VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2010-2948
quagga_routing_software_suite: Stack-based buffer overflow in the bgp_route_refres...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2948

Original

Stack-based buffer overflow in the bgp_route_refresh_receive function in bgp_packet.c in bgpd in Quagga before 0.99.17 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a malformed Outbound Route Filtering (ORF) record in a BGP ROUTE-REFRESH (RR) message.

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-09-10
Source Information Category:
Advisory, Alert
Last Updated:
2010-09-13




Affected Product Tags
cpe:/a:quagga:quagga_routing_software_suite:0.95
cpe:/a:quagga:quagga_routing_software_suite:0.96.2
cpe:/a:quagga:quagga_routing_software_suite:0.96.3
cpe:/a:quagga:quagga_routing_software_suite:0.98.5
cpe:/a:quagga:quagga_routing_software_suite:0.98.6
cpe:/a:quagga:quagga_routing_software_suite:0.99.1
cpe:/a:quagga:quagga_routing_software_suite:0.99.10
cpe:/a:quagga:quagga_routing_software_suite:0.99.11
cpe:/a:quagga:quagga_routing_software_suite:0.99.12
cpe:/a:quagga:quagga_routing_software_suite:0.99.13
cpe:/a:quagga:quagga_routing_software_suite:0.99.14
cpe:/a:quagga:quagga_routing_software_suite:0.99.15
cpe:/a:quagga:quagga_routing_software_suite:0.99.16 and previous versions
cpe:/a:quagga:quagga_routing_software_suite:0.99.3
cpe:/a:quagga:quagga_routing_software_suite:0.99.4
cpe:/a:quagga:quagga_routing_software_suite:0.99.5
cpe:/a:quagga:quagga_routing_software_suite:0.99.6
cpe:/a:quagga:quagga_routing_software_suite:0.99.7
cpe:/a:quagga:quagga_routing_software_suite:0.99.8
cpe:/a:quagga:quagga_routing_software_suite:0.99.9
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

Local [?]
Adjacent Network [?]
X Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
Medium [?]
X Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
X Single [?]
None [?]
[Confidentiality Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
[Integrity Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
[Availability Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
Alternatives




References
BID 42635




CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=626783




CONFIRM http://www.quagga.net/news2.php?y=2010&m=8&d=19




CONFIRM http://code.quagga.net/?p=quagga.git;a=commit;h=d64379e8f3c0636df53ed08d5b2f1946cfedd0e3




DEBIAN DSA-2104




MLIST [oss-security] 20100825 Re: CVE Request -- Quagga (bgpd) [two ids] -- 1, Stack buffer overflow by processing crafted Refresh-Route msgs 2, NULL ptr deref by parsing certain AS paths by BGP update request




MLIST [oss-security] 20100824 CVE Request -- Quagga (bgpd) [two ids] -- 1, Stack buffer overflow by processing crafted Refresh-Route msgs 2, NULL ptr deref by parsing certain AS paths by BGP update request




SECUNIA 41238




SECUNIA 41038




VUPEN ADV-2010-2304




Vulnerability Type Buffer Errors (CWE-119)




Copyright © 2010 JPCERT/CC All Rights Reserved.