PT-2012-1080 · Quagga+3 · Quagga+3

Martin Winter

Published

2012-04-05

Updated

2018-01-18

CVE-2012-0249

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Quagga versions prior to 0.99.20.1 Quagga versions prior to 0.99.22.4

Description The issue is related to a buffer overflow in the ospf ls upd list lsa function in ospf packet.c in the OSPFv2 implementation in ospfd. This can be exploited by remote attackers via a Link State Update packet that is smaller than the length specified in its header, leading to a denial of service. Multiple vulnerabilities in the Quagga package can also lead to disruption of confidentiality, integrity, and availability of protected information, and can be exploited remotely.

Recommendations For Quagga versions prior to 0.99.20.1, update to version 0.99.20.1 or later. For Quagga versions prior to 0.99.22.4, update to version 0.99.22.4 or later. As a temporary workaround, consider restricting access to the OSPFv2 implementation to minimize the risk of exploitation.

Exploit

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

AZL-44544

BDU:2015-06496

BDU:2015-06499

BDU:2015-06500

BDU:2015-06503

BDU:2015-08791

BDU:2015-08792

BDU:2015-08793

BDU:2015-08794

BDU:2015-09708

CESA-2012_1259

CVE-2012-0249

DSA-2459-1

RHSA-2012:1258

RHSA-2012:1259

RHSA-2012_1258

RHSA-2012_1259

SUSE-SU-2012_0706-1

Affected Products

Centos

Quagga

Red Hat

Suse

PT-2012-1080 · Quagga+3 · Quagga+3

CVE-2012-0249

Weakness Enumeration

Related Identifiers

Affected Products

References · 24