| Summary: | <net-misc/quagga-1.0.20160315-r4: Buffer Overflow in IPv6 RA handling (CVE-2016-1245) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | pinkbyte |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1386109 | ||
| Whiteboard: | C2 [glsa cve] | ||
| Package list: | Runtime testing required: | --- | |
commit 5a041e0100b705ec223a925e656373b9b0e40fa7 Author: Sergey Popov <pinkbyte@gentoo.org> Date: Tue Oct 18 18:25:41 2016 +0300 net-misc/quagga: revision bump Backport upstream security fix for stack overrun in IPv6 RA receive code in zebra daemon. Reported-by: Agostino Sarubbo <ago@gentoo.org> Gentoo-Bug: 597410 Package-Manager: portage-2.3.2 Arches, please test and mark stable =net-misc/quagga-1.0.20160315-r4 Target keywords: alpha amd64 arm hppa ppc sparc x86 amd64 stable x86 stable Stable on alpha. Stable for HPPA. arm stable ppc/sparc stable GLSA request filed Changing rating to C2 to reflect that the default configuration is not affected, i.e. to be affected you have to turn on neighbor discovery by your own (see https://lists.quagga.net/pipermail/quagga-users/2016-October/014478.html). This issue was resolved and addressed in GLSA 201701-48 at https://security.gentoo.org/glsa/201701-48 by GLSA coordinator Aaron Bauman (b-man). |
From ${URL} : A buffer overflow exists in the IPv6 (Router Advertisement) code in Zebra. The issue can be triggered on an IPv6 address where the Quagga daemon is reachable by a RA (Router Advertisement or IPv6 ICMP message. The issue leads to a crash of the zebra daemon. In specific circumstances this vulnerability may allow remote code execution. Upstream patch: https://github.com/Quagga/quagga/commit/cfb1fae25f8c092e0d17073eaf7bd428ce1cd546 References: http://www.gossamer-threads.com/lists/quagga/users/31952 Workarounds: Disable IPv6 neighbor discovery announcements on all interfaces ("ipv6 nd suppress-ra" configured under all interfaces). Make sure to have it disabled on ALL interfaces. @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.