quagga: Moderate security update

Users of quagga please be advised of a Moderate security update that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

RHSA-2010:0785-01: [RHSA-2010:0785-01] Moderate: quagga security update
Description:

Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon

implements the BGP (Border Gateway Protocol) routing protocol.

A stack-based buffer overflow flaw was found in the way the Quagga bgpd

daemon processed certain BGP Route Refresh (RR) messages. A configured BGP

peer could send a specially-crafted BGP message, causing bgpd on a target

system to crash or, possibly, execute arbitrary code with the privileges of

the user running bgpd. (CVE-2010-2948)

Note: On Red Hat Enterprise Linux 5 it is not possible to exploit

CVE-2010-2948 to run arbitrary code as the overflow is blocked by

FORTIFY_SOURCE.

Multiple NULL pointer dereference flaws were found in the way the Quagga

bgpd daemon processed certain specially-crafted BGP messages. A configured

BGP peer could crash bgpd on a target system via specially-crafted BGP

messages. (CVE-2007-4826)Read more at http://www.criticalwatch.com

 

Advertisements