Executive Summary

Informations
Name MDVSA-2013:122 First vendor Publication 2013-04-10
Vendor Mandriva Last vendor Modification 2013-04-10
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:A/AC:M/Au:N/C:N/I:N/A:P)
Cvss Base Score 2.9 Attack Range Adjacent network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 5.5 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Updated quagga package fixes security vulnerability:

The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering (ORF) capability TLV in an OPEN message (CVE-2012-1820).

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2013:122

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:18013
 
Oval ID: oval:org.mitre.oval:def:18013
Title: USN-1605-1 -- quagga vulnerability
Description: Quagga could be made to crash if it received specially crafted network traffic.
Family: unix Class: patch
Reference(s): USN-1605-1
CVE-2012-1820
 Version: 7
Platform(s): Ubuntu 12.04
Ubuntu 11.10
Ubuntu 11.04
Ubuntu 10.04
 Product(s): quagga
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18294
 
Oval ID: oval:org.mitre.oval:def:18294
Title: DSA-2497-1 quagga - denial of service
Description: It was discovered that Quagga, a routing daemon, contains a vulnerability in processing the ORF capability in BGP OPEN messages. A malformed OPEN message from a previously configured BGP peer could cause bgpd to crash, causing a denial of service.
Family: unix Class: patch
Reference(s): DSA-2497-1
CVE-2012-1820
 Version: 7
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
 Product(s): quagga
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21278
 
Oval ID: oval:org.mitre.oval:def:21278
Title: RHSA-2012:1259: quagga security update (Moderate)
Description: The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering (ORF) capability TLV in an OPEN message.
Family: unix Class: patch
Reference(s): RHSA-2012:1259-01
CESA-2012:1259
CVE-2011-3323
CVE-2011-3324
CVE-2011-3325
CVE-2011-3326
CVE-2011-3327
CVE-2012-0249
CVE-2012-0250
CVE-2012-0255
CVE-2012-1820
 Version: 120
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
 Product(s): quagga
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23882
 
Oval ID: oval:org.mitre.oval:def:23882
Title: ELSA-2012:1259: quagga security update (Moderate)
Description: The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering (ORF) capability TLV in an OPEN message.
Family: unix Class: patch
Reference(s): ELSA-2012:1259-01
CVE-2011-3323
CVE-2011-3324
CVE-2011-3325
CVE-2011-3326
CVE-2011-3327
CVE-2012-0249
CVE-2012-0250
CVE-2012-0255
CVE-2012-1820
 Version: 41
Platform(s): Oracle Linux 6
 Product(s): quagga
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27848
 
Oval ID: oval:org.mitre.oval:def:27848
Title: DEPRECATED: ELSA-2012-1259 -- quagga security update (moderate)
Description: [0.99.15-7.2] - improve fix for CVE-2011-3325 [0.99.15-7.1] - fix CVE-2011-3323 - fix CVE-2011-3324 - fix CVE-2011-3325 - fix CVE-2011-3326 - fix CVE-2011-3327 - fix CVE-2012-0255 - fix CVE-2012-0249 and CVE-2012-0250 - fix CVE-2012-1820 [0.99.15-7] - Resolves: #684751 - CVE-2010-1674 CVE-2010-1675 quagga various flaws [0.99.15-6] - Resolves: #644832 - CVE-2010-2948 CVE-2010-2949 quagga various flaws
Family: unix Class: patch
Reference(s): ELSA-2012-1259
CVE-2011-3323
CVE-2011-3324
CVE-2011-3325
CVE-2011-3326
CVE-2011-3327
CVE-2012-0249
CVE-2012-0250
CVE-2012-0255
CVE-2012-1820
 Version: 4
Platform(s): Oracle Linux 6
 Product(s): quagga
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 41

OpenVAS Exploits

Date Description
2012-10-12 Name : Ubuntu Update for quagga USN-1605-1
File : nvt/gb_ubuntu_USN_1605_1.nasl
2012-09-17 Name : CentOS Update for quagga CESA-2012:1259 centos6
File : nvt/gb_CESA-2012_1259_quagga_centos6.nasl
2012-09-17 Name : RedHat Update for quagga RHSA-2012:1259-01
File : nvt/gb_RHSA-2012_1259-01_quagga.nasl
2012-08-30 Name : Fedora Update for quagga FEDORA-2012-9103
File : nvt/gb_fedora_2012_9103_quagga_fc17.nasl
2012-08-10 Name : Debian Security Advisory DSA 2497-1 (quagga)
File : nvt/deb_2497_1.nasl
2012-08-10 Name : FreeBSD Ports: quagga
File : nvt/freebsd_quagga4.nasl
2012-06-22 Name : Fedora Update for quagga FEDORA-2012-9116
File : nvt/gb_fedora_2012_9116_quagga_fc16.nasl
2012-06-22 Name : Fedora Update for quagga FEDORA-2012-9117
File : nvt/gb_fedora_2012_9117_quagga_fc15.nasl

Nessus® Vulnerability Scanner

Date Description
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_quagga_20120821.nasl - Type : ACT_GATHER_INFO
2013-10-11 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201310-08.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2012-90.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-1259.nasl - Type : ACT_GATHER_INFO
2013-04-20 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-122.nasl - Type : ACT_GATHER_INFO
2013-01-25 Name : The remote SuSE 11 host is missing a security update.
File : suse_11_quagga-120430.nasl - Type : ACT_GATHER_INFO
2012-10-12 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1605-1.nasl - Type : ACT_GATHER_INFO
2012-09-14 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120912_quagga_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-09-14 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-1259.nasl - Type : ACT_GATHER_INFO
2012-09-13 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1259.nasl - Type : ACT_GATHER_INFO
2012-06-29 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2497.nasl - Type : ACT_GATHER_INFO
2012-06-29 Name : The remote service may be affected by a denial of service vulnerability.
File : quagga_0_99_21.nasl - Type : ACT_GATHER_INFO
2012-06-20 Name : The remote Fedora host is missing a security update.
File : fedora_2012-9117.nasl - Type : ACT_GATHER_INFO
2012-06-20 Name : The remote Fedora host is missing a security update.
File : fedora_2012-9116.nasl - Type : ACT_GATHER_INFO
2012-06-20 Name : The remote Fedora host is missing a security update.
File : fedora_2012-9103.nasl - Type : ACT_GATHER_INFO
2012-06-07 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_quagga-8108.nasl - Type : ACT_GATHER_INFO
2012-06-06 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_1e14d46faf1f11e1b24200215af774f0.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-02-17 11:43:41
  • Multiple Updates
2013-04-10 17:18:28
  • First insertion