- Home
- CVEs with nessus.description==According to the versions of the quagga package installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :
- A double-free vulnerability was found in Quagga. A BGP
peer could send a specially crafted UPDATE message
which would cause allocated blocks of memory to be
free()d more than once, potentially leading to a crash
or other issues.(CVE-2018-5379)
- All versions of Quagga, 0.93 through 1.1.0, are
vulnerable to an unbounded memory allocation in the
telnet 'vty' CLI, leading to a Denial-of-Service of
Quagga daemons, or even the entire host. When Quagga
daemons are configured with their telnet CLI enabled,
anyone who can connect to the TCP ports can trigger
this vulnerability, prior to authentication. Most
distributions restrict the Quagga telnet interface to
local access only by default. The Quagga telnet
interface 'vty' input buffer grows automatically,
without bound, so long as a newline is not entered.
This allows an attacker to cause the Quagga daemon to
allocate unbounded memory by sending very long strings
without a newline. Eventually the daemon is terminated
by the system, or the system itself runs out of
memory.(CVE-2017-5495)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top