REDHAT-BUG-626783: Buffer Overflow
First published: Tue Aug 24 2010(Updated: )
A stack buffer overflow flaw was found in the way Quagga's bgpd daemon processed Route-Refresh messages. A configured Border Gateway Protocol (BGP) peer could send a Route-Refresh message with specially-crafted Outbound Route Filtering (ORF) record, which would cause the master BGP daemon (bgpd) to crash or, possibly, execute arbitrary code with the privileges of the user running bgpd. Upstream changeset: [1] <a href="http://code.quagga.net/?p=quagga.git;a=commit;h=d64379e8f3c0636df53ed08d5b2f1946cfedd0e3">http://code.quagga.net/?p=quagga.git;a=commit;h=d64379e8f3c0636df53ed08d5b2f1946cfedd0e3</a> References: [2] <a href="http://www.quagga.net/news2.php?y=2010&m=8&d=19#id1282241100">http://www.quagga.net/news2.php?y=2010&m=8&d=19#id1282241100</a> CVE request: [3] <a href="http://www.openwall.com/lists/oss-security/2010/08/24/3">http://www.openwall.com/lists/oss-security/2010/08/24/3</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Quagga Routing Software Suite |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://code.quagga.net/?p=quagga.git;a=commit;h=d64379e8f3c0636df53ed08d5b2f1946cfedd0e3
- http://www.quagga.net/news2.php?y=2010&m=8&d=19#id1282241100
- http://www.openwall.com/lists/oss-security/2010/08/24/3
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=628981
- http://www.redhat.com/security/updates/errata
- https://rhn.redhat.com/errata/RHSA-2010-0785.html
- https://rhn.redhat.com/errata/RHSA-2010-0945.html
- https://bugzilla.redhat.com/show_bug.cgi?id=626783
Frequently Asked Questions
What is the severity of REDHAT-BUG-626783?
The severity of REDHAT-BUG-626783 is categorized as critical due to the potential for remote code execution caused by a stack buffer overflow.
How do I fix REDHAT-BUG-626783?
To fix REDHAT-BUG-626783, you should update Quagga to the latest patched version to mitigate the buffer overflow vulnerability.
What systems are affected by REDHAT-BUG-626783?
The systems affected by REDHAT-BUG-626783 include installations of Quagga’s bgpd daemon that handle BGP route-refresh messages.
What is a stack buffer overflow in REDHAT-BUG-626783?
In the context of REDHAT-BUG-626783, a stack buffer overflow occurs when the bgpd daemon improperly processes specially-crafted Route-Refresh messages, leading to memory corruption.
Can REDHAT-BUG-626783 lead to data breaches?
Yes, if exploited, REDHAT-BUG-626783 could potentially allow an attacker to execute arbitrary code, leading to unauthorized access and data breaches.
- collector/redhat-bugzilla
- alias/CVE-2010-2948
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/description
- agent/event
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/quagga
- canonical/quagga routing software suite