| Revision Date: | 2014-06-23 | Version: | 20 |
| Title: | DSA-2316-1 quagga -- several |
| Description: | Riku Hietamaki, Tuomo Untinen and Jukka Taimisto discovered several vulnerabilities in Quagga, an Internet routing daemon: CVE-2011-3323 A stack-based buffer overflow while decoding Link State Update packets with a malformed Inter Area Prefix LSA can cause the ospf6d process to crash or execute arbitrary code. CVE-2011-3324 The ospf6d process can crash while processing a Database Description packet with a crafted Link-State-Advertisement. CVE-2011-3325 The ospfd process can crash while processing a crafted Hello packet. CVE-2011-3326 The ospfd process crashes while processing Link-State-Advertisements of a type not known to Quagga. CVE-2011-3327 A heap-based buffer overflow while processing BGP UPDATE messages containing an Extended Communities path attribute can cause the bgpd process to crash or execute arbitrary code. The OSPF-related vulnerabilities require that potential attackers send packets to a vulnerable Quagga router; the packets are not distributed over OSPF. In contrast, the BGP UPDATE messages could be propagated by some routers. |
| Family: | unix | Class: | patch |
| Status: | ACCEPTED | Reference(s): | CVE-2011-3323
CVE-2011-3324
CVE-2011-3325
CVE-2011-3326
CVE-2011-3327
DSA-2316-1
|
| Platform(s): | Debian GNU/kFreeBSD 6.0
Debian GNU/Linux 5.0
Debian GNU/Linux 6.0
| Product(s): | quagga
|
| Definition Synopsis |
| Release section Debian GNU/Linux 5.0 is installed
AND Installed architecture is all
AND quagga DPKG is earlier than 0.99.10-1lenny6
OR Release section
Debian 6.0 is installed
AND GNU/Linux or GNU/kFreeBSD kernel
Debian GNU/Linux is installed
OR Debian GNU/kFreeBSD is installed
AND Installed architecture is all
AND quagga DPKG is earlier than 0.99.17-2+squeeze3
|