PT-2012-1080 · Quagga+3 · Quagga+3

Martin Winter

Publicado

2012-04-05

Atualizado

2018-01-18

CVE-2012-0249

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Quagga versions prior to 0.99.20.1 Quagga versions prior to 0.99.22.4

Description The issue is related to a buffer overflow in the ospf ls upd list lsa function in ospf packet.c in the OSPFv2 implementation in ospfd. This can be exploited by remote attackers via a Link State Update packet that is smaller than the length specified in its header, leading to a denial of service. Multiple vulnerabilities in the Quagga package can also lead to disruption of confidentiality, integrity, and availability of protected information, and can be exploited remotely.

Recommendations For Quagga versions prior to 0.99.20.1, update to version 0.99.20.1 or later. For Quagga versions prior to 0.99.22.4, update to version 0.99.22.4 or later. As a temporary workaround, consider restricting access to the OSPFv2 implementation to minimize the risk of exploitation.

Exploit

Correção

DoS

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

AZL-44544

BDU:2015-06496

BDU:2015-06499

BDU:2015-06500

BDU:2015-06503

BDU:2015-08791

BDU:2015-08792

BDU:2015-08793

BDU:2015-08794

BDU:2015-09708

CESA-2012_1259

CVE-2012-0249

DSA-2459-1

RHSA-2012:1258

RHSA-2012:1259

RHSA-2012_1258

RHSA-2012_1259

SUSE-SU-2012_0706-1

Produtos afetados

Centos

Quagga

Red Hat

Suse

PT-2012-1080 · Quagga+3 · Quagga+3

CVE-2012-0249

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 24