SB2013101009 - Gentoo update for Quagga 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2013101009

SB2013101009 - Gentoo update for Quagga

Published: October 10, 2013 Updated: September 25, 2016

Security Bulletin ID SB2013101009
Severity
Medium
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 20% Low 80%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Buffer overflow (CVE-ID: CVE-2012-0249)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

Buffer overflow in the ospf_ls_upd_list_lsa function in ospf_packet.c in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a Link State Update (aka LS Update) packet that is smaller than the length specified in its header.


2) Buffer overflow (CVE-ID: CVE-2012-0250)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (daemon crash) via a Link State Update (aka LS Update) packet containing a network-LSA link-state advertisement for which the data-structure length is smaller than the value in the Length header field.


3) Buffer overflow (CVE-ID: CVE-2012-0255)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The BGP implementation in bgpd in Quagga before 0.99.20.1 does not properly use message buffers for OPEN messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a message associated with a malformed Four-octet AS Number Capability (aka AS4 capability).


4) Input validation error (CVE-ID: CVE-2012-1820)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering (ORF) capability TLV in an OPEN message.


5) Stack-based buffer overflow (CVE-ID: CVE-2013-2236)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the new_msg_lsa_change_notify function in the OSPFD API (ospf_api.c) when processing a large LSA. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


Remediation

Install update from vendor's website.

References