what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2011-3324

Status Candidate

Overview

The ospf6_lsa_is_changed function in ospf6_lsa.c in the OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via trailing zero values in the Link State Advertisement (LSA) header list of an IPv6 Database Description message.

Related Files

Red Hat Security Advisory 2012-1259-01
Posted Sep 12, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1259-01 - Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP routing protocol. The Quagga ospfd and ospf6d daemons implement the OSPF routing protocol. A heap-based buffer overflow flaw was found in the way the bgpd daemon processed malformed Extended Communities path attributes. An attacker could send a specially-crafted BGP message, causing bgpd on a target system to crash or, possibly, execute arbitrary code with the privileges of the user running bgpd. The UPDATE message would have to arrive from an explicitly configured BGP peer, but could have originated elsewhere in the BGP network.

tags | advisory, overflow, arbitrary, tcp, protocol
systems | linux, redhat
advisories | CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, CVE-2011-3326, CVE-2011-3327, CVE-2012-0249, CVE-2012-0250, CVE-2012-0255, CVE-2012-1820
SHA-256 | 37b20bb55b5cac2a78ef3d512a2dcd040a9fa6e30e2802150f11501eda2c1742
Red Hat Security Advisory 2012-1258-01
Posted Sep 12, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1258-01 - Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP routing protocol. The Quagga ospfd and ospf6d daemons implement the OSPF routing protocol. A heap-based buffer overflow flaw was found in the way the bgpd daemon processed malformed Extended Communities path attributes. An attacker could send a specially-crafted BGP message, causing bgpd on a target system to crash or, possibly, execute arbitrary code with the privileges of the user running bgpd. The UPDATE message would have to arrive from an explicitly configured BGP peer, but could have originated elsewhere in the BGP network.

tags | advisory, overflow, arbitrary, tcp, protocol
systems | linux, redhat
advisories | CVE-2010-1674, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, CVE-2011-3326, CVE-2011-3327, CVE-2012-0249, CVE-2012-0250
SHA-256 | e7c3357cb6c8f7846df113bcf13f4689158037c3437cb2228958e385d53137be
Gentoo Linux Security Advisory 201202-02
Posted Feb 22, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201202-2 - Multiple vulnerabilities were found in Quagga, the worst of which leading to remote execution of arbitrary code. Versions less than 0.99.20 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2010-1674, CVE-2010-1675, CVE-2010-2948, CVE-2010-2949, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, CVE-2011-3326, CVE-2011-3327
SHA-256 | b8876c9ae50f95f261a5d9e36d175f49669c64dc3f0cceabc82a13bd6ce2da34
Ubuntu Security Notice USN-1261-1
Posted Nov 15, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1261-1 - Riku Hietamaki, Tuomo Untinen and Jukka Taimisto discovered that Quagga incorrectly handled Link State Update messages with invalid lengths. A remote attacker could use this flaw to cause Quagga to crash, resulting in a denial of service. Riku Hietamaki, Tuomo Untinen and Jukka Taimisto discovered that Quagga incorrectly handled certain IPv6 Database Description messages. A remote attacker could use this flaw to cause Quagga to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, CVE-2011-3326, CVE-2011-3327
SHA-256 | cc237894f9fe5dc28a82da6bb1a9a41d11c6b4d9e54b5633e6166b3666d5a430
Debian Security Advisory 2316-1
Posted Oct 5, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2316-1 - Riku Hietamaki, Tuomo Untinen and Jukka Taimisto discovered several vulnerabilities in Quagga, an Internet routing daemon.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, CVE-2011-3326, CVE-2011-3327
SHA-256 | 226eeb090aa5146956e6b044b5a8e27c4ae8962d7002eb3d05759fccd255ed83
Page 1 of 1
Back1Next

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    0 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close