7.5 - RHSA-2012:1259

Executive Summary

Summary
Title	quagga security update

Informations
Name	RHSA-2012:1259	First vendor Publication	2012-09-12
Vendor	RedHat	Last vendor Modification	2012-09-12
Severity (Vendor)	Moderate	Revision	01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score	7.5	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated quagga packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP (Border Gateway Protocol) routing protocol. The Quagga ospfd and ospf6d daemons implement the OSPF (Open Shortest Path First) routing protocol.

A heap-based buffer overflow flaw was found in the way the bgpd daemon processed malformed Extended Communities path attributes. An attacker could send a specially-crafted BGP message, causing bgpd on a target system to crash or, possibly, execute arbitrary code with the privileges of the user running bgpd. The UPDATE message would have to arrive from an explicitly configured BGP peer, but could have originated elsewhere in the BGP network. (CVE-2011-3327)

A stack-based buffer overflow flaw was found in the way the ospf6d daemon processed malformed Link State Update packets. An OSPF router could use this flaw to crash ospf6d on an adjacent router. (CVE-2011-3323)

A flaw was found in the way the ospf6d daemon processed malformed link state advertisements. An OSPF neighbor could use this flaw to crash ospf6d on a target system. (CVE-2011-3324)

A flaw was found in the way the ospfd daemon processed malformed Hello packets. An OSPF neighbor could use this flaw to crash ospfd on a target system. (CVE-2011-3325)

A flaw was found in the way the ospfd daemon processed malformed link state advertisements. An OSPF router in the autonomous system could use this flaw to crash ospfd on a target system. (CVE-2011-3326)

An assertion failure was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to cause ospfd on an adjacent router to abort. (CVE-2012-0249)

A buffer overflow flaw was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to crash ospfd on an adjacent router. (CVE-2012-0250)

Two flaws were found in the way the bgpd daemon processed certain BGP OPEN messages. A configured BGP peer could cause bgpd on a target system to abort via a specially-crafted BGP OPEN message. (CVE-2012-0255, CVE-2012-1820)

Red Hat would like to thank CERT-FI for reporting CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326; and the CERT/CC for reporting CVE-2012-0249, CVE-2012-0250, CVE-2012-0255, and CVE-2012-1820. CERT-FI acknowledges Riku HietamÃ¤ki, Tuomo Untinen and Jukka Taimisto of the Codenomicon CROSS project as the original reporters of CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-332

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2012-1259.html

CWE : Common Weakness Enumeration

%	Id	Name
62 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer
38 %	CWE-399	Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:15155

Oval ID:	oval:org.mitre.oval:def:15155
Title:	DSA-2316-1 quagga -- several
Description:	Riku Hietamaki, Tuomo Untinen and Jukka Taimisto discovered several vulnerabilities in Quagga, an Internet routing daemon: CVE-2011-3323 A stack-based buffer overflow while decoding Link State Update packets with a malformed Inter Area Prefix LSA can cause the ospf6d process to crash or execute arbitrary code. CVE-2011-3324 The ospf6d process can crash while processing a Database Description packet with a crafted Link-State-Advertisement. CVE-2011-3325 The ospfd process can crash while processing a crafted Hello packet. CVE-2011-3326 The ospfd process crashes while processing Link-State-Advertisements of a type not known to Quagga. CVE-2011-3327 A heap-based buffer overflow while processing BGP UPDATE messages containing an Extended Communities path attribute can cause the bgpd process to crash or execute arbitrary code. The OSPF-related vulnerabilities require that potential attackers send packets to a vulnerable Quagga router; the packets are not distributed over OSPF. In contrast, the BGP UPDATE messages could be propagated by some routers.
Family:	unix	Class:	patch
Reference(s):	DSA-2316-1 CVE-2011-3323 CVE-2011-3324 CVE-2011-3325 CVE-2011-3326 CVE-2011-3327	Version:	5
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0	Product(s):	quagga
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Installed architecture is all AND quagga DPKG is earlier than 0.99.10-1lenny6 OR Release section Debian 6.0 is installed AND GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND Installed architecture is all AND quagga DPKG is earlier than 0.99.17-2+squeeze3

Definition Id: oval:org.mitre.oval:def:15222

Oval ID:	oval:org.mitre.oval:def:15222
Title:	USN-1261-1 -- Quagga vulnerabilities
Description:	quagga: BGP/OSPF/RIP routing daemon Quagga could be made to crash or run programs if it received specially crafted network traffic.
Family:	unix	Class:	patch
Reference(s):	USN-1261-1 CVE-2011-3323 CVE-2011-3324 CVE-2011-3325 CVE-2011-3326 CVE-2011-3327	Version:	5
Platform(s):	Ubuntu 11.04 Ubuntu 11.10 Ubuntu 10.04 Ubuntu 10.10	Product(s):	Quagga
Definition Synopsis:
Release section Ubuntu 11.04 is installed AND Installed architecture is all AND quagga DPKG is earlier than 0.99.17-4ubuntu1.1 OR Release section Ubuntu 11.10 is installed AND Installed architecture is all AND quagga DPKG is earlier than 0.99.18-2ubuntu0.1 OR Release section Ubuntu 10.04 is installed AND Installed architecture is all AND quagga DPKG is earlier than 0.99.15-1ubuntu0.3 OR Release section Ubuntu 10.10 is installed AND Installed architecture is all AND quagga DPKG is earlier than 0.99.17-1ubuntu0.2

Definition Id: oval:org.mitre.oval:def:17967

Oval ID:	oval:org.mitre.oval:def:17967
Title:	USN-1441-1 -- quagga vulnerabilities
Description:	Quagga could be made to crash if it received specially crafted network traffic.
Family:	unix	Class:	patch
Reference(s):	USN-1441-1 CVE-2012-0249 CVE-2012-0250 CVE-2012-0255	Version:	7
Platform(s):	Ubuntu 12.04 Ubuntu 11.10 Ubuntu 11.04 Ubuntu 10.04	Product(s):	quagga
Definition Synopsis:
Release section Ubuntu 12.04 is installed AND quagga DPKG is earlier than 0.99.20.1-0ubuntu0.12.04.2 AND Release section Ubuntu 11.10 is installed AND quagga DPKG is earlier than 0.99.20.1-0ubuntu0.11.10.2 AND Release section Ubuntu 11.04 is installed AND quagga DPKG is earlier than 0.99.20.1-0ubuntu0.11.04.2 AND Release section Ubuntu 10.04 is installed AND quagga DPKG is earlier than 0.99.20.1-0ubuntu0.10.04.2

Definition Id: oval:org.mitre.oval:def:18013

Oval ID:	oval:org.mitre.oval:def:18013
Title:	USN-1605-1 -- quagga vulnerability
Description:	Quagga could be made to crash if it received specially crafted network traffic.
Family:	unix	Class:	patch
Reference(s):	USN-1605-1 CVE-2012-1820	Version:	7
Platform(s):	Ubuntu 12.04 Ubuntu 11.10 Ubuntu 11.04 Ubuntu 10.04	Product(s):	quagga
Definition Synopsis:
Release section Ubuntu 12.04 is installed AND quagga DPKG is earlier than 0.99.20.1-0ubuntu0.12.04.3 AND Release section Ubuntu 11.10 is installed AND quagga DPKG is earlier than 0.99.20.1-0ubuntu0.11.10.3 AND Release section Ubuntu 11.04 is installed AND quagga DPKG is earlier than 0.99.20.1-0ubuntu0.11.04.3 AND Release section Ubuntu 10.04 is installed AND quagga DPKG is earlier than 0.99.20.1-0ubuntu0.10.04.3

Definition Id: oval:org.mitre.oval:def:18294

Oval ID:	oval:org.mitre.oval:def:18294
Title:	DSA-2497-1 quagga - denial of service
Description:	It was discovered that Quagga, a routing daemon, contains a vulnerability in processing the ORF capability in BGP OPEN messages. A malformed OPEN message from a previously configured BGP peer could cause bgpd to crash, causing a denial of service.
Family:	unix	Class:	patch
Reference(s):	DSA-2497-1 CVE-2012-1820	Version:	7
Platform(s):	Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0	Product(s):	quagga
Definition Synopsis:
Debian 6.0 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND quagga DPKG is earlier than 0.99.20.1-0+squeeze3

Definition Id: oval:org.mitre.oval:def:18610

Oval ID:	oval:org.mitre.oval:def:18610
Title:	DSA-2459-2 quagga - regression
Description:	Several vulnerabilities have been discovered in Quagga, a routing daemon.
Family:	unix	Class:	patch
Reference(s):	DSA-2459-2 CVE-2012-0249 CVE-2012-0250 CVE-2012-0255	Version:	7
Platform(s):	Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0	Product(s):	quagga
Definition Synopsis:
Debian 6.0 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND quagga DPKG is earlier than 0.99.20.1-0+squeeze2

Definition Id: oval:org.mitre.oval:def:18647

Oval ID:	oval:org.mitre.oval:def:18647
Title:	DSA-2459-1 quagga - several
Description:	Several vulnerabilities have been discovered in Quagga, a routing daemon.
Family:	unix	Class:	patch
Reference(s):	DSA-2459-1 CVE-2012-0249 CVE-2012-0250 CVE-2012-0255	Version:	7
Platform(s):	Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0	Product(s):	quagga
Definition Synopsis:
Debian 6.0 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND quagga DPKG is earlier than 0.99.20.1-0+squeeze1

Definition Id: oval:org.mitre.oval:def:21278

Oval ID:	oval:org.mitre.oval:def:21278
Title:	RHSA-2012:1259: quagga security update (Moderate)
Description:	The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering (ORF) capability TLV in an OPEN message.
Family:	unix	Class:	patch
Reference(s):	RHSA-2012:1259-01 CESA-2012:1259 CVE-2011-3323 CVE-2011-3324 CVE-2011-3325 CVE-2011-3326 CVE-2011-3327 CVE-2012-0249 CVE-2012-0250 CVE-2012-0255 CVE-2012-1820	Version:	120
Platform(s):	Red Hat Enterprise Linux 6 CentOS Linux 6	Product(s):	quagga
Definition Synopsis:
Redhat 6 or Centos 6 release The operating system installed on the system is Red Hat Enterprise Linux 6 AND The operating system installed on the system is CentOS Linux 6.x Packages section quagga-devel is earlier than 0:0.99.15-7.el6_3.2 AND quagga-contrib is earlier than 0:0.99.15-7.el6_3.2 AND quagga is earlier than 0:0.99.15-7.el6_3.2

Definition Id: oval:org.mitre.oval:def:21326

Oval ID:	oval:org.mitre.oval:def:21326
Title:	RHSA-2012:1258: quagga security update (Moderate)
Description:	Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (daemon crash) via a Link State Update (aka LS Update) packet containing a network-LSA link-state advertisement for which the data-structure length is smaller than the value in the Length header field.
Family:	unix	Class:	patch
Reference(s):	RHSA-2012:1258-00 CESA-2012:1258 CVE-2010-1674 CVE-2011-3323 CVE-2011-3324 CVE-2011-3325 CVE-2011-3326 CVE-2011-3327 CVE-2012-0249 CVE-2012-0250	Version:	107
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5	Product(s):	quagga
Definition Synopsis:
Redhat 5 or Centos 5 release The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages section quagga-devel is earlier than 0:0.98.6-7.el5_8.1 AND quagga is earlier than 0:0.98.6-7.el5_8.1 AND quagga-contrib is earlier than 0:0.98.6-7.el5_8.1

Definition Id: oval:org.mitre.oval:def:23395

Oval ID:	oval:org.mitre.oval:def:23395
Title:	ELSA-2012:1258: quagga security update (Moderate)
Description:	Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (daemon crash) via a Link State Update (aka LS Update) packet containing a network-LSA link-state advertisement for which the data-structure length is smaller than the value in the Length header field.
Family:	unix	Class:	patch
Reference(s):	ELSA-2012:1258-00 CVE-2010-1674 CVE-2011-3323 CVE-2011-3324 CVE-2011-3325 CVE-2011-3326 CVE-2011-3327 CVE-2012-0249 CVE-2012-0250	Version:	37
Platform(s):	Oracle Linux 5	Product(s):	quagga
Definition Synopsis:
Oracle Linux 5.x rpm test quagga-devel is earlier than 0:0.98.6-7.el5_8.1 AND quagga is earlier than 0:0.98.6-7.el5_8.1 AND quagga-contrib is earlier than 0:0.98.6-7.el5_8.1

Definition Id: oval:org.mitre.oval:def:23882

Oval ID:	oval:org.mitre.oval:def:23882
Title:	ELSA-2012:1259: quagga security update (Moderate)
Description:	The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering (ORF) capability TLV in an OPEN message.
Family:	unix	Class:	patch
Reference(s):	ELSA-2012:1259-01 CVE-2011-3323 CVE-2011-3324 CVE-2011-3325 CVE-2011-3326 CVE-2011-3327 CVE-2012-0249 CVE-2012-0250 CVE-2012-0255 CVE-2012-1820	Version:	41
Platform(s):	Oracle Linux 6	Product(s):	quagga
Definition Synopsis:
Oracle Linux 6.x rpm test quagga-devel is earlier than 0:0.99.15-7.el6_3.2 AND quagga-contrib is earlier than 0:0.99.15-7.el6_3.2 AND quagga is earlier than 0:0.99.15-7.el6_3.2

Definition Id: oval:org.mitre.oval:def:27805

Oval ID:	oval:org.mitre.oval:def:27805
Title:	DEPRECATED: ELSA-2012-1258 -- quagga security update (moderate)
Description:	[0.98.6-7.1] - fix CVE-2011-3323 - fix CVE-2011-3324 - fix CVE-2011-3325 - fix CVE-2011-3326 - fix CVE-2011-3327 - fix CVE-2012-0249 - fix CVE-2010-1674 [0.98.6-7] - Resolves: #638628 - CVE-2007-4826 CVE-2010-2948 quagga: various flaws [0.98.6-6] - Resolves: #528583 - Missing declarations cause zebra to segfault
Family:	unix	Class:	patch
Reference(s):	ELSA-2012-1258 CVE-2010-1674 CVE-2011-3323 CVE-2011-3324 CVE-2011-3325 CVE-2011-3326 CVE-2011-3327 CVE-2012-0249 CVE-2012-0250	Version:	4
Platform(s):	Oracle Linux 5	Product(s):	quagga
Definition Synopsis:
Oracle Linux 5.x Packages match section quagga is earlier than 0:0.98.6-7.el5_8.1 AND quagga-contrib is earlier than 0:0.98.6-7.el5_8.1 AND quagga-devel is earlier than 0:0.98.6-7.el5_8.1

Definition Id: oval:org.mitre.oval:def:27848

Oval ID:	oval:org.mitre.oval:def:27848
Title:	DEPRECATED: ELSA-2012-1259 -- quagga security update (moderate)
Description:	[0.99.15-7.2] - improve fix for CVE-2011-3325 [0.99.15-7.1] - fix CVE-2011-3323 - fix CVE-2011-3324 - fix CVE-2011-3325 - fix CVE-2011-3326 - fix CVE-2011-3327 - fix CVE-2012-0255 - fix CVE-2012-0249 and CVE-2012-0250 - fix CVE-2012-1820 [0.99.15-7] - Resolves: #684751 - CVE-2010-1674 CVE-2010-1675 quagga various flaws [0.99.15-6] - Resolves: #644832 - CVE-2010-2948 CVE-2010-2949 quagga various flaws
Family:	unix	Class:	patch
Reference(s):	ELSA-2012-1259 CVE-2011-3323 CVE-2011-3324 CVE-2011-3325 CVE-2011-3326 CVE-2011-3327 CVE-2012-0249 CVE-2012-0250 CVE-2012-0255 CVE-2012-1820	Version:	4
Platform(s):	Oracle Linux 6	Product(s):	quagga
Definition Synopsis:
Oracle Linux 6.x Packages match section quagga is earlier than 0:0.99.15-7.el6_3.2 AND quagga-contrib is earlier than 0:0.99.15-7.el6_3.2 AND quagga-devel is earlier than 0:0.99.15-7.el6_3.2

CPE : Common Platform Enumeration

Type	Description	Count
Application	Quagga cpe:2.3:a:quagga:quagga:0.99.9:::::::* cpe:2.3:a:quagga:quagga:0.99.8:::::::* cpe:2.3:a:quagga:quagga:0.99.7:::::::* cpe:2.3:a:quagga:quagga:0.99.6:::::::* cpe:2.3:a:quagga:quagga:0.99.5:::::::* cpe:2.3:a:quagga:quagga:0.99.4:::::::* cpe:2.3:a:quagga:quagga:0.99.3:::::::* cpe:2.3:a:quagga:quagga:0.99.20:::::::* cpe:2.3:a:quagga:quagga:0.99.2:::::::* cpe:2.3:a:quagga:quagga:0.99.19:::::::* cpe:2.3:a:quagga:quagga:0.99.18:::::::* cpe:2.3:a:quagga:quagga:0.99.17:::::::* cpe:2.3:a:quagga:quagga:0.99.16:::::::* cpe:2.3:a:quagga:quagga:0.99.15:::::::* cpe:2.3:a:quagga:quagga:0.99.14:::::::* cpe:2.3:a:quagga:quagga:0.99.13:::::::* cpe:2.3:a:quagga:quagga:0.99.12:::::::* cpe:2.3:a:quagga:quagga:0.99.11:::::::* cpe:2.3:a:quagga:quagga:0.99.10:::::::* cpe:2.3:a:quagga:quagga:0.99.1:::::::* cpe:2.3:a:quagga:quagga:0.98.6:::::::* cpe:2.3:a:quagga:quagga:0.98.5:::::::* cpe:2.3:a:quagga:quagga:0.98.4:::::::* cpe:2.3:a:quagga:quagga:0.98.3:::::::* cpe:2.3:a:quagga:quagga:0.98.2:::::::* cpe:2.3:a:quagga:quagga:0.98.1:::::::* cpe:2.3:a:quagga:quagga:0.98.0:::::::* cpe:2.3:a:quagga:quagga:0.97.5:::::::* cpe:2.3:a:quagga:quagga:0.97.4:::::::* cpe:2.3:a:quagga:quagga:0.97.3:::::::* cpe:2.3:a:quagga:quagga:0.97.2:::::::* cpe:2.3:a:quagga:quagga:0.97.1:::::::* cpe:2.3:a:quagga:quagga:0.97.0:::::::* cpe:2.3:a:quagga:quagga:0.96.5:::::::* cpe:2.3:a:quagga:quagga:0.96.4:::::::* cpe:2.3:a:quagga:quagga:0.96.3:::::::* cpe:2.3:a:quagga:quagga:0.96.2:::::::* cpe:2.3:a:quagga:quagga:0.96.1:::::::* cpe:2.3:a:quagga:quagga:0.96:::::::* cpe:2.3:a:quagga:quagga:0.95:::::::* cpe:2.3:a:quagga:quagga:-:::::::*	41

OpenVAS Exploits

Date	Description
2012-10-12	Name : Ubuntu Update for quagga USN-1605-1 File : nvt/gb_ubuntu_USN_1605_1.nasl
2012-09-17	Name : CentOS Update for quagga CESA-2012:1258 centos5 File : nvt/gb_CESA-2012_1258_quagga_centos5.nasl
2012-09-17	Name : CentOS Update for quagga CESA-2012:1259 centos6 File : nvt/gb_CESA-2012_1259_quagga_centos6.nasl
2012-09-17	Name : RedHat Update for quagga RHSA-2012:1258-01 File : nvt/gb_RHSA-2012_1258-01_quagga.nasl
2012-09-17	Name : RedHat Update for quagga RHSA-2012:1259-01 File : nvt/gb_RHSA-2012_1259-01_quagga.nasl
2012-08-30	Name : Fedora Update for quagga FEDORA-2012-9103 File : nvt/gb_fedora_2012_9103_quagga_fc17.nasl
2012-08-30	Name : Fedora Update for quagga FEDORA-2012-5352 File : nvt/gb_fedora_2012_5352_quagga_fc17.nasl
2012-08-10	Name : Debian Security Advisory DSA 2497-1 (quagga) File : nvt/deb_2497_1.nasl
2012-08-10	Name : FreeBSD Ports: quagga File : nvt/freebsd_quagga4.nasl
2012-06-22	Name : Fedora Update for quagga FEDORA-2012-9116 File : nvt/gb_fedora_2012_9116_quagga_fc16.nasl
2012-06-22	Name : Fedora Update for quagga FEDORA-2012-9117 File : nvt/gb_fedora_2012_9117_quagga_fc15.nasl
2012-05-17	Name : Ubuntu Update for quagga USN-1441-1 File : nvt/gb_ubuntu_USN_1441_1.nasl
2012-04-30	Name : FreeBSD Ports: quagga File : nvt/freebsd_quagga3.nasl
2012-04-30	Name : Debian Security Advisory DSA 2459-1 (quagga) File : nvt/deb_2459_1.nasl
2012-04-23	Name : Fedora Update for quagga FEDORA-2012-5411 File : nvt/gb_fedora_2012_5411_quagga_fc16.nasl
2012-04-23	Name : Fedora Update for quagga FEDORA-2012-5436 File : nvt/gb_fedora_2012_5436_quagga_fc15.nasl
2012-03-19	Name : Fedora Update for quagga FEDORA-2011-13492 File : nvt/gb_fedora_2011_13492_quagga_fc16.nasl
2012-03-12	Name : Gentoo Security Advisory GLSA 201202-02 (Quagga) File : nvt/glsa_201202_02.nasl
2011-11-18	Name : Ubuntu Update for quagga USN-1261-1 File : nvt/gb_ubuntu_USN_1261_1.nasl
2011-10-21	Name : Fedora Update for quagga FEDORA-2011-13504 File : nvt/gb_fedora_2011_13504_quagga_fc15.nasl
2011-10-21	Name : Fedora Update for quagga FEDORA-2011-13499 File : nvt/gb_fedora_2011_13499_quagga_fc14.nasl
2011-10-16	Name : FreeBSD Ports: quagga File : nvt/freebsd_quagga2.nasl
2011-10-16	Name : Debian Security Advisory DSA 2316-1 (quagga) File : nvt/deb_2316_1.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
75732	Quagga bgpd IPv4 AS_PATH UPDATE Message Parsing Overflow
75731	Quagga ospfd Link State Advertisement (LSA) Link State Update Message Parsing...
75730	Quagga ospfd Hello Message Parsing Remote IPv4 DoS
75729	Quagga ospf6d Database Description Message Parsing Remote IPv6 DoS
75728	Quagga ospf6d Linkstate Message Parsing Remote IPv6 DoS

Nessus® Vulnerability Scanner

Date	Description
2015-01-19	Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_quagga_20120821.nasl - Type : ACT_GATHER_INFO
2015-01-19	Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_quagga_20120404.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : suse_11_4_quagga-111013.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : suse_11_3_quagga-111013.nasl - Type : ACT_GATHER_INFO
2013-10-11	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201310-08.nasl - Type : ACT_GATHER_INFO
2013-09-04	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-90.nasl - Type : ACT_GATHER_INFO
2013-09-04	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-70.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1258.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1259.nasl - Type : ACT_GATHER_INFO
2013-04-20	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-122.nasl - Type : ACT_GATHER_INFO
2013-01-25	Name : The remote SuSE 11 host is missing a security update. File : suse_11_quagga-120430.nasl - Type : ACT_GATHER_INFO
2012-10-12	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1605-1.nasl - Type : ACT_GATHER_INFO
2012-09-14	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1259.nasl - Type : ACT_GATHER_INFO
2012-09-14	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120912_quagga_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-09-14	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120912_quagga_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-09-13	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1259.nasl - Type : ACT_GATHER_INFO
2012-09-13	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1258.nasl - Type : ACT_GATHER_INFO
2012-09-13	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1258.nasl - Type : ACT_GATHER_INFO
2012-06-29	Name : The remote service may be affected by a denial of service vulnerability. File : quagga_0_99_21.nasl - Type : ACT_GATHER_INFO
2012-06-29	Name : The remote service may be affected by multiple vulnerabilities. File : quagga_0_99_20_1.nasl - Type : ACT_GATHER_INFO
2012-06-29	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2497.nasl - Type : ACT_GATHER_INFO
2012-06-29	Name : The remote service may be affected by multiple vulnerabilities. File : quagga_0_99_17.nasl - Type : ACT_GATHER_INFO
2012-06-29	Name : The remote service may be affected by multiple vulnerabilities. File : quagga_0_99_19.nasl - Type : ACT_GATHER_INFO
2012-06-20	Name : The remote Fedora host is missing a security update. File : fedora_2012-9117.nasl - Type : ACT_GATHER_INFO
2012-06-20	Name : The remote Fedora host is missing a security update. File : fedora_2012-9116.nasl - Type : ACT_GATHER_INFO
2012-06-20	Name : The remote Fedora host is missing a security update. File : fedora_2012-9103.nasl - Type : ACT_GATHER_INFO
2012-06-07	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_quagga-8108.nasl - Type : ACT_GATHER_INFO
2012-06-06	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_1e14d46faf1f11e1b24200215af774f0.nasl - Type : ACT_GATHER_INFO
2012-05-16	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1441-1.nasl - Type : ACT_GATHER_INFO
2012-04-27	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2459.nasl - Type : ACT_GATHER_INFO
2012-04-23	Name : The remote Fedora host is missing a security update. File : fedora_2012-5436.nasl - Type : ACT_GATHER_INFO
2012-04-23	Name : The remote Fedora host is missing a security update. File : fedora_2012-5411.nasl - Type : ACT_GATHER_INFO
2012-04-20	Name : The remote Fedora host is missing a security update. File : fedora_2012-5352.nasl - Type : ACT_GATHER_INFO
2012-03-26	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_42a2c82a75b911e189b4001ec9578670.nasl - Type : ACT_GATHER_INFO
2012-02-22	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201202-02.nasl - Type : ACT_GATHER_INFO
2011-12-13	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_quagga-7768.nasl - Type : ACT_GATHER_INFO
2011-12-13	Name : The remote SuSE 11 host is missing a security update. File : suse_11_quagga-110921.nasl - Type : ACT_GATHER_INFO
2011-12-13	Name : The remote SuSE 11 host is missing a security update. File : suse_11_quagga-110920.nasl - Type : ACT_GATHER_INFO
2011-11-16	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1261-1.nasl - Type : ACT_GATHER_INFO
2011-10-24	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_quagga-7767.nasl - Type : ACT_GATHER_INFO
2011-10-19	Name : The remote Fedora host is missing a security update. File : fedora_2011-13504.nasl - Type : ACT_GATHER_INFO
2011-10-19	Name : The remote Fedora host is missing a security update. File : fedora_2011-13499.nasl - Type : ACT_GATHER_INFO
2011-10-19	Name : The remote Fedora host is missing a security update. File : fedora_2011-13492.nasl - Type : ACT_GATHER_INFO
2011-10-06	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_ab9be2c8ef9111e0ad5a00215c6a37bb.nasl - Type : ACT_GATHER_INFO
2011-10-06	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2316.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:56:20	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	8
Oval ID(s)	13
CPE ID(s)	41
osvdb(s)	5
Openvas Exploit(s)	23
Nessus® Exploit(s)	45

	Related
7.5	CVE-2011-3327
5	CVE-2012-0255
5	CVE-2011-3326
5	CVE-2011-3325
5	CVE-2011-3324
5	CVE-2011-3323
3.3	CVE-2012-0250
3.3	CVE-2012-0249
2.9	VU#962587
2.9	CVE-2012-1820
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 10 more Alert(s)

7.5 - RHSA-2012:1259

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU