what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2011-058

Mandriva Linux Security Advisory 2011-058
Posted Apr 1, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-058 - The extended-community parser in bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed Extended Communities attribute. bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service via a malformed AS_PATHLIMIT path attribute. Updated packages are available that bring Quagga to version 0.99.18 which provides numerous bugfixes over the previous 0.99.17 version, and also corrects these issues.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2010-1674, CVE-2010-1675
SHA-256 | d4c0f6cc4daa438fcc020c6831fdc5609a4890a1b60fb7729d8b61c7c0174599

Mandriva Linux Security Advisory 2011-058

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2011:058
http://www.mandriva.com/security/
_______________________________________________________________________

Package : quagga
Date : April 1, 2011
Affected: Corporate 4.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been identified and fixed in quagga:

The extended-community parser in bgpd in Quagga before 0.99.18 allows
remote attackers to cause a denial of service (NULL pointer dereference
and application crash) via a malformed Extended Communities attribute
(CVE-2010-1674).

bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial
of service (session reset) via a malformed AS_PATHLIMIT path attribute
(CVE-2010-1675).

Updated packages are available that bring Quagga to version 0.99.18
which provides numerous bugfixes over the previous 0.99.17 version,
and also corrects these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1674
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1675
_______________________________________________________________________

Updated Packages:

Corporate 4.0:
87b588dee68e7b87d505e9d3953a279c corporate/4.0/i586/libquagga0-0.99.18-0.1.20060mlcs4.i586.rpm
818e4b52aca03cb083aec7486630964c corporate/4.0/i586/libquagga0-devel-0.99.18-0.1.20060mlcs4.i586.rpm
fb9f8c521a536d0b92cb8f070a80ad83 corporate/4.0/i586/quagga-0.99.18-0.1.20060mlcs4.i586.rpm
b62e56494540a8dc9de806e59150d3f3 corporate/4.0/i586/quagga-contrib-0.99.18-0.1.20060mlcs4.i586.rpm
64b55fea4af3b02837266cc9e5162841 corporate/4.0/SRPMS/quagga-0.99.18-0.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
130cac8e86e6bb41e8139ea53fb5bd35 corporate/4.0/x86_64/lib64quagga0-0.99.18-0.1.20060mlcs4.x86_64.rpm
f7074a145d6742523470aadc450eeda2 corporate/4.0/x86_64/lib64quagga0-devel-0.99.18-0.1.20060mlcs4.x86_64.rpm
d9e5ac8f09fc897d1f2fa113c4801b79 corporate/4.0/x86_64/quagga-0.99.18-0.1.20060mlcs4.x86_64.rpm
1ca735918f1126b00b64e1433d2dc85d corporate/4.0/x86_64/quagga-contrib-0.99.18-0.1.20060mlcs4.x86_64.rpm
64b55fea4af3b02837266cc9e5162841 corporate/4.0/SRPMS/quagga-0.99.18-0.1.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFNlaQ7mqjQ0CJFipgRAriUAKDLNRGlMvPdbPkgp0Wd0pxGixIzWwCfc38Q
svx+sURyhhcmOWk06baNRFE=
=Ii2a
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    9 Files
  • 7
    Feb 7th
    33 Files
  • 8
    Feb 8th
    34 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close