PT-2012-1081 · Quagga+3 · Quagga+3

Martin Winter

Publicado

2012-04-05

Atualizado

2018-01-18

CVE-2012-0250

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Quagga versions prior to 0.99.20.1 Quagga versions prior to 0.99.22.4

Description The issue concerns multiple vulnerabilities in the Quagga package, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely, potentially causing a denial of service (daemon crash) via a Link State Update packet. The estimated number of potentially affected devices worldwide is not specified.

Recommendations For Quagga versions prior to 0.99.20.1, update to version 0.99.20.1 or later to resolve the issue. For Quagga versions prior to 0.99.22.4, update to version 0.99.22.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the OSPFv2 implementation in ospfd to minimize the risk of exploitation.

Correção

DoS

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

AZL-44247

BDU:2015-06496

BDU:2015-06499

BDU:2015-06500

BDU:2015-06503

BDU:2015-08791

BDU:2015-08792

BDU:2015-08793

BDU:2015-08794

BDU:2015-09708

CESA-2012_1259

CVE-2012-0250

DSA-2459-1

RHSA-2012:1258

RHSA-2012:1259

RHSA-2012_1258

RHSA-2012_1259

Produtos afetados

Centos

Quagga

Red Hat

Suse

PT-2012-1081 · Quagga+3 · Quagga+3

CVE-2012-0250

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 23