what you don't know can hurt you
Showing 1 - 4 of 4 RSS Feed

CVE-2012-0255

Status Candidate

Overview

The BGP implementation in bgpd in Quagga before 0.99.20.1 does not properly use message buffers for OPEN messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a message associated with a malformed Four-octet AS Number Capability (aka AS4 capability).

Related Files

Gentoo Linux Security Advisory 201310-08
Posted Oct 10, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201310-8 - Multiple vulnerabilities have been found in Quagga, the worst of which could lead to arbitrary code execution. Versions less than 0.99.22.4 are affected.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2012-0249, CVE-2012-0250, CVE-2012-0255, CVE-2012-1820, CVE-2013-2236
MD5 | 37f053eb6288325963428e11d1fbe891
Red Hat Security Advisory 2012-1259-01
Posted Sep 12, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1259-01 - Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP routing protocol. The Quagga ospfd and ospf6d daemons implement the OSPF routing protocol. A heap-based buffer overflow flaw was found in the way the bgpd daemon processed malformed Extended Communities path attributes. An attacker could send a specially-crafted BGP message, causing bgpd on a target system to crash or, possibly, execute arbitrary code with the privileges of the user running bgpd. The UPDATE message would have to arrive from an explicitly configured BGP peer, but could have originated elsewhere in the BGP network.

tags | advisory, overflow, arbitrary, tcp, protocol
systems | linux, redhat
advisories | CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, CVE-2011-3326, CVE-2011-3327, CVE-2012-0249, CVE-2012-0250, CVE-2012-0255, CVE-2012-1820
MD5 | 0d3da980b0dd57efab31189d97ea8c0f
Ubuntu Security Notice USN-1441-1
Posted May 15, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1441-1 - It was discovered that Quagga incorrectly handled Link State Update messages with invalid lengths. A remote attacker could use this flaw to cause Quagga to crash, resulting in a denial of service. It was discovered that Quagga incorrectly handled messages with a malformed Four-octet AS Number Capability. A remote attacker could use this flaw to cause Quagga to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2012-0250, CVE-2012-0255, CVE-2012-0249, CVE-2012-0250, CVE-2012-0255
MD5 | 80b5e7e0c0eaac88003a6799acf42213
Debian Security Advisory 2459-1
Posted Apr 26, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2459-1 - Several vulnerabilities have been discovered in Quagga, a routing daemon.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2012-0249, CVE-2012-0250, CVE-2012-0255
MD5 | 0c46e857bb65dddc098d0cc8eba232b6
Page 1 of 1
Back1Next

File Archive:

February 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    1 Files
  • 2
    Feb 2nd
    2 Files
  • 3
    Feb 3rd
    17 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    16 Files
  • 7
    Feb 7th
    19 Files
  • 8
    Feb 8th
    2 Files
  • 9
    Feb 9th
    2 Files
  • 10
    Feb 10th
    15 Files
  • 11
    Feb 11th
    20 Files
  • 12
    Feb 12th
    16 Files
  • 13
    Feb 13th
    19 Files
  • 14
    Feb 14th
    17 Files
  • 15
    Feb 15th
    4 Files
  • 16
    Feb 16th
    4 Files
  • 17
    Feb 17th
    34 Files
  • 18
    Feb 18th
    15 Files
  • 19
    Feb 19th
    20 Files
  • 20
    Feb 20th
    34 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close