Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 443026 (CVE-2012-5521) - net-misc/quagga: Assertion failure when removing routes (CVE-2012-5521)
Summary: net-misc/quagga: Assertion failure when removing routes (CVE-2012-5521)
Status: RESOLVED WONTFIX
Alias: CVE-2012-5521
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: http://www.openwall.com/lists/oss-sec...
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2012-11-13 23:44 UTC by Sean Amoss (RETIRED)
Modified: 2018-01-30 00:51 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sean Amoss (RETIRED) gentoo-dev Security 2012-11-13 23:44:33 UTC
From the oss-security mailing list at $URL:

  Marco d'Itri in Debian bug [1] has reported the following deficiency,
being present in 0.99.21 and possibly earlier versions of the Quagga 
routing suite:

A denial of service flaw was found in the way Quagga's ospf6d daemon
performed routes removal. In certain circumstances when removing the
route the ospf6d daemon terminated with assertion failure when trying
to determine / find, which route to remove. An OSPF6 router could use
this flaw to cause ospf6d on an adjacent router to abort.

References:
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693102
[2] https://bugzilla.redhat.com/show_bug.cgi?id=876197

Upstream bug report:
[3] https://bugzilla.quagga.net/show_bug.cgi?id=747
Comment 1 Sergey Popov gentoo-dev 2013-04-02 16:34:21 UTC
This issue is not fixed with 0.99.22, as upstream says
Comment 2 Sergey Popov gentoo-dev 2015-07-23 14:07:21 UTC
still not fixed in 0.99.24.1 :-(
Comment 3 Michael Boyle 2017-06-14 02:34:29 UTC
@maintainers is this bug stable? Can we send to glsa?

Mike Boyle
Security Padawan
Comment 4 Sergey Popov gentoo-dev 2017-07-03 07:38:39 UTC
No, this is still not fixed upstream
Comment 5 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2018-01-30 00:51:27 UTC
Still nothing from the original reporter following multiple releases of quagga and questions from upstream. Upstream is unable to produce still.  Minimal security impact.