ELSA-2017-0794 -- Oracle quaggaID: oval:org.secpod.oval:def:1501803 | Date: (C)2017-03-31 (M)2023-11-10 |
Class: PATCH | Family: unix |
The quagga packages contain Quagga, the free network-routing software suite that manages TCP/IP based protocols. Quagga supports the BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng protocols, and is intended to be used as a Route Server and Route Reflector. Security Fix: * A stack-based buffer overflow flaw was found in the way Quagga handled IPv6 router advertisement messages. A remote attacker could use this flaw to crash the zebra daemon resulting in denial of service. * A stack-based buffer overflow flaw was found in the way the Quagga BGP routing daemon handled Labeled-VPN SAFI routes data. A remote attacker could use this flaw to crash the bgpd daemon resulting in denial of service. * A denial of service flaw was found in the Quagga BGP routing daemon . Under certain circumstances, a remote attacker could send a crafted packet to crash the bgpd daemon resulting in denial of service. * A denial of service flaw affecting various daemons in Quagga was found. A remote attacker could use this flaw to cause the various Quagga daemons, which expose their telnet interface, to crash. * A stack-based buffer overflow flaw was found in the way the Quagga OSPFD daemon handled LSA packets. A remote attacker could use this flaw to crash the ospfd daemon resulting in denial of service.