RHSA-2012:1259: Moderate: quagga security update

First published: Wed Sep 12 2012(Updated: )

Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon<br>implements the BGP (Border Gateway Protocol) routing protocol. The Quagga<br>ospfd and ospf6d daemons implement the OSPF (Open Shortest Path First)<br>routing protocol.<br>A heap-based buffer overflow flaw was found in the way the bgpd daemon<br>processed malformed Extended Communities path attributes. An attacker could<br>send a specially-crafted BGP message, causing bgpd on a target system to<br>crash or, possibly, execute arbitrary code with the privileges of the user<br>running bgpd. The UPDATE message would have to arrive from an explicitly<br>configured BGP peer, but could have originated elsewhere in the BGP<br>network. (CVE-2011-3327)<br>A stack-based buffer overflow flaw was found in the way the ospf6d daemon<br>processed malformed Link State Update packets. An OSPF router could use<br>this flaw to crash ospf6d on an adjacent router. (CVE-2011-3323)<br>A flaw was found in the way the ospf6d daemon processed malformed link<br>state advertisements. An OSPF neighbor could use this flaw to crash<br>ospf6d on a target system. (CVE-2011-3324)<br>A flaw was found in the way the ospfd daemon processed malformed Hello<br>packets. An OSPF neighbor could use this flaw to crash ospfd on a<br>target system. (CVE-2011-3325)<br>A flaw was found in the way the ospfd daemon processed malformed link state<br>advertisements. An OSPF router in the autonomous system could use this flaw<br>to crash ospfd on a target system. (CVE-2011-3326)<br>An assertion failure was found in the way the ospfd daemon processed<br>certain Link State Update packets. An OSPF router could use this flaw to<br>cause ospfd on an adjacent router to abort. (CVE-2012-0249)<br>A buffer overflow flaw was found in the way the ospfd daemon processed<br>certain Link State Update packets. An OSPF router could use this flaw to<br>crash ospfd on an adjacent router. (CVE-2012-0250)<br>Two flaws were found in the way the bgpd daemon processed certain BGP OPEN<br>messages. A configured BGP peer could cause bgpd on a target system to<br>abort via a specially-crafted BGP OPEN message. (CVE-2012-0255,<br>CVE-2012-1820)<br>Red Hat would like to thank CERT-FI for reporting CVE-2011-3327,<br>CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326; and the<br>CERT/CC for reporting CVE-2012-0249, CVE-2012-0250, CVE-2012-0255, and<br>CVE-2012-1820. CERT-FI acknowledges Riku Hietamäki, Tuomo Untinen and Jukka<br>Taimisto of the Codenomicon CROSS project as the original reporters of<br>CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and<br>CVE-2011-3326. The CERT/CC acknowledges Martin Winter at<br>OpenSourceRouting.org as the original reporter of CVE-2012-0249,<br>CVE-2012-0250, and CVE-2012-0255, and Denis Ovsienko as the original<br>reporter of CVE-2012-1820.<br>Users of quagga should upgrade to these updated packages, which contain<br>backported patches to correct these issues. After installing the updated<br>packages, the bgpd, ospfd, and ospf6d daemons will be restarted<br>automatically.<br>

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/redhat-errata
• anchor-id/RHSA-2012:1259
• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type
• agent/weakness
• package-manager/redhat