First published: Wed Sep 12 2012(Updated: )
Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon<br>implements the BGP (Border Gateway Protocol) routing protocol. The Quagga<br>ospfd and ospf6d daemons implement the OSPF (Open Shortest Path First)<br>routing protocol.<br>A heap-based buffer overflow flaw was found in the way the bgpd daemon<br>processed malformed Extended Communities path attributes. An attacker could<br>send a specially-crafted BGP message, causing bgpd on a target system to<br>crash or, possibly, execute arbitrary code with the privileges of the user<br>running bgpd. The UPDATE message would have to arrive from an explicitly<br>configured BGP peer, but could have originated elsewhere in the BGP<br>network. (CVE-2011-3327)<br>A NULL pointer dereference flaw was found in the way the bgpd daemon<br>processed malformed route Extended Communities attributes. A configured<br>BGP peer could crash bgpd on a target system via a specially-crafted BGP<br>message. (CVE-2010-1674)<br>A stack-based buffer overflow flaw was found in the way the ospf6d daemon<br>processed malformed Link State Update packets. An OSPF router could use<br>this flaw to crash ospf6d on an adjacent router. (CVE-2011-3323)<br>A flaw was found in the way the ospf6d daemon processed malformed link<br>state advertisements. An OSPF neighbor could use this flaw to crash<br>ospf6d on a target system. (CVE-2011-3324)<br>A flaw was found in the way the ospfd daemon processed malformed Hello<br>packets. An OSPF neighbor could use this flaw to crash ospfd on a<br>target system. (CVE-2011-3325)<br>A flaw was found in the way the ospfd daemon processed malformed link state<br>advertisements. An OSPF router in the autonomous system could use this flaw<br>to crash ospfd on a target system. (CVE-2011-3326)<br>An assertion failure was found in the way the ospfd daemon processed<br>certain Link State Update packets. An OSPF router could use this flaw to<br>cause ospfd on an adjacent router to abort. (CVE-2012-0249)<br>A buffer overflow flaw was found in the way the ospfd daemon processed<br>certain Link State Update packets. An OSPF router could use this flaw to<br>crash ospfd on an adjacent router. (CVE-2012-0250)<br>Red Hat would like to thank CERT-FI for reporting CVE-2011-3327,<br>CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326; and the<br>CERT/CC for reporting CVE-2012-0249 and CVE-2012-0250. CERT-FI acknowledges<br>Riku Hietamaki, Tuomo Untinen and Jukka Taimisto of the Codenomicon CROSS<br>project as the original reporters of CVE-2011-3327, CVE-2011-3323,<br>CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326. The CERT/CC acknowledges<br>Martin Winter at OpenSourceRouting.org as the original reporter of<br>CVE-2012-0249 and CVE-2012-0250.<br>Users of quagga should upgrade to these updated packages, which contain<br>backported patches to correct these issues. After installing the updated<br>packages, the bgpd, ospfd, and ospf6d daemons will be restarted<br>automatically.<br>
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/quagga | <0.98.6-7.el5_8.1 | 0.98.6-7.el5_8.1 |
redhat/quagga | <0.98.6-7.el5_8.1 | 0.98.6-7.el5_8.1 |
redhat/quagga-contrib | <0.98.6-7.el5_8.1 | 0.98.6-7.el5_8.1 |
redhat/quagga-debuginfo | <0.98.6-7.el5_8.1 | 0.98.6-7.el5_8.1 |
redhat/quagga-debuginfo | <0.98.6-7.el5_8.1 | 0.98.6-7.el5_8.1 |
redhat/quagga-devel | <0.98.6-7.el5_8.1 | 0.98.6-7.el5_8.1 |
redhat/quagga-devel | <0.98.6-7.el5_8.1 | 0.98.6-7.el5_8.1 |
redhat/quagga-contrib | <0.98.6-7.el5_8.1 | 0.98.6-7.el5_8.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.