Vulnerability Name:

CVE-2011-3326 (CCN-70109)

Assigned:2011-09-26
Published:2011-09-26
Updated:2018-01-06
Summary:The ospf_flood function in ospf_flood.c in ospfd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) via an invalid Link State Advertisement (LSA) type in an IPv4 Link State Update message.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
2.9 Low (REDHAT CVSS v2 Vector: AV:A/AC:M/Au:N/C:N/I:N/A:P)
2.1 Low (REDHAT Temporal CVSS v2 Vector: AV:A/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Adjacent_Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-399
Vulnerability Consequences:Denial of Service
References:Source: CONFIRM
Type: Patch
http://code.quagga.net/?p=quagga.git;a=commit;h=6b161fc12a15aba8824c84d1eb38e529aaf70769

Source: MITRE
Type: CNA
CVE-2011-3326

Source: SUSE
Type: UNKNOWN
SUSE-SU-2011:1075

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2011:1155

Source: SUSE
Type: UNKNOWN
SUSE-SU-2011:1171

Source: SUSE
Type: UNKNOWN
SUSE-SU-2011:1316

Source: CCN
Type: RHSA-2012-1258
Moderate: quagga security update

Source: REDHAT
Type: UNKNOWN
RHSA-2012:1258

Source: CCN
Type: RHSA-2012-1259
Moderate: quagga security update

Source: REDHAT
Type: UNKNOWN
RHSA-2012:1259

Source: CCN
Type: SA46139
Quagga Multiple Denial of Service Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
46139

Source: SECUNIA
Type: UNKNOWN
46274

Source: SECUNIA
Type: UNKNOWN
48106

Source: GENTOO
Type: UNKNOWN
GLSA-201202-02

Source: DEBIAN
Type: UNKNOWN
DSA-2316

Source: DEBIAN
Type: DSA-2316
quagga -- several vulnerabilities

Source: CCN
Type: US-CERT VU#668534
Multiple Quagga remote component vulnerabilities

Source: CERT-VN
Type: US Government Resource
VU#668534

Source: CCN
Type: OSVDB ID: 75731
Quagga ospfd Link State Advertisement (LSA) Link State Update Message Parsing Remote IPv4 DoS

Source: CONFIRM
Type: UNKNOWN
http://www.quagga.net/download/quagga-0.99.19.changelog.txt

Source: CCN
Type: Quagga Web site
Quagga 0.99.19 Released

Source: CCN
Type: BID-49784
Quagga Multiple Remote Security Vulnerabilities

Source: XF
Type: UNKNOWN
quagga-ospfd-lsa-dos(70109)

Source: MISC
Type: UNKNOWN
https://www.cert.fi/en/reports/2011/vulnerability539178.html

Vulnerable Configuration:Configuration 1:
  • cpe:/a:quagga:quagga:0.95:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.96:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.96.1:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.96.2:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.96.3:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.96.4:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.96.5:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.97.0:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.97.1:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.97.2:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.97.3:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.97.4:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.97.5:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.98.0:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.98.1:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.98.2:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.98.3:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.98.4:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.98.5:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.98.6:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.99.1:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.99.2:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.99.3:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.99.4:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.99.5:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.99.6:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.99.7:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.99.8:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.99.9:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.99.10:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.99.11:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.99.12:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.99.13:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.99.14:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.99.15:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.99.16:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.99.17:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:*:*:*:*:*:*:*:* (Version <= 0.99.18)

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:quagga:quagga:0.98.5:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.99.3:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.98.3:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.99.11:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.99.16:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.99.17:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.99.4:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.99.5:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.99.6:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.99.7:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.99.8:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.99.9:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.98.6:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.99.1:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.99.15:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.99.2:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.96.2:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.96.3:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.96.4:*:*:*:*:*:*:*
  • OR cpe:/a:quagga:quagga:0.97.3:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:6:*:server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:6:*:workstation:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20113326
    V
    		CVE-2011-3326
    2022-05-20
    oval:org.mitre.oval:def:15222
    P
    		USN-1261-1 -- Quagga vulnerabilities
    2014-07-07
    oval:org.mitre.oval:def:15155
    P
    		DSA-2316-1 quagga -- several
    2014-06-23
    oval:org.mitre.oval:def:23882
    P
    		ELSA-2012:1259: quagga security update (Moderate)
    2014-05-26
    oval:org.mitre.oval:def:23395
    P
    		ELSA-2012:1258: quagga security update (Moderate)
    2014-05-26
    oval:org.mitre.oval:def:21278
    P
    		RHSA-2012:1259: quagga security update (Moderate)
    2014-02-24
    oval:org.mitre.oval:def:21326
    P
    		RHSA-2012:1258: quagga security update (Moderate)
    2014-02-24
    oval:com.redhat.rhsa:def:20121258
    P
    		RHSA-2012:1258: quagga security update (Moderate)
    2012-09-12
    oval:com.redhat.rhsa:def:20121259
    P
    		RHSA-2012:1259: quagga security update (Moderate)
    2012-09-12
    BACK
    quagga quagga 0.95
    quagga quagga 0.96
    quagga quagga 0.96.1
    quagga quagga 0.96.2
    quagga quagga 0.96.3
    quagga quagga 0.96.4
    quagga quagga 0.96.5
    quagga quagga 0.97.0
    quagga quagga 0.97.1
    quagga quagga 0.97.2
    quagga quagga 0.97.3
    quagga quagga 0.97.4
    quagga quagga 0.97.5
    quagga quagga 0.98.0
    quagga quagga 0.98.1
    quagga quagga 0.98.2
    quagga quagga 0.98.3
    quagga quagga 0.98.4
    quagga quagga 0.98.5
    quagga quagga 0.98.6
    quagga quagga 0.99.1
    quagga quagga 0.99.2
    quagga quagga 0.99.3
    quagga quagga 0.99.4
    quagga quagga 0.99.5
    quagga quagga 0.99.6
    quagga quagga 0.99.7
    quagga quagga 0.99.8
    quagga quagga 0.99.9
    quagga quagga 0.99.10
    quagga quagga 0.99.11
    quagga quagga 0.99.12
    quagga quagga 0.99.13
    quagga quagga 0.99.14
    quagga quagga 0.99.15
    quagga quagga 0.99.16
    quagga quagga 0.99.17
    quagga quagga *
    quagga quagga 0.98.5
    quagga quagga 0.99.3
    quagga quagga 0.98.3
    quagga quagga 0.99.11
    quagga quagga 0.99.16
    quagga quagga 0.99.17
    quagga quagga 0.99.4
    quagga quagga 0.99.5
    quagga quagga 0.99.6
    quagga quagga 0.99.7
    quagga quagga 0.99.8
    quagga quagga 0.99.9
    quagga quagga 0.98.6
    quagga quagga 0.99.1
    quagga quagga 0.99.15
    quagga quagga 0.99.2
    quagga quagga 0.96.2
    quagga quagga 0.96.3
    quagga quagga 0.96.4
    quagga quagga 0.97.3
    redhat enterprise linux 5
    redhat enterprise linux 5
    redhat enterprise linux 5
    redhat enterprise linux 6
    redhat enterprise linux 6