Executive Summary
Summary | |
---|---|
Title | Quagga BGP OPEN denial of service vulnerability |
Informations | |||
---|---|---|---|
Name | VU#962587 | First vendor Publication | 2012-06-04 |
Vendor | VU-CERT | Last vendor Modification | 2012-06-11 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:A/AC:M/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 2.9 | Attack Range | Adjacent network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 5.5 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#962587Quagga BGP OPEN denial of service vulnerabilityOverviewQuagga, a routing software suite, contains a BGP OPEN vulnerability that result in a denial-of-service condition. Description
Impact
Solution
Vendor Information (Learn More)
CVSS Metrics (Learn More)
References
CreditThanks to Denis Ovsienko for reporting this vulnerability. This document was written by Michael Orlando. Other Information
FeedbackIf you have feedback, comments, or additional information about this vulnerability, please send us email. This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify |
Original Source
Url : http://www.kb.cert.org/vuls/id/962587 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:18013 | |||
Oval ID: | oval:org.mitre.oval:def:18013 | ||
Title: | USN-1605-1 -- quagga vulnerability | ||
Description: | Quagga could be made to crash if it received specially crafted network traffic. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1605-1 CVE-2012-1820 | Version: | 7 |
Platform(s): | Ubuntu 12.04 Ubuntu 11.10 Ubuntu 11.04 Ubuntu 10.04 | Product(s): | quagga |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18294 | |||
Oval ID: | oval:org.mitre.oval:def:18294 | ||
Title: | DSA-2497-1 quagga - denial of service | ||
Description: | It was discovered that Quagga, a routing daemon, contains a vulnerability in processing the ORF capability in BGP OPEN messages. A malformed OPEN message from a previously configured BGP peer could cause bgpd to crash, causing a denial of service. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2497-1 CVE-2012-1820 | Version: | 7 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | quagga |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21278 | |||
Oval ID: | oval:org.mitre.oval:def:21278 | ||
Title: | RHSA-2012:1259: quagga security update (Moderate) | ||
Description: | The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering (ORF) capability TLV in an OPEN message. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2012:1259-01 CESA-2012:1259 CVE-2011-3323 CVE-2011-3324 CVE-2011-3325 CVE-2011-3326 CVE-2011-3327 CVE-2012-0249 CVE-2012-0250 CVE-2012-0255 CVE-2012-1820 | Version: | 120 |
Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | quagga |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23882 | |||
Oval ID: | oval:org.mitre.oval:def:23882 | ||
Title: | ELSA-2012:1259: quagga security update (Moderate) | ||
Description: | The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering (ORF) capability TLV in an OPEN message. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012:1259-01 CVE-2011-3323 CVE-2011-3324 CVE-2011-3325 CVE-2011-3326 CVE-2011-3327 CVE-2012-0249 CVE-2012-0250 CVE-2012-0255 CVE-2012-1820 | Version: | 41 |
Platform(s): | Oracle Linux 6 | Product(s): | quagga |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:27848 | |||
Oval ID: | oval:org.mitre.oval:def:27848 | ||
Title: | DEPRECATED: ELSA-2012-1259 -- quagga security update (moderate) | ||
Description: | [0.99.15-7.2] - improve fix for CVE-2011-3325 [0.99.15-7.1] - fix CVE-2011-3323 - fix CVE-2011-3324 - fix CVE-2011-3325 - fix CVE-2011-3326 - fix CVE-2011-3327 - fix CVE-2012-0255 - fix CVE-2012-0249 and CVE-2012-0250 - fix CVE-2012-1820 [0.99.15-7] - Resolves: #684751 - CVE-2010-1674 CVE-2010-1675 quagga various flaws [0.99.15-6] - Resolves: #644832 - CVE-2010-2948 CVE-2010-2949 quagga various flaws | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012-1259 CVE-2011-3323 CVE-2011-3324 CVE-2011-3325 CVE-2011-3326 CVE-2011-3327 CVE-2012-0249 CVE-2012-0250 CVE-2012-0255 CVE-2012-1820 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | quagga |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-10-12 | Name : Ubuntu Update for quagga USN-1605-1 File : nvt/gb_ubuntu_USN_1605_1.nasl |
2012-09-17 | Name : CentOS Update for quagga CESA-2012:1259 centos6 File : nvt/gb_CESA-2012_1259_quagga_centos6.nasl |
2012-09-17 | Name : RedHat Update for quagga RHSA-2012:1259-01 File : nvt/gb_RHSA-2012_1259-01_quagga.nasl |
2012-08-30 | Name : Fedora Update for quagga FEDORA-2012-9103 File : nvt/gb_fedora_2012_9103_quagga_fc17.nasl |
2012-08-10 | Name : Debian Security Advisory DSA 2497-1 (quagga) File : nvt/deb_2497_1.nasl |
2012-08-10 | Name : FreeBSD Ports: quagga File : nvt/freebsd_quagga4.nasl |
2012-06-22 | Name : Fedora Update for quagga FEDORA-2012-9116 File : nvt/gb_fedora_2012_9116_quagga_fc16.nasl |
2012-06-22 | Name : Fedora Update for quagga FEDORA-2012-9117 File : nvt/gb_fedora_2012_9117_quagga_fc15.nasl |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_quagga_20120821.nasl - Type : ACT_GATHER_INFO |
2013-10-11 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201310-08.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-90.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1259.nasl - Type : ACT_GATHER_INFO |
2013-04-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-122.nasl - Type : ACT_GATHER_INFO |
2013-01-25 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_quagga-120430.nasl - Type : ACT_GATHER_INFO |
2012-10-12 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1605-1.nasl - Type : ACT_GATHER_INFO |
2012-09-14 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120912_quagga_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-09-14 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1259.nasl - Type : ACT_GATHER_INFO |
2012-09-13 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1259.nasl - Type : ACT_GATHER_INFO |
2012-06-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2497.nasl - Type : ACT_GATHER_INFO |
2012-06-29 | Name : The remote service may be affected by a denial of service vulnerability. File : quagga_0_99_21.nasl - Type : ACT_GATHER_INFO |
2012-06-20 | Name : The remote Fedora host is missing a security update. File : fedora_2012-9117.nasl - Type : ACT_GATHER_INFO |
2012-06-20 | Name : The remote Fedora host is missing a security update. File : fedora_2012-9116.nasl - Type : ACT_GATHER_INFO |
2012-06-20 | Name : The remote Fedora host is missing a security update. File : fedora_2012-9103.nasl - Type : ACT_GATHER_INFO |
2012-06-07 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_quagga-8108.nasl - Type : ACT_GATHER_INFO |
2012-06-06 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_1e14d46faf1f11e1b24200215af774f0.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:08:19 |
|