CVE-2016-1245

quagga: Buffer Overflow in IPv6 RA handling

Severity Score

9.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size; however, BUFSIZ is system-dependent.

Se descubrió que el demonio zebra en Quagga en versiones anteriores a 1.0.20161017 sufrió un desbordamiento de búfer basado en pila al procesar mensajes de Neighbor Discovery de IPv6. La causa raíz radicaba en BUFSIZ para ser compatible con un tamaño de mensaje; sin embargo, BUFSIZ depende del sistema.

A stack-based buffer overflow flaw was found in the way Quagga handled IPv6 router advertisement messages. A remote attacker could use this flaw to crash the zebra daemon resulting in denial of service.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2015-12-27 CVE Reserved
2016-10-19 CVE Published
2023-03-07 EPSS Updated
2024-08-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-121: Stack-based Buffer Overflow

CAPEC

References (8)

URL	Tag	Source
http://www.gossamer-threads.com/lists/quagga/users/31952	Mailing List
http://www.securityfocus.com/bid/93775	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://github.com/Quagga/quagga/commit/cfb1fae25f8c092e0d17073eaf7bd428ce1cd546	2018-01-05

URL	Date	SRC
http://rhn.redhat.com/errata/RHSA-2017-0794.html	2018-01-05
https://bugzilla.redhat.com/show_bug.cgi?id=1386109	2017-03-21
https://security.gentoo.org/glsa/201701-48	2018-01-05
https://www.debian.org/security/2016/dsa-3695	2018-01-05
https://access.redhat.com/security/cve/CVE-2016-1245	2017-03-21

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Quagga Search vendor "Quagga"		Quagga Search vendor "Quagga" for product "Quagga"				<= 1.0.20160315 Search vendor "Quagga" for product "Quagga" and version " <= 1.0.20160315"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0"		-		Affected