Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 597410 (CVE-2016-1245) - <net-misc/quagga-1.0.20160315-r4: Buffer Overflow in IPv6 RA handling (CVE-2016-1245)
Summary: <net-misc/quagga-1.0.20160315-r4: Buffer Overflow in IPv6 RA handling (CVE-20...
Status: RESOLVED FIXED
Alias: CVE-2016-1245
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: C2 [glsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2016-10-18 09:03 UTC by Agostino Sarubbo
Modified: 2017-01-21 05:49 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2016-10-18 09:03:18 UTC
From ${URL} :

A buffer overflow exists in the IPv6 (Router Advertisement) code in Zebra. The issue can be triggered on an IPv6 address where the Quagga daemon is 
reachable by a RA (Router Advertisement or IPv6 ICMP message. The issue leads to a crash of the zebra daemon. In specific circumstances this 
vulnerability may allow remote code execution.

Upstream patch:

https://github.com/Quagga/quagga/commit/cfb1fae25f8c092e0d17073eaf7bd428ce1cd546

References:

http://www.gossamer-threads.com/lists/quagga/users/31952

Workarounds:

Disable IPv6 neighbor discovery announcements on all interfaces ("ipv6 nd suppress-ra" configured under all interfaces).  Make sure to have it disabled 
on ALL interfaces.


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Sergey Popov gentoo-dev 2016-10-18 15:39:55 UTC
commit 5a041e0100b705ec223a925e656373b9b0e40fa7
Author: Sergey Popov <pinkbyte@gentoo.org>
Date:   Tue Oct 18 18:25:41 2016 +0300

    net-misc/quagga: revision bump

    Backport upstream security fix for stack overrun
    in IPv6 RA receive code in zebra daemon.

    Reported-by: Agostino Sarubbo <ago@gentoo.org>
    Gentoo-Bug: 597410

    Package-Manager: portage-2.3.2


Arches, please test and mark stable =net-misc/quagga-1.0.20160315-r4

Target keywords: alpha amd64 arm hppa ppc sparc x86
Comment 2 Agostino Sarubbo gentoo-dev 2016-10-19 10:27:26 UTC
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2016-10-19 10:28:48 UTC
x86 stable
Comment 4 Tobias Klausmann (RETIRED) gentoo-dev 2016-10-21 13:05:41 UTC
Stable on alpha.
Comment 5 Jeroen Roovers (RETIRED) gentoo-dev 2016-10-22 09:58:45 UTC
Stable for HPPA.
Comment 6 Markus Meier gentoo-dev 2016-10-26 16:37:08 UTC
arm stable
Comment 7 Sergey Popov gentoo-dev 2016-12-15 10:32:41 UTC
ppc/sparc stable

GLSA request filed
Comment 8 Thomas Deutschmann (RETIRED) gentoo-dev 2016-12-23 16:22:13 UTC
Changing rating to C2 to reflect that the default configuration is not affected, i.e. to be affected you have to turn on neighbor discovery by your own (see https://lists.quagga.net/pipermail/quagga-users/2016-October/014478.html).
Comment 9 GLSAMaker/CVETool Bot gentoo-dev 2017-01-21 05:49:49 UTC
This issue was resolved and addressed in
 GLSA 201701-48 at https://security.gentoo.org/glsa/201701-48
by GLSA coordinator Aaron Bauman (b-man).