CVE-2013-6051
https://notcve.org/view.php?id=CVE-2013-6051
The bgp_attr_unknown function in bgp_attr.c in Quagga 0.99.21 does not properly initialize the total variable, which allows remote attackers to cause a denial of service (bgpd crash) via a crafted BGP update. La función bgp_attr_unknown en bgp_attr.c en Quagga 0.99.21 no inicializa correctamente la variable total, lo que permite a atacantes remotos provocar una denegación de servicio (caída bgpd) a través de una actualización manipulada de BGP. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730513 http://git.savannah.gnu.org/gitweb/?p=quagga.git%3Ba=commitdiff%3Bh=8794e8d229dc9fe29ea31424883433d4880ef408 http://www.debian.org/security/2013/dsa-2803 •
CVE-2013-2236 – Quagga: OSPFD Potential remote code exec (stack based buffer overflow)
https://notcve.org/view.php?id=CVE-2013-2236
Stack-based buffer overflow in the new_msg_lsa_change_notify function in the OSPFD API (ospf_api.c) in Quagga before 0.99.22.2, when --enable-opaque-lsa and the -a command line option are used, allows remote attackers to cause a denial of service (crash) via a large LSA. Desbordamiento de pila en la función new_msg_lsa_change_notify en OSPFD API (ospf_api.c) anterior a 0.99.222, cuando las opciones de línea de comandos --enable-opaque-lsa y -a son utilizadas, permite a atacantes rmeotos causar una denegación de servicio (crash) a través de un LSA grande. A stack-based buffer overflow flaw was found in the way the Quagga OSPFD daemon handled LSA (link-state advertisement) packets. A remote attacker could use this flaw to crash the ospfd daemon resulting in denial of service. • http://git.savannah.gnu.org/gitweb/?p=quagga.git%3Ba=commitdiff%3Bh=3f872fe60463a931c5c766dbf8c36870c0023e88 http://lists.quagga.net/pipermail/quagga-dev/2013-July/010622.html http://nongnu.mirrors.hostinginnederland.nl//quagga/quagga-0.99.22.3.changelog.txt http://rhn.redhat.com/errata/RHSA-2017-0794.html http://seclists.org/oss-sec/2013/q3/24 http://www.debian.org/security/2013/dsa-2803 http://www.securityfocus.com/bid/60955 http://www.ubuntu.com/usn/USN-2941-1 https:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVE-2012-1820 – (bgpd): Assertion failure by processing BGP OPEN message with malformed ORF capability TLV (VU#962587)
https://notcve.org/view.php?id=CVE-2012-1820
The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering (ORF) capability TLV in an OPEN message. La función bgp_capability_orf de bgpd de Quagga 0.99.20.1 y anteriores permite a atacantes remotos provocar una denegación de servicio (fallo de aserción y finalización del demonio) basándose en una relación "BGP peering" y enviando información mal formada de "Outbound Route Filtering (ORF) capability TLV" en un mensaje OPEN. • http://rhn.redhat.com/errata/RHSA-2012-1259.html http://secunia.com/advisories/50941 http://www.debian.org/security/2012/dsa-2497 http://www.kb.cert.org/vuls/id/962587 http://www.securityfocus.com/bid/53775 http://www.ubuntu.com/usn/USN-1605-1 https://access.redhat.com/security/cve/CVE-2012-1820 https://bugzilla.redhat.com/show_bug.cgi?id=817580 •
CVE-2012-0250 – (ospfd): Crash by processing LS-Update OSPF packet due improper length check of the Network-LSA structures
https://notcve.org/view.php?id=CVE-2012-0250
Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (daemon crash) via a Link State Update (aka LS Update) packet containing a network-LSA link-state advertisement for which the data-structure length is smaller than the value in the Length header field. Desbordamiento de búfer en la implementación de OSPFv2 en ospfd en Quagga antes de v0.99.20.1 permite a atacantes remotos causar una denegación de servicio (caída del demonio) a través de un paquete de actualización de estado de enlace (también conocido como LS Update) que contiene una anuncio de estado de enlace de una red LSA de longitud es menor que el valor en el campo longitud de la cabecera. • http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078794.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078910.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078926.html http://rhn.redhat.com/errata/RHSA-2012-1258.html http://rhn.redhat.com/errata/RHSA-2012-1259.html http://secunia.com/advisories/48949 http://www.debian.org/security/2012/dsa-2459 http://www.kb.cert.org/vuls/id/551715 https://access.redhat.com& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2012-0255 – (bgpd): Assertion failure by processing malformed AS4 capability in BGP OPEN message
https://notcve.org/view.php?id=CVE-2012-0255
The BGP implementation in bgpd in Quagga before 0.99.20.1 does not properly use message buffers for OPEN messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a message associated with a malformed Four-octet AS Number Capability (aka AS4 capability). La implementación de BGP en bgpd en Quagga antes v0.99.20.1 no utiliza adecuadamente los búferes de mensajes para los mensajes marcados como OPEN, lo que permite a atacantes remotos provocar una denegación de servicio (error de aserción y salida del demonio) a través de un mensaje asociado con un ASN de cuatro octetos mal formado(también conocido como funcionalidad AS4). • http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078794.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078910.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078926.html http://rhn.redhat.com/errata/RHSA-2012-1259.html http://secunia.com/advisories/48949 http://www.debian.org/security/2012/dsa-2459 http://www.kb.cert.org/vuls/id/551715 https://access.redhat.com/security/cve/CVE-2012-0255 https://bugzilla.redhat • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •