Vulnerability Name:

CVE-2010-2948 (CCN-61680)

Assigned:2010-08-19
Published:2010-08-19
Updated:2023-02-13
Summary:Stack-based buffer overflow in the bgp_route_refresh_receive function in bgp_packet.c in bgpd in Quagga before 0.99.17 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a malformed Outbound Route Filtering (ORF) record in a BGP ROUTE-REFRESH (RR) message.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
4.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.4 Medium (REDHAT CVSS v2 Vector: AV:A/AC:M/Au:N/C:P/I:P/A:P)
4.0 Medium (REDHAT Temporal CVSS v2 Vector: AV:A/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Adjacent_Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-121
Vulnerability Consequences:Gain Access
References:Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: MITRE
Type: CNA
CVE-2010-2948

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: oss-security
CVE Request -- Quagga (bgpd) [two ids] -- 1, Stack buffer overflow by processing crafted Refresh-Route msgs 2, NULL ptr deref by parsing certain AS paths by BGP update request

Source: CCN
Type: RHSA-2010-0785
Moderate: quagga security update

Source: CCN
Type: RHSA-2010-0945
Moderate: quagga security update

Source: CCN
Type: SA41038
Quagga BGP Daemon Denial of Service and Buffer Overflow Vulnerabilities

Source: CCN
Type: SA42397
SUSE Update for Multiple Packages

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: SA54223
RuggedCom Rugged Operating System Multiple Vulnerabilities

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: DEBIAN
Type: DSA-2104
quagga -- several vulnerabilities

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: OSVDB ID: 67394
Quagga bgp_packet.c bgp_route_refresh_receive Function Route-Refresh Message ORF Record Overflow

Source: CCN
Type: Quagga Web site
Quagga Software Routing Suite

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: RuggedCom Web site
Rugged Operating system on LinuX (ROX) Release Notes v1.15.0

Source: CCN
Type: BID-42635
Quagga bgpd Route-Refresh Message Stack Buffer Overflow Vulnerability

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: Vendor Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: Vendor Advisory
secalert@redhat.com

Source: CCN
Type: Red Hat Bugzilla Bug 626783
CVE-2010-2948 Quagga (bgpd): Stack buffer overflow by processing certain Route-Refresh messages

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: XF
Type: UNKNOWN
quagga-bgpd-bo(61680)

Source: SUSE
Type: SUSE-SR:2010:022
SUSE Security Summary Report

Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*
    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*
    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*
    • Configuration RedHat 9:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*
    • Configuration RedHat 10:
  • cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*
    • Configuration RedHat 11:
  • cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*
    • Configuration RedHat 12:
  • cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:quagga:quagga:0.99.17:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:6:*:server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:6:*:workstation:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20102948
    V
    		CVE-2010-2948
    2022-05-20
    oval:org.opensuse.security:def:42432
    P
    		Security update for libeconf, shadow and util-linux (Moderate)
    2022-04-19
    oval:org.opensuse.security:def:31752
    P
    		Security update for MozillaFirefox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:31751
    P
    		Security update for java-1_8_0-ibm (Important) (in QA)
    2022-01-04
    oval:org.opensuse.security:def:42223
    P
    		Security update for glibc (Moderate)
    2021-12-08
    oval:org.opensuse.security:def:26178
    P
    		Security update for the Linux Kernel (Important)
    2021-12-02
    oval:org.opensuse.security:def:26176
    P
    		Security update for speex (Moderate)
    2021-12-01
    oval:org.opensuse.security:def:31709
    P
    		Security update for java-1_8_0-openjdk (Important)
    2021-11-23
    oval:org.opensuse.security:def:31295
    P
    		Security update for transfig (Important)
    2021-10-29
    oval:org.opensuse.security:def:26151
    P
    		Security update for python3 (Moderate)
    2021-10-20
    oval:org.opensuse.security:def:32206
    P
    		Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)
    2021-10-18
    oval:org.opensuse.security:def:32205
    P
    		Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)
    2021-10-18
    oval:org.opensuse.security:def:31283
    P
    		Security update for apache2 (Important)
    2021-10-06
    oval:org.opensuse.security:def:26142
    P
    		Security update for apache2 (Important)
    2021-10-06
    oval:org.opensuse.security:def:26119
    P
    		Security update for file (Important)
    2021-09-02
    oval:org.opensuse.security:def:26114
    P
    		Security update for openexr (Important)
    2021-09-02
    oval:org.opensuse.security:def:32988
    P
    		Security update for aspell (Important)
    2021-08-25
    oval:org.opensuse.security:def:26103
    P
    		Security update for the Linux Kernel (Important)
    2021-08-10
    oval:org.opensuse.security:def:26102
    P
    		Security update for php72 (Important)
    2021-08-06
    oval:org.opensuse.security:def:26098
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:32157
    P
    		Security update for qemu (Important)
    2021-07-29
    oval:org.opensuse.security:def:31650
    P
    		Security update for arpwatch (Important)
    2021-06-28
    oval:org.opensuse.security:def:32949
    P
    		Security update for webkit2gtk3 (Important)
    2021-06-17
    oval:org.opensuse.security:def:32118
    P
    		Security update for freeradius-server (Moderate)
    2021-06-11
    oval:org.opensuse.security:def:36285
    P
    		quagga-0.99.15-0.14.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:42692
    P
    		quagga-0.99.15-0.14.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:36553
    P
    		quagga-0.99.15-0.14.11 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:32103
    P
    		Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)
    2021-06-04
    oval:org.opensuse.security:def:32101
    P
    		Security update for libwebp (Critical)
    2021-06-02
    oval:org.opensuse.security:def:26038
    P
    		Security update for curl (Moderate)
    2021-04-28
    oval:org.opensuse.security:def:32059
    P
    		Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP3) (Important)
    2021-04-07
    oval:org.opensuse.security:def:32061
    P
    		Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP3) (Important)
    2021-04-07
    oval:org.opensuse.security:def:31369
    P
    		Security update for MozillaFirefox (Important)
    2021-03-31
    oval:org.opensuse.security:def:26204
    P
    		Security update for freeradius-server (Low)
    2021-03-04
    oval:org.opensuse.security:def:32267
    P
    		Security update for grub2 (Important)
    2021-03-02
    oval:org.opensuse.security:def:31737
    P
    		Security update for python-cryptography (Important)
    2021-03-02
    oval:org.opensuse.security:def:32245
    P
    		Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)
    2021-02-10
    oval:org.opensuse.security:def:31284
    P
    		Security update for python3 (Important)
    2021-02-08
    oval:org.opensuse.security:def:26084
    P
    		Security update for postgresql, postgresql12, postgresql13 (Important)
    2021-01-26
    oval:org.opensuse.security:def:26045
    P
    		Security update for gimp (Moderate)
    2021-01-04
    oval:org.opensuse.security:def:35816
    P
    		quagga-0.99.15-0.6.2 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:36025
    P
    		quagga-0.99.15-0.12.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:27551
    P
    		quagga on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25916
    P
    		Security update for flash-player (Important)
    2020-12-01
    oval:org.opensuse.security:def:25859
    P
    		Security update for flash-player (Important)
    2020-12-01
    oval:org.opensuse.security:def:27516
    P
    		mozilla-nspr-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25778
    P
    		Security update for mariadb (Important)
    2020-12-01
    oval:org.opensuse.security:def:26878
    P
    		curl on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25650
    P
    		Security update for SDL (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31945
    P
    		Security update for gnutls (Important)
    2020-12-01
    oval:org.opensuse.security:def:26834
    P
    		tomcat6 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25586
    P
    		Security update for libvirt (Important)
    2020-12-01
    oval:org.opensuse.security:def:31858
    P
    		Security update for cups (Important)
    2020-12-01
    oval:org.opensuse.security:def:26552
    P
    		g3utils on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26815
    P
    		quagga on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25575
    P
    		Security update for libX11 (Important)
    2020-12-01
    oval:org.opensuse.security:def:31801
    P
    		security update for xen (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26513
    P
    		Security update for chromium (Important)
    2020-12-01
    oval:org.opensuse.security:def:25574
    P
    		Security update for MozillaFirefox (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26464
    P
    		Security update for enigmail (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26780
    P
    		lvm2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31577
    P
    		Security update for sudo (Important)
    2020-12-01
    oval:org.opensuse.security:def:26411
    P
    		Security update for go (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31503
    P
    		Security update for python27 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26260
    P
    		Security update for Mesa (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32505
    P
    		enscript on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32780
    P
    		quagga on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31492
    P
    		Security update for Python
    2020-12-01
    oval:org.opensuse.security:def:32466
    P
    		Security update for xorg-x11-libs (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31491
    P
    		Security update for Python
    2020-12-01
    oval:org.opensuse.security:def:32417
    P
    		Security update for wireshark (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32741
    P
    		libzip1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32361
    P
    		Security update for strongswan (Important)
    2020-12-01
    oval:org.opensuse.security:def:25910
    P
    		Security update for gstreamer-0_10-plugins-base (Low)
    2020-12-01
    oval:org.opensuse.security:def:25846
    P
    		Security update for gd (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26820
    P
    		squid on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27023
    P
    		quagga on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25835
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:26781
    P
    		mailman on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25834
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:31969
    P
    		Security update for ipsec-tools (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26732
    P
    		kvm on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26988
    P
    		mailman on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31837
    P
    		Security update for bind (Important)
    2020-12-01
    oval:org.opensuse.security:def:26679
    P
    		cron on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26350
    P
    		Security update for ansible (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31763
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:26528
    P
    		bzip2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26444
    P
    		Security update for mumble (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26387
    P
    		Security update for ffmpeg (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26306
    P
    		Security update for python-Jinja2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25996
    P
    		Security update for libvirt (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32311
    P
    		Security update for quagga (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25943
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:25792
    P
    		Security update for libvirt (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32037
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:27283
    P
    		quagga on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25708
    P
    		Security update for mariadb-100 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31998
    P
    		Security update for jpeg (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25651
    P
    		Security update for libvirt (Important)
    2020-12-01
    oval:org.opensuse.security:def:31949
    P
    		Security update for grub2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:27248
    P
    		nfs-client on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25570
    P
    		Security update for mailman (Important)
    2020-12-01
    oval:org.opensuse.security:def:31893
    P
    		Security update for expat (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26610
    P
    		log4net on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25442
    P
    		Security update for libcaca (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26566
    P
    		ipsec-tools on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33248
    P
    		quagga on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25378
    P
    		Security update for xorg-x11-server (Important)
    2020-12-01
    oval:org.opensuse.security:def:26292
    P
    		Security update for the Linux Kernel (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25367
    P
    		Security update for MozillaFirefox (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31593
    P
    		Security update for tiff (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26253
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:33209
    P
    		mutt on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25366
    P
    		Security update for ghostscript (Important)
    2020-12-01
    oval:org.opensuse.security:def:31501
    P
    		Security update for python-pycrypto (Important)
    2020-12-01
    oval:org.opensuse.security:def:32571
    P
    		libvirt on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32527
    P
    		gtk2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26000
    P
    		Security update for ImageMagick (Moderate)
    2020-12-01
    oval:org.mitre.oval:def:13326
    P
    		USN-1027-1 -- quagga vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:12727
    P
    		DSA-2104-1 quagga -- several
    2014-06-23
    oval:org.mitre.oval:def:22922
    P
    		ELSA-2010:0785: quagga security update (Moderate)
    2014-05-26
    oval:org.mitre.oval:def:22969
    P
    		ELSA-2010:0945: quagga security update (Moderate)
    2014-05-26
    oval:org.mitre.oval:def:21737
    P
    		RHSA-2010:0945: quagga security update (Moderate)
    2014-02-24
    oval:org.mitre.oval:def:22296
    P
    		RHSA-2010:0785: quagga security update (Moderate)
    2014-02-24
    oval:com.redhat.rhsa:def:20100945
    P
    		RHSA-2010:0945: quagga security update (Moderate)
    2010-12-06
    oval:com.redhat.rhsa:def:20100785
    P
    		RHSA-2010:0785: quagga security update (Moderate)
    2010-10-20
    oval:org.debian:def:2104
    V
    		several vulnerabilities
    2010-09-06
    BACK
    quagga quagga 0.99.17
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    redhat enterprise linux 5
    redhat enterprise linux 5
    redhat enterprise linux 5
    debian debian linux 5.0
    redhat enterprise linux 6
    redhat enterprise linux 6