ID CVE-2012-1820
Summary The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering (ORF) capability TLV in an OPEN message.
References
Vulnerable Configurations
  • Quagga Routing Software Suite 0.99.19
    cpe:2.3:a:quagga:quagga:0.99.19
  • Quagga Routing Software Suite 0.99.18
    cpe:2.3:a:quagga:quagga:0.99.18
  • Quagga Routing Software Suite 0.99.5
    cpe:2.3:a:quagga:quagga:0.99.5
  • Quagga Routing Software Suite 0.99.17
    cpe:2.3:a:quagga:quagga:0.99.17
  • Quagga Routing Software Suite 0.99.11
    cpe:2.3:a:quagga:quagga:0.99.11
  • Quagga Routing Software Suite 0.99.7
    cpe:2.3:a:quagga:quagga:0.99.7
  • Quagga Routing Software Suite 0.99.9
    cpe:2.3:a:quagga:quagga:0.99.9
  • Quagga Routing Software Suite 0.99.1
    cpe:2.3:a:quagga:quagga:0.99.1
  • Quagga Routing Software Suite 0.99.2
    cpe:2.3:a:quagga:quagga:0.99.2
  • Quagga Routing Software Suite 0.99.8
    cpe:2.3:a:quagga:quagga:0.99.8
  • Quagga Routing Software Suite 0.99.13
    cpe:2.3:a:quagga:quagga:0.99.13
  • Quagga Routing Software Suite 0.99.16
    cpe:2.3:a:quagga:quagga:0.99.16
  • Quagga Routing Software Suite 0.99.3
    cpe:2.3:a:quagga:quagga:0.99.3
  • Quagga Routing Software Suite 0.99.15
    cpe:2.3:a:quagga:quagga:0.99.15
  • Quagga Routing Software Suite 0.99.6
    cpe:2.3:a:quagga:quagga:0.99.6
  • Quagga Routing Software Suite 0.99.10
    cpe:2.3:a:quagga:quagga:0.99.10
  • Quagga Routing Software Suite 0.99.14
    cpe:2.3:a:quagga:quagga:0.99.14
  • Quagga Routing Software Suite 0.99.12
    cpe:2.3:a:quagga:quagga:0.99.12
  • Quagga Routing Software Suite 0.99.4
    cpe:2.3:a:quagga:quagga:0.99.4
  • Quagga Routing Software Suite 0.98.5
    cpe:2.3:a:quagga:quagga:0.98.5
  • Quagga Routing Software Suite 0.98.6
    cpe:2.3:a:quagga:quagga:0.98.6
  • Quagga Routing Software Suite 0.98.0
    cpe:2.3:a:quagga:quagga:0.98.0
  • Quagga Routing Software Suite 0.98.1
    cpe:2.3:a:quagga:quagga:0.98.1
  • Quagga Routing Software Suite 0.98.2
    cpe:2.3:a:quagga:quagga:0.98.2
  • Quagga Routing Software Suite 0.98.3
    cpe:2.3:a:quagga:quagga:0.98.3
  • Quagga Routing Software Suite 0.98.4
    cpe:2.3:a:quagga:quagga:0.98.4
  • Quagga Routing Software Suite 0.97.0
    cpe:2.3:a:quagga:quagga:0.97.0
  • Quagga Routing Software Suite 0.97.1
    cpe:2.3:a:quagga:quagga:0.97.1
  • Quagga Routing Software Suite 0.97.2
    cpe:2.3:a:quagga:quagga:0.97.2
  • Quagga Routing Software Suite 0.97.3
    cpe:2.3:a:quagga:quagga:0.97.3
  • Quagga Routing Software Suite 0.97.4
    cpe:2.3:a:quagga:quagga:0.97.4
  • Quagga Routing Software Suite 0.97.5
    cpe:2.3:a:quagga:quagga:0.97.5
  • Quagga Routing Software Suite 0.96.5
    cpe:2.3:a:quagga:quagga:0.96.5
  • Quagga Routing Software Suite 0.96.4
    cpe:2.3:a:quagga:quagga:0.96.4
  • Quagga Routing Software Suite 0.96.2
    cpe:2.3:a:quagga:quagga:0.96.2
  • Quagga Routing Software Suite 0.96.3
    cpe:2.3:a:quagga:quagga:0.96.3
  • Quagga Routing Software Suite 0.96.1
    cpe:2.3:a:quagga:quagga:0.96.1
  • Quagga Routing Software Suite 0.96
    cpe:2.3:a:quagga:quagga:0.96
  • Quagga Routing Software Suite 0.95
    cpe:2.3:a:quagga:quagga:0.95
  • Quagga Routing Software Suite 0.99.20
    cpe:2.3:a:quagga:quagga:0.99.20
  • Quagga Routing Software Suite 0.99.20.1
    cpe:2.3:a:quagga:quagga:0.99.20.1
CVSS
Base: 2.9 (as of 13-06-2012 - 13:27)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
ADJACENT_NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-9116.NASL
    description Update to the 0.99.21 which fixes various issues. In addition, this update fixes following CVE : CVE-2012-1820: quagga (bgpd): Assertion failure by processing BGP OPEN message with malformed ORF capability TLV Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 59578
    published 2012-06-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59578
    title Fedora 16 : quagga-0.99.21-2.fc16 (2012-9116)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_1E14D46FAF1F11E1B24200215AF774F0.NASL
    description CERT reports : If a pre-configured BGP peer sends a specially crafted OPEN message with a malformed ORF capability TLV, Quagga bgpd process will erroneously try to consume extra bytes from the input packet buffer. The process will detect a buffer overrun attempt before it happens and immediately terminate with an error message. All BGP sessions established by the attacked router will be closed and its BGP routing disrupted.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 59380
    published 2012-06-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59380
    title FreeBSD : quagga -- BGP OPEN denial of service vulnerability (1e14d46f-af1f-11e1-b242-00215af774f0)
  • NASL family Misc.
    NASL id QUAGGA_0_99_21.NASL
    description According to its self-reported version number, the installation of Quagga's BGP daemon listening on the remote host is affected by a denial of service vulnerability. Unauthenticated attackers on the local network can trigger this issue by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering capability TLV in an OPEN message.
    last seen 2019-02-21
    modified 2018-07-25
    plugin id 59792
    published 2012-06-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59792
    title Quagga < 0.99.21 BGP Denial of Service Vulnerability
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2497.NASL
    description It was discovered that Quagga, a routing daemon, contains a vulnerability in processing the ORF capability in BGP OPEN messages. A malformed OPEN message from a previously configured BGP peer could cause bgpd to crash, causing a denial of service.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 59775
    published 2012-06-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59775
    title Debian DSA-2497-1 : quagga - denial of service
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2012-90.NASL
    description The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering (ORF) capability TLV in an OPEN message.
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 69697
    published 2013-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69697
    title Amazon Linux AMI : quagga (ALAS-2012-90)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-9117.NASL
    description This update fixes CVE-2012-1820. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 59579
    published 2012-06-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59579
    title Fedora 15 : quagga-0.99.20.1-2.fc15 (2012-9117)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2013-122.NASL
    description Updated quagga package fixes security vulnerability : The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering (ORF) capability TLV in an OPEN message (CVE-2012-1820).
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 66134
    published 2013-04-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66134
    title Mandriva Linux Security Advisory : quagga (MDVSA-2013:122)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1605-1.NASL
    description It was discovered that Quagga incorrectly handled certain malformed messages. A remote attacker could use this flaw to cause Quagga to crash, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 62512
    published 2012-10-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62512
    title Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : quagga vulnerability (USN-1605-1)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20120912_QUAGGA_ON_SL6_X.NASL
    description A heap-based buffer overflow flaw was found in the way the bgpd daemon processed malformed Extended Communities path attributes. An attacker could send a specially crafted BGP message, causing bgpd on a target system to crash or, possibly, execute arbitrary code with the privileges of the user running bgpd. The UPDATE message would have to arrive from an explicitly configured BGP peer, but could have originated elsewhere in the BGP network. (CVE-2011-3327) A stack-based buffer overflow flaw was found in the way the ospf6d daemon processed malformed Link State Update packets. An OSPF router could use this flaw to crash ospf6d on an adjacent router. (CVE-2011-3323) A flaw was found in the way the ospf6d daemon processed malformed link state advertisements. An OSPF neighbor could use this flaw to crash ospf6d on a target system. (CVE-2011-3324) A flaw was found in the way the ospfd daemon processed malformed Hello packets. An OSPF neighbor could use this flaw to crash ospfd on a target system. (CVE-2011-3325) A flaw was found in the way the ospfd daemon processed malformed link state advertisements. An OSPF router in the autonomous system could use this flaw to crash ospfd on a target system. (CVE-2011-3326) An assertion failure was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to cause ospfd on an adjacent router to abort. (CVE-2012-0249) A buffer overflow flaw was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to crash ospfd on an adjacent router. (CVE-2012-0250) Two flaws were found in the way the bgpd daemon processed certain BGP OPEN messages. A configured BGP peer could cause bgpd on a target system to abort via a specially crafted BGP OPEN message. (CVE-2012-0255, CVE-2012-1820) We would like to thank CERT-FI for reporting CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326; and the CERT/CC for reporting CVE-2012-0249, CVE-2012-0250, CVE-2012-0255, and CVE-2012-1820. CERT-FI acknowledges Riku Hietamki, Tuomo Untinen and Jukka Taimisto of the Codenomicon CROSS project as the original reporters of CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326. The CERT/CC acknowledges Martin Winter at OpenSourceRouting.org as the original reporter of CVE-2012-0249, CVE-2012-0250, and CVE-2012-0255, and Denis Ovsienko as the original reporter of CVE-2012-1820. After installing the updated packages, the bgpd, ospfd, and ospf6d daemons will be restarted automatically.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 62095
    published 2012-09-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62095
    title Scientific Linux Security Update : quagga on SL6.x i386/x86_64
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2012-1259.NASL
    description From Red Hat Security Advisory 2012:1259 : Updated quagga packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP (Border Gateway Protocol) routing protocol. The Quagga ospfd and ospf6d daemons implement the OSPF (Open Shortest Path First) routing protocol. A heap-based buffer overflow flaw was found in the way the bgpd daemon processed malformed Extended Communities path attributes. An attacker could send a specially crafted BGP message, causing bgpd on a target system to crash or, possibly, execute arbitrary code with the privileges of the user running bgpd. The UPDATE message would have to arrive from an explicitly configured BGP peer, but could have originated elsewhere in the BGP network. (CVE-2011-3327) A stack-based buffer overflow flaw was found in the way the ospf6d daemon processed malformed Link State Update packets. An OSPF router could use this flaw to crash ospf6d on an adjacent router. (CVE-2011-3323) A flaw was found in the way the ospf6d daemon processed malformed link state advertisements. An OSPF neighbor could use this flaw to crash ospf6d on a target system. (CVE-2011-3324) A flaw was found in the way the ospfd daemon processed malformed Hello packets. An OSPF neighbor could use this flaw to crash ospfd on a target system. (CVE-2011-3325) A flaw was found in the way the ospfd daemon processed malformed link state advertisements. An OSPF router in the autonomous system could use this flaw to crash ospfd on a target system. (CVE-2011-3326) An assertion failure was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to cause ospfd on an adjacent router to abort. (CVE-2012-0249) A buffer overflow flaw was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to crash ospfd on an adjacent router. (CVE-2012-0250) Two flaws were found in the way the bgpd daemon processed certain BGP OPEN messages. A configured BGP peer could cause bgpd on a target system to abort via a specially crafted BGP OPEN message. (CVE-2012-0255, CVE-2012-1820) Red Hat would like to thank CERT-FI for reporting CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326; and the CERT/CC for reporting CVE-2012-0249, CVE-2012-0250, CVE-2012-0255, and CVE-2012-1820. CERT-FI acknowledges Riku Hietamaki, Tuomo Untinen and Jukka Taimisto of the Codenomicon CROSS project as the original reporters of CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326. The CERT/CC acknowledges Martin Winter at OpenSourceRouting.org as the original reporter of CVE-2012-0249, CVE-2012-0250, and CVE-2012-0255, and Denis Ovsienko as the original reporter of CVE-2012-1820. Users of quagga should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the bgpd, ospfd, and ospf6d daemons will be restarted automatically.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68618
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68618
    title Oracle Linux 6 : quagga (ELSA-2012-1259)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-9103.NASL
    description Update to the 0.99.21 which fixes various issues. In addition, this update fixes following CVE : CVE-2012-1820: quagga (bgpd): Assertion failure by processing BGP OPEN message with malformed ORF capability TLV Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 59577
    published 2012-06-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59577
    title Fedora 17 : quagga-0.99.21-2.fc17 (2012-9103)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-1259.NASL
    description Updated quagga packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP (Border Gateway Protocol) routing protocol. The Quagga ospfd and ospf6d daemons implement the OSPF (Open Shortest Path First) routing protocol. A heap-based buffer overflow flaw was found in the way the bgpd daemon processed malformed Extended Communities path attributes. An attacker could send a specially crafted BGP message, causing bgpd on a target system to crash or, possibly, execute arbitrary code with the privileges of the user running bgpd. The UPDATE message would have to arrive from an explicitly configured BGP peer, but could have originated elsewhere in the BGP network. (CVE-2011-3327) A stack-based buffer overflow flaw was found in the way the ospf6d daemon processed malformed Link State Update packets. An OSPF router could use this flaw to crash ospf6d on an adjacent router. (CVE-2011-3323) A flaw was found in the way the ospf6d daemon processed malformed link state advertisements. An OSPF neighbor could use this flaw to crash ospf6d on a target system. (CVE-2011-3324) A flaw was found in the way the ospfd daemon processed malformed Hello packets. An OSPF neighbor could use this flaw to crash ospfd on a target system. (CVE-2011-3325) A flaw was found in the way the ospfd daemon processed malformed link state advertisements. An OSPF router in the autonomous system could use this flaw to crash ospfd on a target system. (CVE-2011-3326) An assertion failure was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to cause ospfd on an adjacent router to abort. (CVE-2012-0249) A buffer overflow flaw was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to crash ospfd on an adjacent router. (CVE-2012-0250) Two flaws were found in the way the bgpd daemon processed certain BGP OPEN messages. A configured BGP peer could cause bgpd on a target system to abort via a specially crafted BGP OPEN message. (CVE-2012-0255, CVE-2012-1820) Red Hat would like to thank CERT-FI for reporting CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326; and the CERT/CC for reporting CVE-2012-0249, CVE-2012-0250, CVE-2012-0255, and CVE-2012-1820. CERT-FI acknowledges Riku Hietamaki, Tuomo Untinen and Jukka Taimisto of the Codenomicon CROSS project as the original reporters of CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326. The CERT/CC acknowledges Martin Winter at OpenSourceRouting.org as the original reporter of CVE-2012-0249, CVE-2012-0250, and CVE-2012-0255, and Denis Ovsienko as the original reporter of CVE-2012-1820. Users of quagga should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the bgpd, ospfd, and ospf6d daemons will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 62070
    published 2012-09-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62070
    title RHEL 6 : quagga (RHSA-2012:1259)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS11_QUAGGA_20120821.NASL
    description The remote Solaris system is missing necessary patches to address security updates : - ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF. (CVE-2012-0248) - Buffer overflow in the ospf_ls_upd_list_lsa function in ospf_packet.c in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a Link State Update (aka LS Update) packet that is smaller than the length specified in its header. (CVE-2012-0249) - Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (daemon crash) via a Link State Update (aka LS Update) packet containing a network-LSA link-state advertisement for which the data-structure length is smaller than the value in the Length header field. (CVE-2012-0250) - The BGP implementation in bgpd in Quagga before 0.99.20.1 does not properly use message buffers for OPEN messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a message associated with a malformed Four-octet AS Number Capability (aka AS4 capability). (CVE-2012-0255) - The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering (ORF) capability TLV in an OPEN message. (CVE-2012-1820)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 80752
    published 2015-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80752
    title Oracle Solaris Third-Party Patch Update : quagga (cve_2012_1820_denial_of)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201310-08.NASL
    description The remote host is affected by the vulnerability described in GLSA-201310-08 (Quagga: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Quagga. Please review the CVE identifiers referenced below for details. Impact : A remote attacker may be able to cause arbitrary code execution or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 70381
    published 2013-10-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70381
    title GLSA-201310-08 : Quagga: Multiple vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_QUAGGA-8108.NASL
    description This update of quagga fixes multiple security flaws that could have caused a Denial of Service via specially crafted packets. (CVE-2012-1820 / CVE-2012-0249 / CVE-2012-0250 / CVE-2012-0255) Additionally, issues with service owned directories in combination with logrotate were fixed.
    last seen 2019-02-21
    modified 2012-06-07
    plugin id 59393
    published 2012-06-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59393
    title SuSE 10 Security Update : quagga (ZYPP Patch Number 8108)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2012-1259.NASL
    description Updated quagga packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP (Border Gateway Protocol) routing protocol. The Quagga ospfd and ospf6d daemons implement the OSPF (Open Shortest Path First) routing protocol. A heap-based buffer overflow flaw was found in the way the bgpd daemon processed malformed Extended Communities path attributes. An attacker could send a specially crafted BGP message, causing bgpd on a target system to crash or, possibly, execute arbitrary code with the privileges of the user running bgpd. The UPDATE message would have to arrive from an explicitly configured BGP peer, but could have originated elsewhere in the BGP network. (CVE-2011-3327) A stack-based buffer overflow flaw was found in the way the ospf6d daemon processed malformed Link State Update packets. An OSPF router could use this flaw to crash ospf6d on an adjacent router. (CVE-2011-3323) A flaw was found in the way the ospf6d daemon processed malformed link state advertisements. An OSPF neighbor could use this flaw to crash ospf6d on a target system. (CVE-2011-3324) A flaw was found in the way the ospfd daemon processed malformed Hello packets. An OSPF neighbor could use this flaw to crash ospfd on a target system. (CVE-2011-3325) A flaw was found in the way the ospfd daemon processed malformed link state advertisements. An OSPF router in the autonomous system could use this flaw to crash ospfd on a target system. (CVE-2011-3326) An assertion failure was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to cause ospfd on an adjacent router to abort. (CVE-2012-0249) A buffer overflow flaw was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to crash ospfd on an adjacent router. (CVE-2012-0250) Two flaws were found in the way the bgpd daemon processed certain BGP OPEN messages. A configured BGP peer could cause bgpd on a target system to abort via a specially crafted BGP OPEN message. (CVE-2012-0255, CVE-2012-1820) Red Hat would like to thank CERT-FI for reporting CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326; and the CERT/CC for reporting CVE-2012-0249, CVE-2012-0250, CVE-2012-0255, and CVE-2012-1820. CERT-FI acknowledges Riku Hietamaki, Tuomo Untinen and Jukka Taimisto of the Codenomicon CROSS project as the original reporters of CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326. The CERT/CC acknowledges Martin Winter at OpenSourceRouting.org as the original reporter of CVE-2012-0249, CVE-2012-0250, and CVE-2012-0255, and Denis Ovsienko as the original reporter of CVE-2012-1820. Users of quagga should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the bgpd, ospfd, and ospf6d daemons will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 62081
    published 2012-09-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62081
    title CentOS 6 : quagga (CESA-2012:1259)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_QUAGGA-120430.NASL
    description This update of quagga fixes multiple security flaws that could have caused a Denial of Service via specially crafted packets. (CVE-2012-1820 / CVE-2012-0249 / CVE-2012-0250 / CVE-2012-0255) Additionally, issues with service owned directories in combination with logrotate were fixed.
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 64222
    published 2013-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64222
    title SuSE 11.1 Security Update : quagga (SAT Patch Number 6241)
redhat via4
advisories
bugzilla
id 817580
title CVE-2012-1820 quagga (bgpd): Assertion failure by processing BGP OPEN message with malformed ORF capability TLV (VU#962587)
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 6 Client is installed
      oval oval:com.redhat.rhba:tst:20111656001
    • comment Red Hat Enterprise Linux 6 Server is installed
      oval oval:com.redhat.rhba:tst:20111656002
    • comment Red Hat Enterprise Linux 6 Workstation is installed
      oval oval:com.redhat.rhba:tst:20111656003
    • comment Red Hat Enterprise Linux 6 ComputeNode is installed
      oval oval:com.redhat.rhba:tst:20111656004
  • OR
    • AND
      • comment quagga is earlier than 0:0.99.15-7.el6_3.2
        oval oval:com.redhat.rhsa:tst:20121259005
      • comment quagga is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100945006
    • AND
      • comment quagga-contrib is earlier than 0:0.99.15-7.el6_3.2
        oval oval:com.redhat.rhsa:tst:20121259009
      • comment quagga-contrib is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100945008
    • AND
      • comment quagga-devel is earlier than 0:0.99.15-7.el6_3.2
        oval oval:com.redhat.rhsa:tst:20121259007
      • comment quagga-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100945010
rhsa
id RHSA-2012:1259
released 2012-09-12
severity Moderate
title RHSA-2012:1259: quagga security update (Moderate)
rpms
  • quagga-0:0.99.15-7.el6_3.2
  • quagga-contrib-0:0.99.15-7.el6_3.2
  • quagga-devel-0:0.99.15-7.el6_3.2
refmap via4
bid 53775
cert-vn VU#962587
debian DSA-2497
secunia 50941
ubuntu USN-1605-1
Last major update 01-03-2013 - 23:40
Published 13-06-2012 - 11:55
Back to Top