinen and Jukka Taimisto discovered that Quagga incorrectly handled invalid Link State Advertisement (LSA) types. A remote attacker could use this flaw to cause Quagga to crash, resulting in a denial of service. (CVE-2011-3326) Riku Hietamaki, Tuomo Untinen and Jukka Taimisto discovered that Quagga incorrectly handled certain BGP UPDATE messages. A remote attacker could use this flaw to cause Quagga to crash, or possibly execute arbitrary code. (CVE-2011-3327). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 56853 published 2011-11-16 reporter Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56853 title Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : quagga vulnerabilities (USN-1261-1) NASL family Scientific Linux Local Security Checks NASL id SL_20120912_QUAGGA_ON_SL6_X.NASL description A heap-based buffer overflow flaw was found in the way the bgpd daemon processed malformed Extended Communities path attributes. An attacker could send a specially crafted BGP message, causing bgpd on a target system to crash or, possibly, execute arbitrary code with the privileges of the user running bgpd. The UPDATE message would have to arrive from an explicitly configured BGP peer, but could have originated elsewhere in the BGP network. (CVE-2011-3327) A stack-based buffer overflow flaw was found in the way the ospf6d daemon processed malformed Link State Update packets. An OSPF router could use this flaw to crash ospf6d on an adjacent router. (CVE-2011-3323) A flaw was found in the way the ospf6d daemon processed malformed link state advertisements. An OSPF neighbor could use this flaw to crash ospf6d on a target system. (CVE-2011-3324) A flaw was found in the way the ospfd daemon processed malformed Hello packets. An OSPF neighbor could use this flaw to crash ospfd on a target system. (CVE-2011-3325) A flaw was found in the way the ospfd daemon processed malformed link state advertisements. An OSPF router in the autonomous system could use this flaw to crash ospfd on a target system. (CVE-2011-3326) An assertion failure was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to cause ospfd on an adjacent router to abort. (CVE-2012-0249) A buffer overflow flaw was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to crash ospfd on an adjacent router. (CVE-2012-0250) Two flaws were found in the way the bgpd daemon processed certain BGP OPEN messages. A configured BGP peer could cause bgpd on a target system to abort via a specially crafted BGP OPEN message. (CVE-2012-0255, CVE-2012-1820) We would like to thank CERT-FI for reporting CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326; and the CERT/CC for reporting CVE-2012-0249, CVE-2012-0250, CVE-2012-0255, and CVE-2012-1820. CERT-FI acknowledges Riku Hietamki, Tuomo Untinen and Jukka Taimisto of the Codenomicon CROSS project as the original reporters of CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326. The CERT/CC acknowledges Martin Winter at OpenSourceRouting.org as the original reporter of CVE-2012-0249, CVE-2012-0250, and CVE-2012-0255, and Denis Ovsienko as the original reporter of CVE-2012-1820. After installing the updated packages, the bgpd, ospfd, and ospf6d daemons will be restarted automatically. last seen 2020-03-18 modified 2012-09-14 plugin id 62095 published 2012-09-14 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62095 title Scientific Linux Security Update : quagga on SL6.x i386/x86_64 (20120912) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2012-1259.NASL description Updated quagga packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP (Border Gateway Protocol) routing protocol. The Quagga ospfd and ospf6d daemons implement the OSPF (Open Shortest Path First) routing protocol. A heap-based buffer overflow flaw was found in the way the bgpd daemon processed malformed Extended Communities path attributes. An attacker could send a specially crafted BGP message, causing bgpd on a target system to crash or, possibly, execute arbitrary code with the privileges of the user running bgpd. The UPDATE message would have to arrive from an explicitly configured BGP peer, but could have originated elsewhere in the BGP network. (CVE-2011-3327) A stack-based buffer overflow flaw was found in the way the ospf6d daemon processed malformed Link State Update packets. An OSPF router could use this flaw to crash ospf6d on an adjacent router. (CVE-2011-3323) A flaw was found in the way the ospf6d daemon processed malformed link state advertisements. An OSPF neighbor could use this flaw to crash ospf6d on a target system. (CVE-2011-3324) A flaw was found in the way the ospfd daemon processed malformed Hello packets. An OSPF neighbor could use this flaw to crash ospfd on a target system. (CVE-2011-3325) A flaw was found in the way the ospfd daemon processed malformed link state advertisements. An OSPF router in the autonomous system could use this flaw to crash ospfd on a target system. (CVE-2011-3326) An assertion failure was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to cause ospfd on an adjacent router to abort. (CVE-2012-0249) A buffer overflow flaw was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to crash ospfd on an adjacent router. (CVE-2012-0250) Two flaws were found in the way the bgpd daemon processed certain BGP OPEN messages. A configured BGP peer could cause bgpd on a target system to abort via a specially crafted BGP OPEN message. (CVE-2012-0255, CVE-2012-1820) Red Hat would like to thank CERT-FI for reporting CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326; and the CERT/CC for reporting CVE-2012-0249, CVE-2012-0250, CVE-2012-0255, and CVE-2012-1820. CERT-FI acknowledges Riku Hietamaki, Tuomo Untinen and Jukka Taimisto of the Codenomicon CROSS project as the original reporters of CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326. The CERT/CC acknowledges Martin Winter at OpenSourceRouting.org as the original reporter of CVE-2012-0249, CVE-2012-0250, and CVE-2012-0255, and Denis Ovsienko as the original reporter of CVE-2012-1820. Users of quagga should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the bgpd, ospfd, and ospf6d daemons will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 62081 published 2012-09-14 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62081 title CentOS 6 : quagga (CESA-2012:1259) NASL family Misc. NASL id QUAGGA_0_99_19.NASL description According to its self-reported version number, the installation of Quagga listening on the remote host is affected by multiple vulnerabilities : - A denial of service vulnerability in OSPF6D can be triggered by a specially crafted Link Status Update message with an invalid IPv6 prefix length. (CVE-2011-3323) - A denial of service vulnerability in OSPF6D can be triggered by a specially crafted IPv6 Database Description message with trailing zero values in the Link State Advertisement header list. (CVE-2011-3324) - A denial of service vulnerability in OSPFD can be triggered by a 0x0A type field in an IPv4 packet header or a truncated IPv4 Hello packet. (CVE-2011-3325) - A denial of service vulnerability in OSPFD can be triggered by a specially crafted IPv4 Link State Update message with an invalid Link State Advertisement type. (CVE-2011-3326) - A heap-based buffer overflow in BGPD can be triggered by a specially crafted UPDATE message over IPv4. (CVE-2011-3326) last seen 2020-06-01 modified 2020-06-02 plugin id 59790 published 2012-06-29 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59790 title Quagga < 0.99.19 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_11_QUAGGA-110920.NASL description This update fixes the following security issues : - 718056: OSPF6D buffer overflow while decoding Link State Update with Inter Area Prefix Lsa. (CVE-2011-3323) - 718058: OSPF6D DoS while decoding Database Description packet. (CVE-2011-3324) - 718059: OSPFD DoS while decoding Hello packet. (CVE-2011-3325) - 718061: OSPFD DoS while decoding Link State Update. (CVE-2011-3326) - 718062: DoS while decoding EXTENDED_COMMUNITIES in Quagga last seen 2020-06-01 modified 2020-06-02 plugin id 57131 published 2011-12-13 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57131 title SuSE 11.1 Security Update : quagga (SAT Patch Number 5169) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201202-02.NASL description The remote host is affected by the vulnerability described in GLSA-201202-02 (Quagga: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Quagga. Please review the CVE identifiers referenced below for details. Impact : A BGP peer could send a Route-Refresh message with specially crafted ORF record, which can cause Quagga last seen 2020-06-01 modified 2020-06-02 plugin id 58081 published 2012-02-22 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58081 title GLSA-201202-02 : Quagga: Multiple vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2011-13492.NASL description fixes CVE-2011-332{3..7} update to latest upstream 0.99.20 fixes memory leak Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 56538 published 2011-10-19 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56538 title Fedora 16 : quagga-0.99.20-2.fc16 (2011-13492) NASL family SuSE Local Security Checks NASL id SUSE_11_4_QUAGGA-111013.NASL description This update fixes the following security issues : - 718056: OSPF6D buffer overflow while decoding Link State Update with Inter Area Prefix Lsa (CVE-2011-3323) - 718058: OSPF6D DoS while decoding Database Description packet (CVE-2011-3324) - 718059: OSPFD DoS while decoding Hello packet (CVE-2011-3325) - 718061: OSPFD DoS while decoding Link State Update (CVE-2011-3326) - 718062: DoS while decoding EXTENDED_COMMUNITIES in Quagga last seen 2020-06-01 modified 2020-06-02 plugin id 76007 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76007 title openSUSE Security Update : quagga (openSUSE-SU-2011:1155-1)
Redhat
advisories |
| ||||||||
rpms |
|
References
- https://www.cert.fi/en/reports/2011/vulnerability539178.html
- http://www.quagga.net/download/quagga-0.99.19.changelog.txt
- https://bugzilla.redhat.com/show_bug.cgi?id=738400
- http://www.debian.org/security/2011/dsa-2316
- http://www.kb.cert.org/vuls/id/668534
- http://secunia.com/advisories/46139
- http://secunia.com/advisories/46274
- http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00027.html
- http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html
- http://rhn.redhat.com/errata/RHSA-2012-1258.html
- http://rhn.redhat.com/errata/RHSA-2012-1259.html
- http://security.gentoo.org/glsa/glsa-201202-02.xml
- http://secunia.com/advisories/48106
- http://code.quagga.net/?p=quagga.git%3Ba=commit%3Bh=94431dbc753171b48b5c6806af97fd690813b00a