exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 4 of 4 RSS Feed

CVE-2012-0255

Status Candidate

Overview

The BGP implementation in bgpd in Quagga before 0.99.20.1 does not properly use message buffers for OPEN messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a message associated with a malformed Four-octet AS Number Capability (aka AS4 capability).

Related Files

Gentoo Linux Security Advisory 201310-08
Posted Oct 10, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201310-8 - Multiple vulnerabilities have been found in Quagga, the worst of which could lead to arbitrary code execution. Versions less than 0.99.22.4 are affected.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2012-0249, CVE-2012-0250, CVE-2012-0255, CVE-2012-1820, CVE-2013-2236
SHA-256 | ba9ca5c17e84ebeec9337e6ffbaa556d3fbe8194187caaf3a58902d40d14f254
Red Hat Security Advisory 2012-1259-01
Posted Sep 12, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1259-01 - Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP routing protocol. The Quagga ospfd and ospf6d daemons implement the OSPF routing protocol. A heap-based buffer overflow flaw was found in the way the bgpd daemon processed malformed Extended Communities path attributes. An attacker could send a specially-crafted BGP message, causing bgpd on a target system to crash or, possibly, execute arbitrary code with the privileges of the user running bgpd. The UPDATE message would have to arrive from an explicitly configured BGP peer, but could have originated elsewhere in the BGP network.

tags | advisory, overflow, arbitrary, tcp, protocol
systems | linux, redhat
advisories | CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, CVE-2011-3326, CVE-2011-3327, CVE-2012-0249, CVE-2012-0250, CVE-2012-0255, CVE-2012-1820
SHA-256 | 37b20bb55b5cac2a78ef3d512a2dcd040a9fa6e30e2802150f11501eda2c1742
Ubuntu Security Notice USN-1441-1
Posted May 15, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1441-1 - It was discovered that Quagga incorrectly handled Link State Update messages with invalid lengths. A remote attacker could use this flaw to cause Quagga to crash, resulting in a denial of service. It was discovered that Quagga incorrectly handled messages with a malformed Four-octet AS Number Capability. A remote attacker could use this flaw to cause Quagga to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2012-0250, CVE-2012-0255, CVE-2012-0249, CVE-2012-0250, CVE-2012-0255
SHA-256 | 5d00061ebbf37190e2a234ed2e926b9591981ccaf98e5bc04f27356da0113e72
Debian Security Advisory 2459-1
Posted Apr 26, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2459-1 - Several vulnerabilities have been discovered in Quagga, a routing daemon.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2012-0249, CVE-2012-0250, CVE-2012-0255
SHA-256 | c4367fc9a6c58c5c50a49bebc2fb4c7a2ab096bdd87ada9269d127b16eeae4ba
Page 1 of 1
Back1Next

File Archive:

November 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    16 Files
  • 2
    Nov 2nd
    17 Files
  • 3
    Nov 3rd
    17 Files
  • 4
    Nov 4th
    11 Files
  • 5
    Nov 5th
    0 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    3 Files
  • 8
    Nov 8th
    59 Files
  • 9
    Nov 9th
    12 Files
  • 10
    Nov 10th
    6 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    1 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    9 Files
  • 15
    Nov 15th
    33 Files
  • 16
    Nov 16th
    53 Files
  • 17
    Nov 17th
    11 Files
  • 18
    Nov 18th
    14 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    26 Files
  • 22
    Nov 22nd
    22 Files
  • 23
    Nov 23rd
    10 Files
  • 24
    Nov 24th
    9 Files
  • 25
    Nov 25th
    11 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close