Executive Summary

Summary
Title Quagga bgpd with BGP peers enabled for VPNv4 contains a buffer overflow vulnerability
Informations
NameVU#270232First vendor Publication2016-03-10
VendorVU-CERTLast vendor Modification2016-03-10
Severity (Vendor) N/ARevisionM

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:C/I:C/A:C)
Cvss Base Score7.6Attack RangeNetwork
Cvss Impact Score10Attack ComplexityHigh
Cvss Expoit Score4.9AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#270232

Quagga bgpd with BGP peers enabled for VPNv4 contains a buffer overflow vulnerability

Original Release date: 10 Mar 2016 | Last revised: 10 Mar 2016

Overview

Quagga, version 0.99.24.1 and earlier, contains a buffer overflow vulnerability in bgpd with BGP peers enabled for VPNv4 that may leveraged to gain code execution.

Description

CWE-121: Stack-based Buffer Overflow - CVE-2016-2342

Quagga is a software routing suite that implements numerous routing protocols for Unix-based platforms. A memcpy function in the VPNv4 NLRI parser of bgp_mplsvpn.c does not properly check the upper-bound length of received Labeled-VPN SAFI routes data, which may allow for arbitrary code execution on the stack. Note that hosts are only vulnerable if bgpd is running with BGP peers enabled for VPNv4, which is not a default configuration. For more details, refer to the Quagga changelog and commit notes.

Impact

A malicious BGP peer may execute arbitrary code in particularly configured remote bgpd hosts.

Solution

Apply an update

Quagga has released version 1.0.20160309 which addresses this issue.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
QuaggaAffected24 Nov 201510 Mar 2016
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

GroupScoreVector
Base7.6AV:N/AC:H/Au:N/C:C/I:C/A:C
Temporal6.0E:POC/RL:OF/RC:C
Environmental1.5CDP:ND/TD:L/CR:ND/IR:ND/AR:ND

References

  • http://www.quagga.net/
  • http://nongnu.askapache.com//quagga/quagga-1.0.20160309.changelog.txt
  • http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=a3bc7e9400b214a0f078fdb19596ba54214a1442

Credit

Thanks to Kostya Kortchinsky for reporting this vulnerability.

This document was written by Joel Land.

Other Information

  • CVE IDs:CVE-2016-2342
  • Date Public:10 Mar 2016
  • Date First Published:10 Mar 2016
  • Date Last Updated:10 Mar 2016
  • Document Revision:12

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Original Source

Url : http://www.kb.cert.org/vuls/id/270232

CWE : Common Weakness Enumeration

%idName
100 %CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1
Os2

Nessus® Vulnerability Scanner

DateDescription
2017-04-06Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20170321_quagga_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2017-03-30Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2017-0794.nasl - Type : ACT_GATHER_INFO
2017-03-27Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2017-0794.nasl - Type : ACT_GATHER_INFO
2017-03-22Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2017-0794.nasl - Type : ACT_GATHER_INFO
2016-11-21Name : The remote Fedora host is missing a security update.
File : fedora_2016-8acc6b66f1.nasl - Type : ACT_GATHER_INFO
2016-11-04Name : The remote Fedora host is missing a security update.
File : fedora_2016-568c7ff4f6.nasl - Type : ACT_GATHER_INFO
2016-11-04Name : The remote Fedora host is missing a security update.
File : fedora_2016-cae6456f63.nasl - Type : ACT_GATHER_INFO
2016-10-11Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201610-03.nasl - Type : ACT_GATHER_INFO
2016-04-05Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-0936-1.nasl - Type : ACT_GATHER_INFO
2016-04-05Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-0946-1.nasl - Type : ACT_GATHER_INFO
2016-03-28Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3532.nasl - Type : ACT_GATHER_INFO
2016-03-25Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-396.nasl - Type : ACT_GATHER_INFO
2016-03-25Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2941-1.nasl - Type : ACT_GATHER_INFO
2016-03-24Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-383.nasl - Type : ACT_GATHER_INFO
2016-03-11Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_70c44cd0e71711e585be14dae9d210b8.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
DateInformations
2016-03-22 05:27:45
  • Multiple Updates
2016-03-17 21:30:23
  • Multiple Updates
2016-03-11 00:29:12
  • Multiple Updates
2016-03-11 00:23:53
  • First insertion