Quagga < 0.99.19 Multiple Vulnerabilities

NASLDB: Quagga < 0.99.19 Multiple Vulnerabilities

General

ID: 59790
Name: Quagga < 0.99.19 Multiple Vulnerabilities

Summary: Check the version of Quagga

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Port: –
Family: Misc.
Type: Remote

Description

According to its self-reported version number, the installation of
Quagga listening on the remote host is affected by multiple
vulnerabilities :

– A denial of service vulnerability in OSPF6D can be
triggered by a specially-crafted Link Status Update
message with an invalid IPv6 prefix length.
(CVE-2011-3323)

– A denial of service vulnerability in OSPF6D can be
triggered by a specially-crafted IPv6 Database
Description message with trailing zero values in the
Link State Advertisement header list. (CVE-2011-3324)

– A denial of service vulnerability in OSPFD can be
triggered by a 0×0A type field in an IPv4 packet header
or a truncated IPv4 Hello packet. (CVE-2011-3325)

– A denial of service vulnerability in OSPFD can be
triggered by a specially-crafted IPv4 Link State Update
message with an invalid Link State Advertisement type.
(CVE-2011-3326)

– A heap-based buffer overflow in BGPD can be triggered by
a specially-crafted UPDATE message over IPv4.
(CVE-2011-3326)