Download
| Alert*
oval:org.secpod.oval:def:1601252
Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service via a Link State Update packet containing a network-LSA link-state advertisement for which the data-structure length is smaller than the value in the Length header ... oval:org.secpod.oval:def:700859 quagga: BGP/OSPF/RIP routing daemon Quagga could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:701044 quagga: BGP/OSPF/RIP routing daemon Quagga could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:1601307 The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering capability TLV in an OPEN message. oval:org.secpod.oval:def:89045159 This update for quagga fixes one security issue: - bsc#770619: Disallow unprivileged users to enter config directory /etc/quagga and read configuration files installed there . oval:org.secpod.oval:def:2000572 Open Shortest Path First protocol implementations may improperly determine Link State Advertisement recency for LSAs with MaxSequenceNumber. According to RFC 2328 section 13.1, for two instances of the same LSA, recency is determined by first comparing sequence numbers, then checksums, and finally ... oval:org.secpod.oval:def:89045296 This update for quagga fixes the following issues: - CVE-2016-1245: Fix for a zebra stack overrun in IPv6 RA receive code . oval:org.secpod.oval:def:33739 quagga: BGP/OSPF/RIP routing daemon Quagga could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:89045285 This update for quagga fixes the following security issue: - CVE-2016-2342: Quagga was extended the prefixlen check to ensure it is within the bound of the NLRI packet data and the on-stack prefix structure and the maximum size for the address family . oval:org.secpod.oval:def:89045318 This update for quagga fixes the following issue: Security issue fixed: - CVE-2016-4049: Fix for a buffer overflow error in bgp_dump_routes_func oval:org.secpod.oval:def:1800370 quagga is installed oval:org.secpod.oval:def:1600840 Infinite loop issue triggered by invalid OPEN message allows denial-of-serviceAn infinite loop vulnerability was discovered in Quagga. A BGP peer could send specially crafted packets that would cause the daemon to enter an infinite loop, denying service and consuming CPU until it is restarted.Double ... oval:org.secpod.oval:def:1800816 The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message. oval:org.secpod.oval:def:600552 It has been discovered that the Quagga routing daemon contains two denial-of-service vulnerabilities in its BGP implementation: CVE-2010-1674 A crafted Extended Communities attribute triggers a null pointer dereference which causes the BGP daemon to crash. The crafted attributes are not propagated b ... oval:org.secpod.oval:def:703037 quagga: BGP/OSPF/RIP routing daemon Quagga could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:600795 The recent quagga update, DSA-2459-1, introduced a memory leak in the bgpd process in some configurations. oval:org.secpod.oval:def:600835 It was discovered that Quagga, a routing daemon, contains a vulnerability in processing the ORF capability in BGP OPEN messages. A malformed OPEN message from a previously configured BGP peer could cause bgpd to crash, causing a denial of service. oval:org.secpod.oval:def:89044895 This update provides Quagga 1.1.1, which brings several fixes and enhancements. Security issues fixed: - CVE-2017-5495: Telnet "vty" interface DoS due to unbounded memory allocation. - CVE-2016-1245: Stack overrun in IPv6 RA receive code. Bug fixes: - Do not enable zebra"s TCP interface to use de ... oval:org.secpod.oval:def:703874 quagga: BGP/OSPF/RIP routing daemon Several security issues were fixed in Quagga. oval:org.secpod.oval:def:600788 Several vulnerabilities have been discovered in Quagga, a routing daemon. CVE-2012-0249 A buffer overflow in the ospf_ls_upd_list_lsa function in the OSPFv2 implementation allows remote attackers to cause a denial of service via a Link State Update packet that is smaller than the length specified ... oval:org.secpod.oval:def:601157 Multiple vulnerabilities were discovered in Quagga, a BGP/OSPF/RIP routing daemon: CVE-2013-2236 A buffer overflow was found in the OSPF API-server . CVE-2013-6051 bgpd could be crashed through BGP updates. This only affects Wheezy/stable. oval:org.secpod.oval:def:89002283 This update for quagga fixes the following issues: - The Quagga BGP daemon contained a bug in the AS_PATH size calculation that could have been exploited to facilitate a remote denial-of-service attack via specially crafted BGP UPDATE messages. [CVE-2017-16227, bsc#1065641] - The Quagga BGP daemon d ... oval:org.secpod.oval:def:204760 The quagga packages contain Quagga, the free network-routing software suite that manages TCP/IP based protocols. Quagga supports the BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng protocols, and is intended to be used as a Route Server and Route Reflector. Security Fix: * quagga: Double free v ... oval:org.secpod.oval:def:701981 quagga is installed oval:org.secpod.oval:def:203138 quagga is installed oval:org.secpod.oval:def:201770 Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP routing protocol. A stack-based buffer overflow flaw was found in the way the Quagga bgpd daemon processed certain BGP Route Refresh messages. A configured BGP peer could send a specially-crafted BGP message ... oval:org.secpod.oval:def:201830 Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP routing protocol. A stack-based buffer overflow flaw was found in the way the Quagga bgpd daemon processed certain BGP Route Refresh messages. A configured BGP peer could send a specially-crafted BGP message ... oval:org.secpod.oval:def:111570 Quagga is free software that operates TCP/IP-based routing protocols. It takes a multi-server and multi-threaded approach to resolving the current complexity of the Internet. Quagga supports Babel, BGP4, BGP4+, BGP4-, IS-IS , OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng. Quagga is intended to be used as ... oval:org.secpod.oval:def:111576 Quagga is free software that operates TCP/IP-based routing protocols. It takes a multi-server and multi-threaded approach to resolving the current complexity of the Internet. Quagga supports Babel, BGP4, BGP4+, BGP4-, IS-IS , OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng. Quagga is intended to be used as ... oval:org.secpod.oval:def:204692 The quagga packages contain Quagga, the free network-routing software suite that manages TCP/IP based protocols. Quagga supports the BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng protocols, and is intended to be used as a Route Server and Route Reflector. Security Fix: * A stack-based buffer ... oval:org.secpod.oval:def:600632 Riku Hietamaki, Tuomo Untinen and Jukka Taimisto discovered several vulnerabilities in Quagga, an Internet routing daemon: CVE-2011-3323 A stack-based buffer overflow while decoding Link State Update packets with a malformed Inter Area Prefix LSA can cause the ospf6d process to crash or execute arb ... oval:org.secpod.oval:def:500884 Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP routing protocol. The Quagga ospfd and ospf6d daemons implement the OSPF routing protocol. A heap-based buffer overflow flaw was found in the way the bgpd daemon processed malformed Extended Communities path ... oval:org.secpod.oval:def:500885 Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP routing protocol. The Quagga ospfd and ospf6d daemons implement the OSPF routing protocol. A heap-based buffer overflow flaw was found in the way the bgpd daemon processed malformed Extended Communities path ... oval:org.secpod.oval:def:500094 Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP routing protocol. A denial of service flaw was found in the way the Quagga bgpd daemon processed certain route metrics information. A BGP message with a specially-crafted path limit attribute would cause the ... oval:org.secpod.oval:def:1503255 Updated quagga packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available fo ... oval:org.secpod.oval:def:202442 Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP routing protocol. The Quagga ospfd and ospf6d daemons implement the OSPF routing protocol. A heap-based buffer overflow flaw was found in the way the bgpd daemon processed malformed Extended Communities path ... oval:org.secpod.oval:def:202440 Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP routing protocol. The Quagga ospfd and ospf6d daemons implement the OSPF routing protocol. A heap-based buffer overflow flaw was found in the way the bgpd daemon processed malformed Extended Communities path ... oval:org.secpod.oval:def:500434 Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP routing protocol. A stack-based buffer overflow flaw was found in the way the Quagga bgpd daemon processed certain BGP Route Refresh messages. A configured BGP peer could send a specially-crafted BGP message ... oval:org.secpod.oval:def:1503528 Updated quagga packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available fo ... oval:org.secpod.oval:def:500298 Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP routing protocol. A stack-based buffer overflow flaw was found in the way the Quagga bgpd daemon processed certain BGP Route Refresh messages. A configured BGP peer could send a specially-crafted BGP message ... oval:org.secpod.oval:def:1600143 The bgp_attr_unknown function in bgp_attr.c in Quagga 0.99.21 does not properly initialize the total variable, which allows remote attackers to cause a denial of service via a crafted BGP update. oval:org.secpod.oval:def:1501803 The quagga packages contain Quagga, the free network-routing software suite that manages TCP/IP based protocols. Quagga supports the BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng protocols, and is intended to be used as a Route Server and Route Reflector. Security Fix: * A stack-based buffer ... oval:org.secpod.oval:def:52745 quagga: BGP/OSPF/RIP routing daemon Quagga could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:1800429 The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitrary code or cause a ... oval:org.secpod.oval:def:602438 Kostya Kortchinsky discovered a stack-based buffer overflow vulnerability in the VPNv4 NLRI parser in bgpd in quagga, a BGP/OSPF/RIP routing daemon. A remote attacker can exploit this flaw to cause a denial of service , or potentially, execution of arbitrary code, if bgpd is configured with BGP peer ... oval:org.secpod.oval:def:501999 The quagga packages contain Quagga, the free network-routing software suite that manages TCP/IP based protocols. Quagga supports the BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng protocols, and is intended to be used as a Route Server and Route Reflector. Security Fix: * A stack-based buffer ... oval:org.secpod.oval:def:53166 It was discovered that the bgpd daemon in the Quagga routing suite does not properly calculate the length of multi-segment AS_PATH UPDATE messages, causing bgpd to drop a session and potentially resulting in loss of network connectivity. oval:org.secpod.oval:def:51530 quagga: BGP/OSPF/RIP routing daemon Several security issues were fixed in Quagga. oval:org.secpod.oval:def:603143 It was discovered that the bgpd daemon in the Quagga routing suite does not properly calculate the length of multi-segment AS_PATH UPDATE messages, causing bgpd to drop a session and potentially resulting in loss of network connectivity. oval:org.secpod.oval:def:113501 Quagga is free software that operates TCP/IP-based routing protocols. It takes a multi-server and multi-threaded approach to resolving the current complexity of the Internet. Quagga supports Babel, BGP4, BGP4+, BGP4-, IS-IS , OSPFv2, OSPFv3, RIPv1, RIPv2, RIPng, PIM-SSM and NHRP. Quagga is intended ... oval:org.secpod.oval:def:113578 Quagga is free software that operates TCP/IP-based routing protocols. It takes a multi-server and multi-threaded approach to resolving the current complexity of the Internet. Quagga supports Babel, BGP4, BGP4+, BGP4-, IS-IS , OSPFv2, OSPFv3, RIPv1, RIPv2, RIPng, PIM-SSM and NHRP. Quagga is intended ... oval:org.secpod.oval:def:112002 Quagga is free software that operates TCP/IP-based routing protocols. It takes a multi-server and multi-threaded approach to resolving the current complexity of the Internet. Quagga supports Babel, BGP4, BGP4+, BGP4-, IS-IS , OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng. Quagga is intended to be used as ... oval:org.secpod.oval:def:112082 Quagga is free software that operates TCP/IP-based routing protocols. It takes a multi-server and multi-threaded approach to resolving the current complexity of the Internet. Quagga supports Babel, BGP4, BGP4+, BGP4-, IS-IS , OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng. Quagga is intended to be used as ... oval:org.secpod.oval:def:1800369 The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message. oval:org.secpod.oval:def:1800405 The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message. oval:org.secpod.oval:def:703312 quagga: BGP/OSPF/RIP routing daemon Several security issues were fixed in Quagga. oval:org.secpod.oval:def:51654 quagga: BGP/OSPF/RIP routing daemon Quagga could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:602646 It was discovered that the zebra daemon in the Quagga routing suite suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. oval:org.secpod.oval:def:602595 Two vulnerabilities were discovered in quagga, a BGP/OSPF/RIP routing daemon. CVE-2016-4036 Tamás Németh discovered that sensitive configuration files in /etc/quagga were world-readable despite containing sensitive information. CVE-2016-4049 Evgeny Uskov discovered that a bgpd instance han ... oval:org.secpod.oval:def:51648 quagga: BGP/OSPF/RIP routing daemon Several security issues were fixed in Quagga. oval:org.secpod.oval:def:703329 quagga: BGP/OSPF/RIP routing daemon Quagga could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:1502141 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:44095 quagga: BGP/OSPF/RIP routing daemon Several security issues were fixed in Quagga. oval:org.secpod.oval:def:114082 Quagga is free software that operates TCP/IP-based routing protocols. It takes a multi-server and multi-threaded approach to resolving the current complexity of the Internet. Quagga supports Babel, BGP4, BGP4+, BGP4-, IS-IS , OSPFv2, OSPFv3, RIPv1, RIPv2, RIPng, PIM-SSM and NHRP. Quagga is intended ... oval:org.secpod.oval:def:53253 Several vulnerabilities have been discovered in Quagga, a routing daemon. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-5378 It was discovered that the Quagga BGP daemon, bgpd, does not properly bounds check data sent with a NOTIFY to a peer, if an attrib ... oval:org.secpod.oval:def:114077 Quagga is free software that operates TCP/IP-based routing protocols. It takes a multi-server and multi-threaded approach to resolving the current complexity of the Internet. Quagga supports Babel, BGP4, BGP4+, BGP4-, IS-IS , OSPFv2, OSPFv3, RIPv1, RIPv2, RIPng, PIM-SSM and NHRP. Quagga is intended ... oval:org.secpod.oval:def:703986 quagga: BGP/OSPF/RIP routing daemon Several security issues were fixed in Quagga. oval:org.secpod.oval:def:51995 quagga: BGP/OSPF/RIP routing daemon Several security issues were fixed in Quagga. oval:org.secpod.oval:def:502237 The quagga packages contain Quagga, the free network-routing software suite that manages TCP/IP based protocols. Quagga supports the BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng protocols, and is intended to be used as a Route Server and Route Reflector. Security Fix: * quagga: Double free v ... oval:org.secpod.oval:def:603272 Several vulnerabilities have been discovered in Quagga, a routing daemon. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-5378 It was discovered that the Quagga BGP daemon, bgpd, does not properly bounds check data sent with a NOTIFY to a peer, if an attrib ... oval:org.secpod.oval:def:708588 quagga: BGP/OSPF/RIP routing daemon Quagga could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:96444 quagga: BGP/OSPF/RIP routing daemon Quagga could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:97597 [CLSA-2022:1643112395] Fixed CVE-2021-44038 in quagga oval:org.secpod.oval:def:89049577 This update for quagga fixes the following issues: * CVE-2023-38802: Fixed bad length handling in BGP attribute handling . * CVE-2023-41358: Fixed possible crash when processing NLRIs if the attribute length is zero . oval:org.secpod.oval:def:97759 [CLSA-2023:1697817200] quagga: Fix of 2 CVEs oval:org.secpod.oval:def:95059 quagga: BGP/OSPF/RIP routing daemon Several security issues were fixed in Quagga. oval:org.secpod.oval:def:89049591 This update for quagga fixes the following issues: * CVE-2023-38802: Fixed bad length handling in BGP attribute handling . * CVE-2023-41358: Fixed possible crash when processing NLRIs if the attribute length is zero . |