Multiple vulnerabilities in quagga.net Quagga
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2011-3323 CVE-2011-3324 CVE-2011-3325 CVE-2011-3326 CVE-2011-3327 |
| CWE-ID | CWE-119 CWE-399 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Quagga Server applications / Other server solutions |
| Vendor | quagga.net |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU44626
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-3323
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a denial of service (out-of-bounds memory access and daemon crash) via a Link State Update message with an invalid IPv6 prefix length.
MitigationInstall update from vendor's website.
Vulnerable software versionsQuagga: 0.95 - 0.99.17
CPE2.3- cpe:2.3:a:quagga_net:quagga:0.95:*:*:*:*:*:*:*
- cpe:2.3:a:quagga_net:quagga:0.96:*:*:*:*:*:*:*
- cpe:2.3:a:quagga_net:quagga:0.96.1:*:*:*:*:*:*:*
https://code.quagga.net/?p=quagga.git;a=commit;h=abc7ef44ca05493500865ce81f7b84f5c4eb6594
https://lists.opensuse.org/opensuse-security-announce/2011-09/msg00027.html
https://lists.opensuse.org/opensuse-security-announce/2011-10/msg00007.html
https://lists.opensuse.org/opensuse-security-announce/2011-10/msg00010.html
https://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html
https://rhn.redhat.com/errata/RHSA-2012-1258.html
https://rhn.redhat.com/errata/RHSA-2012-1259.html
https://secunia.com/advisories/46139
https://secunia.com/advisories/46274
https://secunia.com/advisories/48106
https://security.gentoo.org/glsa/glsa-201202-02.xml
https://www.debian.org/security/2011/dsa-2316
https://www.kb.cert.org/vuls/id/668534
https://www.quagga.net/download/quagga-0.99.19.changelog.txt
https://www.cert.fi/en/reports/2011/vulnerability539178.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Resource management error
EUVDB-ID: #VU44627
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-3324
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The ospf6_lsa_is_changed function in ospf6_lsa.c in the OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via trailing zero values in the Link State Advertisement (LSA) header list of an IPv6 Database Description message.
MitigationInstall update from vendor's website.
Vulnerable software versionsQuagga: 0.95 - 0.99.17
CPE2.3- cpe:2.3:a:quagga_net:quagga:0.95:*:*:*:*:*:*:*
- cpe:2.3:a:quagga_net:quagga:0.96:*:*:*:*:*:*:*
- cpe:2.3:a:quagga_net:quagga:0.96.1:*:*:*:*:*:*:*
https://code.quagga.net/?p=quagga.git;a=commit;h=09395e2a0e93b2cf4258cb1de91887948796bb68
https://lists.opensuse.org/opensuse-security-announce/2011-09/msg00027.html
https://lists.opensuse.org/opensuse-security-announce/2011-10/msg00007.html
https://lists.opensuse.org/opensuse-security-announce/2011-10/msg00010.html
https://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html
https://rhn.redhat.com/errata/RHSA-2012-1258.html
https://rhn.redhat.com/errata/RHSA-2012-1259.html
https://secunia.com/advisories/46139
https://secunia.com/advisories/46274
https://secunia.com/advisories/48106
https://security.gentoo.org/glsa/glsa-201202-02.xml
https://www.debian.org/security/2011/dsa-2316
https://www.kb.cert.org/vuls/id/668534
https://www.quagga.net/download/quagga-0.99.19.changelog.txt
https://www.cert.fi/en/reports/2011/vulnerability539178.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Resource management error
EUVDB-ID: #VU44628
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-3325
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
ospf_packet.c in ospfd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) via (1) a 0x0a type field in an IPv4 packet header or (2) a truncated IPv4 Hello packet.
MitigationInstall update from vendor's website.
Vulnerable software versionsQuagga: 0.95 - 0.99.17
CPE2.3- cpe:2.3:a:quagga_net:quagga:0.95:*:*:*:*:*:*:*
- cpe:2.3:a:quagga_net:quagga:0.96:*:*:*:*:*:*:*
- cpe:2.3:a:quagga_net:quagga:0.96.1:*:*:*:*:*:*:*
https://code.quagga.net/?p=quagga.git;a=commit;h=61ab0301606053192f45c188bc48afc837518770
https://code.quagga.net/?p=quagga.git;a=commit;h=717750433839762d23a5f8d88fe0b4d57c8d490a
https://lists.opensuse.org/opensuse-security-announce/2011-09/msg00027.html
https://lists.opensuse.org/opensuse-security-announce/2011-10/msg00007.html
https://lists.opensuse.org/opensuse-security-announce/2011-10/msg00010.html
https://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html
https://rhn.redhat.com/errata/RHSA-2012-1258.html
https://rhn.redhat.com/errata/RHSA-2012-1259.html
https://secunia.com/advisories/46139
https://secunia.com/advisories/46274
https://secunia.com/advisories/48106
https://security.gentoo.org/glsa/glsa-201202-02.xml
https://www.debian.org/security/2011/dsa-2316
https://www.kb.cert.org/vuls/id/668534
https://www.quagga.net/download/quagga-0.99.19.changelog.txt
https://bugzilla.redhat.com/show_bug.cgi?id=738396
https://www.cert.fi/en/reports/2011/vulnerability539178.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Resource management error
EUVDB-ID: #VU44629
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-3326
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The ospf_flood function in ospf_flood.c in ospfd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) via an invalid Link State Advertisement (LSA) type in an IPv4 Link State Update message.
MitigationInstall update from vendor's website.
Vulnerable software versionsQuagga: 0.95 - 0.99.17
CPE2.3- cpe:2.3:a:quagga_net:quagga:0.95:*:*:*:*:*:*:*
- cpe:2.3:a:quagga_net:quagga:0.96:*:*:*:*:*:*:*
- cpe:2.3:a:quagga_net:quagga:0.96.1:*:*:*:*:*:*:*
https://code.quagga.net/?p=quagga.git;a=commit;h=6b161fc12a15aba8824c84d1eb38e529aaf70769
https://lists.opensuse.org/opensuse-security-announce/2011-09/msg00027.html
https://lists.opensuse.org/opensuse-security-announce/2011-10/msg00007.html
https://lists.opensuse.org/opensuse-security-announce/2011-10/msg00010.html
https://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html
https://rhn.redhat.com/errata/RHSA-2012-1258.html
https://rhn.redhat.com/errata/RHSA-2012-1259.html
https://secunia.com/advisories/46139
https://secunia.com/advisories/46274
https://secunia.com/advisories/48106
https://security.gentoo.org/glsa/glsa-201202-02.xml
https://www.debian.org/security/2011/dsa-2316
https://www.kb.cert.org/vuls/id/668534
https://www.quagga.net/download/quagga-0.99.19.changelog.txt
https://www.cert.fi/en/reports/2011/vulnerability539178.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Buffer overflow
EUVDB-ID: #VU44630
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-3327
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Heap-based buffer overflow in the ecommunity_ecom2str function in bgp_ecommunity.c in bgpd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by sending a crafted BGP UPDATE message over IPv4.
MitigationInstall update from vendor's website.
Vulnerable software versionsQuagga: 0.95 - 0.99.17
CPE2.3- cpe:2.3:a:quagga_net:quagga:0.95:*:*:*:*:*:*:*
- cpe:2.3:a:quagga_net:quagga:0.96:*:*:*:*:*:*:*
- cpe:2.3:a:quagga_net:quagga:0.96.1:*:*:*:*:*:*:*
https://code.quagga.net/?p=quagga.git;a=commit;h=94431dbc753171b48b5c6806af97fd690813b00a
https://lists.opensuse.org/opensuse-security-announce/2011-09/msg00027.html
https://lists.opensuse.org/opensuse-security-announce/2011-10/msg00007.html
https://lists.opensuse.org/opensuse-security-announce/2011-10/msg00010.html
https://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html
https://rhn.redhat.com/errata/RHSA-2012-1258.html
https://rhn.redhat.com/errata/RHSA-2012-1259.html
https://secunia.com/advisories/46139
https://secunia.com/advisories/46274
https://secunia.com/advisories/48106
https://security.gentoo.org/glsa/glsa-201202-02.xml
https://www.debian.org/security/2011/dsa-2316
https://www.kb.cert.org/vuls/id/668534
https://www.quagga.net/download/quagga-0.99.19.changelog.txt
https://bugzilla.redhat.com/show_bug.cgi?id=738400
https://www.cert.fi/en/reports/2011/vulnerability539178.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
