What is the severity of CVE-2010-2948?

CVE-2010-2948 is considered a high severity vulnerability due to its potential for a stack buffer overflow leading to code execution.

How do I fix CVE-2010-2948?

To fix CVE-2010-2948, upgrade Quagga to the latest version that addresses this vulnerability.

What versions of Quagga are affected by CVE-2010-2948?

CVE-2010-2948 affects multiple Quagga versions including 0.95, 0.96, 0.97.0, 0.98.0, and up to 0.99.16.

What kind of attack could exploit CVE-2010-2948?

An attacker could exploit CVE-2010-2948 by sending a crafted Route-Refresh message to trigger a buffer overflow in the bgpd daemon.

Is there a risk of data leakage with CVE-2010-2948?

Yes, CVE-2010-2948 may lead to data leakage or unauthorized access due to a successful exploit on the affected Quagga implementations.

Vulnerability/
CVE-2010-2948

medium

6.5

CWE

119

24/8/2010

10/9/2010

13/2/2023

CVE-2010-2948: Buffer Overflow

First published: Tue Aug 24 2010(Updated: )

A stack buffer overflow flaw was found in the way Quagga's bgpd daemon processed Route-Refresh messages. A configured Border Gateway Protocol (BGP) peer could send a Route-Refresh message with specially-crafted Outbound Route Filtering (ORF) record, which would cause the master BGP daemon (bgpd) to crash or, possibly, execute arbitrary code with the privileges of the user running bgpd. Upstream changeset: [1] <a href="http://code.quagga.net/?p=quagga.git;a=commit;h=d64379e8f3c0636df53ed08d5b2f1946cfedd0e3">http://code.quagga.net/?p=quagga.git;a=commit;h=d64379e8f3c0636df53ed08d5b2f1946cfedd0e3</a> References: [2] <a href="http://www.quagga.net/news2.php?y=2010&m=8&d=19#id1282241100">http://www.quagga.net/news2.php?y=2010&m=8&d=19#id1282241100</a> CVE request: [3] <a href="http://www.openwall.com/lists/oss-security/2010/08/24/3">http://www.openwall.com/lists/oss-security/2010/08/24/3</a>

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Quagga Routing Software Suite	=0.99.11
Quagga Routing Software Suite	=0.99.2
Quagga Routing Software Suite	=0.97.5
Quagga Routing Software Suite	=0.95
Quagga Routing Software Suite	=0.98.3
Quagga Routing Software Suite	=0.96.3
Quagga Routing Software Suite	=0.99.4
Quagga Routing Software Suite	=0.99.7
Quagga Routing Software Suite	=0.99.14
Quagga Routing Software Suite	=0.99.5
Quagga Routing Software Suite	=0.96.5
Quagga Routing Software Suite	=0.98.0
Quagga Routing Software Suite	<=0.99.16
Quagga Routing Software Suite	=0.96.1
Quagga Routing Software Suite	=0.98.1
Quagga Routing Software Suite	=0.96.4
Quagga Routing Software Suite	=0.98.5
Quagga Routing Software Suite	=0.97.3
Quagga Routing Software Suite	=0.99.3
Quagga Routing Software Suite	=0.99.13
Quagga Routing Software Suite	=0.99.6
Quagga Routing Software Suite	=0.98.6
Quagga Routing Software Suite	=0.97.4
Quagga Routing Software Suite	=0.98.4
Quagga Routing Software Suite	=0.99.12
Quagga Routing Software Suite	=0.98.2
Quagga Routing Software Suite	=0.97.1
Quagga Routing Software Suite	=0.97.0
Quagga Routing Software Suite	=0.96.2
Quagga Routing Software Suite	=0.99.9
Quagga Routing Software Suite	=0.99.1
Quagga Routing Software Suite	=0.97.2
Quagga Routing Software Suite	=0.99.15
Quagga Routing Software Suite	=0.99.10
Quagga Routing Software Suite	=0.99.8
Quagga Routing Software Suite	=0.96

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2010-2948?
CVE-2010-2948 is considered a high severity vulnerability due to its potential for a stack buffer overflow leading to code execution.
How do I fix CVE-2010-2948?
To fix CVE-2010-2948, upgrade Quagga to the latest version that addresses this vulnerability.
What versions of Quagga are affected by CVE-2010-2948?
CVE-2010-2948 affects multiple Quagga versions including 0.95, 0.96, 0.97.0, 0.98.0, and up to 0.99.16.
What kind of attack could exploit CVE-2010-2948?
An attacker could exploit CVE-2010-2948 by sending a crafted Route-Refresh message to trigger a buffer overflow in the bgpd daemon.
Is there a risk of data leakage with CVE-2010-2948?
Yes, CVE-2010-2948 may lead to data leakage or unauthorized access due to a successful exploit on the affected Quagga implementations.

collector/redhat-bugzilla
alias/CVE-2010-2948
agent/type
agent/last-modified-date
agent/first-publish-date
agent/softwarecombine
agent/tags
agent/event
agent/severity
agent/references
agent/weakness
agent/author
agent/description
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
vendor/quagga
canonical/quagga routing software suite
version/quagga routing software suite/0.99.11
version/quagga routing software suite/0.99.2
version/quagga routing software suite/0.97.5
version/quagga routing software suite/0.95
version/quagga routing software suite/0.98.3
version/quagga routing software suite/0.96.3
version/quagga routing software suite/0.99.4
version/quagga routing software suite/0.99.7
version/quagga routing software suite/0.99.14
version/quagga routing software suite/0.99.5
version/quagga routing software suite/0.96.5
version/quagga routing software suite/0.98.0
version/quagga routing software suite/0.99.16
version/quagga routing software suite/0.96.1
version/quagga routing software suite/0.98.1
version/quagga routing software suite/0.96.4
version/quagga routing software suite/0.98.5
version/quagga routing software suite/0.97.3
version/quagga routing software suite/0.99.3
version/quagga routing software suite/0.99.13
version/quagga routing software suite/0.99.6
version/quagga routing software suite/0.98.6
version/quagga routing software suite/0.97.4
version/quagga routing software suite/0.98.4
version/quagga routing software suite/0.99.12
version/quagga routing software suite/0.98.2
version/quagga routing software suite/0.97.1
version/quagga routing software suite/0.97.0
version/quagga routing software suite/0.96.2
version/quagga routing software suite/0.99.9
version/quagga routing software suite/0.99.1
version/quagga routing software suite/0.97.2
version/quagga routing software suite/0.99.15
version/quagga routing software suite/0.99.10
version/quagga routing software suite/0.99.8
version/quagga routing software suite/0.96