Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 408507 (CVE-2012-0249) - <net-misc/quagga-0.99.21: Multiple Vulnerabilities (CVE-2012-{0249,0250,0255,1820})
Summary: <net-misc/quagga-0.99.21: Multiple Vulnerabilities (CVE-2012-{0249,0250,0255,...
Status: RESOLVED FIXED
Alias: CVE-2012-0249
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: https://secunia.com/advisories/48388/
Whiteboard: B3 [glsa]
Keywords:
Depends on: 446289 446346
Blocks:
  Show dependency tree
 
Reported: 2012-03-16 15:58 UTC by Agostino Sarubbo
Modified: 2013-10-10 12:08 UTC (History)
7 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2012-03-16 15:58:49 UTC
From secunia security advisory at $URL:

Description:
1) Two errors exist within ospfd. No further information is currently available.

2) An error within the "bgp_open_receive()" function (bgpd/bgp_packet.c) when parsing a peer input stream can be exploited to trigger an assertion and cause a crash.

The vulnerabilities are reported in versions prior to 0.99.20.1.


Solution:
Update to version 0.99.20.1.
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2012-04-10 21:25:18 UTC
CVE-2012-0255 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0255):
  The BGP implementation in bgpd in Quagga before 0.99.20.1 does not properly
  use message buffers for OPEN messages, which allows remote attackers to
  cause a denial of service (assertion failure and daemon exit) via a message
  associated with a malformed Four-octet AS Number Capability (aka AS4
  capability).

CVE-2012-0250 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0250):
  Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before
  0.99.20.1 allows remote attackers to cause a denial of service (daemon
  crash) via a Link State Update (aka LS Update) packet containing a
  network-LSA link-state advertisement for which the data-structure length is
  smaller than the value in the Length header field.

CVE-2012-0249 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0249):
  Buffer overflow in the ospf_ls_upd_list_lsa function in ospf_packet.c in the
  OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote
  attackers to cause a denial of service (assertion failure and daemon exit)
  via a Link State Update (aka LS Update) packet that is smaller than the
  length specified in its header.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2012-06-15 19:11:44 UTC
CVE-2012-1820 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1820):
  The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier
  allows remote attackers to cause a denial of service (assertion failure and
  daemon exit) by leveraging a BGP peering relationship and sending a
  malformed Outbound Route Filtering (ORF) capability TLV in an OPEN message.
Comment 3 Sergey Popov gentoo-dev Security 2012-12-05 08:05:54 UTC
0.99.21 is in tree now.

Arches, please test and mark stable =net-misc/quagga-0.99.21

Target keywords: alpha amd64 arm hppa ppc s390 sparc x86
Comment 4 Jeroen Roovers gentoo-dev 2012-12-05 17:04:21 UTC
Please get rid of USE=logrotate (see bug #198901).
Comment 5 Jeroen Roovers gentoo-dev 2012-12-05 17:07:25 UTC
(In reply to comment #4)
> Please get rid of USE=logrotate (see bug #198901).

Fixed that.
Comment 6 Jeroen Roovers gentoo-dev 2012-12-05 23:53:10 UTC
Stable for HPPA.
Comment 7 Agostino Sarubbo gentoo-dev 2012-12-07 10:25:05 UTC
since there are at least 2 compile failures, I'm wondering on how hppa has tested it.
Comment 8 Agostino Sarubbo gentoo-dev 2012-12-08 12:23:22 UTC
amd64 stable
Comment 9 Agostino Sarubbo gentoo-dev 2012-12-08 12:23:49 UTC
x86 stable
Comment 10 Raúl Porcel (RETIRED) gentoo-dev 2012-12-15 20:14:05 UTC
alpha/arm/s390/sparc stable
Comment 11 Agostino Sarubbo gentoo-dev 2012-12-22 15:20:44 UTC
ppc stable
Comment 12 Sean Amoss gentoo-dev Security 2012-12-23 00:18:15 UTC
Thanks, everyone.

GLSA vote: yes.
Comment 13 Tim Sammut (RETIRED) gentoo-dev 2013-01-02 19:09:02 UTC
GLSA Vote: yes, too. New GLSA request filed.
Comment 14 GLSAMaker/CVETool Bot gentoo-dev 2013-10-10 12:08:06 UTC
This issue was resolved and addressed in
 GLSA 201310-08 at http://security.gentoo.org/glsa/glsa-201310-08.xml
by GLSA coordinator Sean Amoss (ackle).