Quagga < 0.99.20.1 Multiple Vulnerabilities

NASLDB: Quagga < 0.99.20.1 Multiple Vulnerabilities

General

ID: 59791
Name: Quagga < 0.99.20.1 Multiple Vulnerabilities

Summary: Check the version of Quagga

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Port: –
Family: Misc.
Type: Remote

Description

According to its self-reported version number, the installation of
Quagga listening on the remote host is affected by multiple
vulnerabilities :

– A buffer overflow vulnerability exists in OSPFD can be
triggered by a specially-crafted Link Status Update
message that is smaller than the length specified in
its header, leading to denial of service.
(CVE-2012-0249)

– A buffer overflow vulnerability in exists OSPFD can be
triggered by a specially-crafted Link Status Update
message containing a network-LSA link-state
advertisement for which the data-structure length is
smaller than the value in the Length header field,
leading to denial of service. (CVE-2012-0250)

– A denial of service vulnerability exists in BGPD that
can be triggered by a specially-crafted OPEN message
with a malformed four-octet AS Number Capability.
(CVE-2012-0250)