Nom du paquet
quagga
Date
2010-09-11
Advisory ID
MDVSA-2010:174
Affected versions
CS4.0 x86_64 , CS4.0 i586

Problem description

Stack-based buffer overflow in the bgp_route_refresh_receive
function in bgp_packet.c in bgpd in Quagga before 0.99.17 allows
remote authenticated users to cause a denial of service (daemon
crash) or possibly execute arbitrary code via a malformed Outbound
Route Filtering (ORF) record in a BGP ROUTE-REFRESH (RR) message
(CVE-2010-2948).

bgpd in Quagga before 0.99.17 does not properly parse AS paths, which
allows remote attackers to cause a denial of service (NULL pointer
dereference and daemon crash) via an unknown AS type in an AS path
attribute in a BGP UPDATE message (CVE-2010-2949).

Updated packages are available that bring Quagga to version 0.99.17
which provides numerous bugfixes over the previous 0.99.12 version,
and also corrects these issues.

Updated packages

CS4.0 x86_64

 9b36814efd0751aa81e38baec0d2bae6  corporate/4.0/x86_64/lib64quagga0-0.99.17-0.1.20060mlcs4.x86_64.rpm
 64ab6ba845a97236ffd2898e0aef892d  corporate/4.0/x86_64/lib64quagga0-devel-0.99.17-0.1.20060mlcs4.x86_64.rpm
 7d259ae75e30e1d172e340cc232d1ff2  corporate/4.0/x86_64/quagga-0.99.17-0.1.20060mlcs4.x86_64.rpm
 2f3390db2bae0e0d505ec759e0a15232  corporate/4.0/x86_64/quagga-contrib-0.99.17-0.1.20060mlcs4.x86_64.rpm 
 9f63365fc185a7bdf930a80cb6615c7d  corporate/4.0/SRPMS/quagga-0.99.17-0.1.20060mlcs4.src.rpm

CS4.0 i586

 982061c8bac57d5878a2dbd9747234f4  corporate/4.0/i586/libquagga0-0.99.17-0.1.20060mlcs4.i586.rpm
 53b1e909e046539dcfd55f9b1f62e7ea  corporate/4.0/i586/libquagga0-devel-0.99.17-0.1.20060mlcs4.i586.rpm
 796ef3f10f793f6546ce6a0525082fa5  corporate/4.0/i586/quagga-0.99.17-0.1.20060mlcs4.i586.rpm
 423c4032225687b252ddb3887db1f226  corporate/4.0/i586/quagga-contrib-0.99.17-0.1.20060mlcs4.i586.rpm 
 9f63365fc185a7bdf930a80cb6615c7d  corporate/4.0/SRPMS/quagga-0.99.17-0.1.20060mlcs4.src.rpm

References