CVE-2011-3323 – (ospf6d): Stack-based buffer overflow while decoding Link State Update packet with malformed Inter Area Prefix LSA
https://notcve.org/view.php?id=CVE-2011-3323
The OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a denial of service (out-of-bounds memory access and daemon crash) via a Link State Update message with an invalid IPv6 prefix length. La implementación de OSPFv3 en ospf6d en Quagga anteriores a v0.99.19 permite a atacantes remotos causar una denegación de servicio (acceso de memoria fuera de rango y la caída del demonio) a través de un mensaje de actualización de enlace del Estado con una longitud de prefijo IPv6 inválida. • http://code.quagga.net/?p=quagga.git%3Ba=commit%3Bh=abc7ef44ca05493500865ce81f7b84f5c4eb6594 http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html http://rhn.redhat.com/errata/RHSA-2012-1258.html http://rhn.redhat.com/errata/RHSA-2012-1259.html http://secun • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVE-2011-3325 – (ospfd): Denial of service by decoding too short Hello packet or Hello packet with invalid OSPFv2 header type
https://notcve.org/view.php?id=CVE-2011-3325
ospf_packet.c in ospfd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) via (1) a 0x0a type field in an IPv4 packet header or (2) a truncated IPv4 Hello packet. ospf_packet.c en ospfd en Quagga anterior a v0.99.19 permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través (1) un tipo de campo 0x0a en una cabecera del paquete en IPv4 o (2) un paquete Hello IPv4 truncado. • http://code.quagga.net/?p=quagga.git%3Ba=commit%3Bh=61ab0301606053192f45c188bc48afc837518770 http://code.quagga.net/?p=quagga.git%3Ba=commit%3Bh=717750433839762d23a5f8d88fe0b4d57c8d490a http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html http://rhn.redhat.com/errata/RHSA • CWE-399: Resource Management Errors •
CVE-2011-3324 – (ospf6d): Denial of service by decoding malformed Database Description packet headers
https://notcve.org/view.php?id=CVE-2011-3324
The ospf6_lsa_is_changed function in ospf6_lsa.c in the OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via trailing zero values in the Link State Advertisement (LSA) header list of an IPv6 Database Description message. La función ospf6_lsa_is_changed en ospf6_lsa.c en la ejecución de OSPFv3 en ospf6d en Quagga anteriores a v0.99.19 permite a atacantes remotos causar una denegación de servicio (error de aserción y caída del demonio) a través de la inclusión de valores cero en la cabecera de la lista del Link State Advertisement (LSA) de una descripción de mensaje de base de datos. • http://code.quagga.net/?p=quagga.git%3Ba=commit%3Bh=09395e2a0e93b2cf4258cb1de91887948796bb68 http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html http://rhn.redhat.com/errata/RHSA-2012-1258.html http://rhn.redhat.com/errata/RHSA-2012-1259.html http://secun • CWE-399: Resource Management Errors •
CVE-2010-1674 – quagga: DoS (crash) by processing malformed extended community attribute in a route
https://notcve.org/view.php?id=CVE-2010-1674
The extended-community parser in bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed Extended Communities attribute. El parser "extended-community" de bgpd de Quagga en versiones anteriores a la 0.99.18 permite a atacantes remotos provocar una denegación de servicio (resolución de puntero NULL y caída de la aplicación) a través de un atributo "Extended Communities" mal formado. • http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html http://rhn.redhat.com/errata/RHSA-2012-1258.html http://secunia.com/advisories/43499 http://secunia.com/advisories/43770 http://secunia.com/advisories/48106 http://security.gentoo.org/glsa/glsa-201202-02.xml http://www.debian.org/security/2011/dsa-2197 http://www.mandriva.com/security/advisories?name=MDVSA-2011:058 http://www.o •
CVE-2010-1675 – quagga: BGP session reset by processing BGP Update message with malformed AS-path attributes
https://notcve.org/view.php?id=CVE-2010-1675
bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (session reset) via a malformed AS_PATHLIMIT path attribute. bgpd de Quagga en versiones anteriores a la 0.99.18 permite a atacantes remotos provocar una denegación de servicio (reinicio de la sesión) a traés de un atributo de ruta AS_PATHLIMIT mal formado. • http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html http://secunia.com/advisories/43499 http://secunia.com/advisories/43770 http://secunia.com/advisories/48106 http://security.gentoo.org/glsa/glsa-201202-02.xml http://www.debian.org/security/2011/dsa-2197 http://www.mandriva.com/security/advisories?name=MDVSA-2011:058 http://www.osvdb.org/71258 http://www.quagga.net/news2.php?y& • CWE-399: Resource Management Errors •