[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

ELSA-2017-0794 -- Oracle quagga

ID: oval:org.secpod.oval:def:1501803Date: (C)2017-03-31   (M)2023-11-10
Class: PATCHFamily: unix




The quagga packages contain Quagga, the free network-routing software suite that manages TCP/IP based protocols. Quagga supports the BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng protocols, and is intended to be used as a Route Server and Route Reflector. Security Fix: * A stack-based buffer overflow flaw was found in the way Quagga handled IPv6 router advertisement messages. A remote attacker could use this flaw to crash the zebra daemon resulting in denial of service. * A stack-based buffer overflow flaw was found in the way the Quagga BGP routing daemon handled Labeled-VPN SAFI routes data. A remote attacker could use this flaw to crash the bgpd daemon resulting in denial of service. * A denial of service flaw was found in the Quagga BGP routing daemon . Under certain circumstances, a remote attacker could send a crafted packet to crash the bgpd daemon resulting in denial of service. * A denial of service flaw affecting various daemons in Quagga was found. A remote attacker could use this flaw to cause the various Quagga daemons, which expose their telnet interface, to crash. * A stack-based buffer overflow flaw was found in the way the Quagga OSPFD daemon handled LSA packets. A remote attacker could use this flaw to crash the ospfd daemon resulting in denial of service.

Platform:
Oracle Linux 6
Product:
quagga
Reference:
ELSA-2017-0794
CVE-2013-2236
CVE-2016-2342
CVE-2017-5495
CVE-2016-1245
CVE-2016-4049
CVE    5
CVE-2016-1245
CVE-2016-2342
CVE-2016-4049
CVE-2013-2236
...
CPE    5
cpe:/a:quagga:quagga:0.99.24
cpe:/a:quagga:quagga:0.99.22
cpe:/a:quagga:quagga:0.99.22.1
cpe:/a:quagga:quagga
...

© SecPod Technologies