Debian: DSA-2316-1 Critical: Quagga Remote Exploit Patch Released
debian
October 5, 2011
Riku Hietamaki, Tuomo Untinen and Jukka Taimisto discovered several vulnerabilities in Quagga, an Internet routing daemon: CVE-2011-3323
Summary
Riku Hietamaki, Tuomo Untinen and Jukka Taimisto discovered several
vulnerabilities in Quagga, an Internet routing daemon:
CVE-2011-3323
A stack-based buffer overflow while decoding Link State Update
packets with a malformed Inter Area Prefix LSA can cause the
ospf6d process to crash or (potentially) execute arbitrary
code.
CVE-2011-3324
The ospf6d process can crash while processing a Database
Description packet with a crafted Link-State-Advertisement.
CVE-2011-3325
The ospfd process can crash while processing a crafted Hello
packet.
CVE-2011-3326
The ospfd process crashes while processing
Link-State-Advertisements of a type not known to Quagga.
CVE-2011-3327
A heap-based buffer overflow while processing BGP UPDATE
messages containing an Extended Communities path attribute
can cause the bgpd process to crash or (potentially) execute
arbitrary code.
The OSPF-related vulnerabilities require that potential attackers send
packets to a vulnerable Quagga router; the packets are not distributed
ove...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: quagga
CVE ID: CVE-2011-3323 CVE-2011-3324 CVE-2011-3325 CVE-2011-3326 CVE-2011-3327
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!