PT-2011-5216 · Quagga+2 · Quagga+2

Jukka Taimisto

+2

·

Published

1970-01-01

·

Updated

2018-01-06

·

CVE-2011-3323

CVSS v2.0

7.5

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions Quagga versions prior to 0.99.19 Quagga versions 0.99.15 and earlier
Description The issue affects the Quagga package, allowing remote attackers to cause a denial of service via a Link State Update message with an invalid IPv6 prefix length. This can lead to disruption of confidentiality, integrity, and availability of protected information. The exploitation can be carried out remotely.
Recommendations For Quagga versions prior to 0.99.19, update to version 0.99.19 or later to resolve the issue. For Quagga versions 0.99.15 and earlier, update to a version later than 0.99.15 to mitigate the risk. As a temporary workaround, consider restricting access to the ospf6d implementation until a patch is available.

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

BDU:2015-04429
BDU:2015-04430
BDU:2015-05387
BDU:2015-05388
BDU:2015-06496
BDU:2015-06499
BDU:2015-06500
BDU:2015-06503
BDU:2015-08791
BDU:2015-08792
BDU:2015-08793
BDU:2015-08794
BDU:2015-09430
CESA-2012_1259
CVE-2011-3323
DSA-2316-1
RHSA-2012:1258
RHSA-2012:1259
RHSA-2012_1258
RHSA-2012_1259

Affected Products

Centos
Quagga
Red Hat