FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

quagga -- multiple vulnerabilities

Affected packages
quagga < 0.99.19

Details

VuXML ID ab9be2c8-ef91-11e0-ad5a-00215c6a37bb
Discovery 2011-09-26
Entry 2011-10-05

CERT-FI reports:

Five vulnerabilities have been found in the BGP, OSPF, and OSPFv3 components of Quagga. The vulnerabilities allow an attacker to cause a denial of service or potentially to execute his own code by sending a specially modified packets to an affected server. Routing messages are typically accepted from the routing peers. Exploiting these vulnerabilities may require an established routing session (BGP peering or OSPF/OSPFv3 adjacency) to the router.

The vulnerability CVE-2011-3327 is related to the extended communities handling in BGP messages. Receiving a malformed BGP update can result in a buffer overflow and disruption of IPv4 routing.

The vulnerability CVE-2011-3326 results from the handling of LSA (Link State Advertisement) states in the OSPF service. Receiving a modified Link State Update message with malicious state information can result in denial of service in IPv4 routing.

The vulnerability CVE-2011-3325 is a denial of service vulnerability related to Hello message handling by the OSPF service. As Hello messages are used to initiate adjacencies, exploiting the vulnerability may be feasible from the same broadcast domain without an established adjacency. A malformed packet may result in denial of service in IPv4 routing.

The vulnerabilities CVE-2011-3324 and CVE-2011-3323 are related to the IPv6 routing protocol (OSPFv3) implemented in ospf6d daemon. Receiving modified Database Description and Link State Update messages, respectively, can result in denial of service in IPv6 routing.

References

CVE Name CVE-2011-3323
CVE Name CVE-2011-3324
CVE Name CVE-2011-3325
CVE Name CVE-2011-3326
CVE Name CVE-2011-3327