First published: Tue Oct 18 2016(Updated: )
A buffer overflow exists in the IPv6 (Router Advertisement) code in Zebra. The issue can be triggered on an IPv6 address where the Quagga daemon is reachable by a RA (Router Advertisement or IPv6 ICMP message. The issue leads to a crash of the zebra daemon. In specific circumstances this vulnerability may allow remote code execution. Upstream patch: <a href="https://github.com/Quagga/quagga/commit/cfb1fae25f8c092e0d17073eaf7bd428ce1cd546">https://github.com/Quagga/quagga/commit/cfb1fae25f8c092e0d17073eaf7bd428ce1cd546</a> References: <a href="http://www.gossamer-threads.com/lists/quagga/users/31952">http://www.gossamer-threads.com/lists/quagga/users/31952</a> Workarounds: Disable IPv6 neighbor discovery announcements on all interfaces ("ipv6 nd suppress-ra" configured under all interfaces). Make sure to have it disabled on ALL interfaces.
Credit: security@debian.org
Affected Software | Affected Version | How to fix |
---|---|---|
debian/quagga | 1.2.4-3 | |
debian/quagga | <=0.99.22.4-1<=0.99.23.1-1 | 0.99.22.4-1+wheezy3+deb7u1 0.99.23.1-1+deb8u3 1.0.20160315-3 |
redhat/Quagga | <1.0.20161017 | 1.0.20161017 |
Quagga Routing Software Suite | <=1.0.20160315 | |
Debian GNU/Linux | =8.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2016-1245 is classified as a high-severity vulnerability due to its potential to cause a denial-of-service condition.
To resolve CVE-2016-1245, upgrade to the patched versions of Quagga mentioned in the vulnerability details.
CVE-2016-1245 affects multiple versions of Quagga, specifically versions prior to 1.2.4-3 and those listed for Debian and Red Hat.
CVE-2016-1245 involves a buffer overflow attack triggered by IPv6 Router Advertisement messages.
Exploitation of CVE-2016-1245 can lead to crashes of the zebra daemon, resulting in a denial of service.