CVE-2012-1820

Related Files

Gentoo Linux Security Advisory 201310-08

Posted Oct 10, 2013

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201310-8 - Multiple vulnerabilities have been found in Quagga, the worst of which could lead to arbitrary code execution. Versions less than 0.99.22.4 are affected.

tags | advisory, arbitrary, vulnerability, code execution

systems | linux, gentoo

advisories | CVE-2012-0249, CVE-2012-0250, CVE-2012-0255, CVE-2012-1820, CVE-2013-2236

SHA-256 | ba9ca5c17e84ebeec9337e6ffbaa556d3fbe8194187caaf3a58902d40d14f254

Download | Favorite | View

Mandriva Linux Security Advisory 2013-122

Posted Apr 11, 2013

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-122 - The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering capability TLV in an OPEN message.

tags | advisory, remote, denial of service

systems | linux, mandriva

advisories | CVE-2012-1820

SHA-256 | a11d5de4264422bd1678721a17075a12eb70630d8621527a727b57c10af89492

Download | Favorite | View

Ubuntu Security Notice USN-1605-1

Posted Oct 12, 2012

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1605-1 - It was discovered that Quagga incorrectly handled certain malformed messages. A remote attacker could use this flaw to cause Quagga to crash, resulting in a denial of service.

tags | advisory, remote, denial of service

systems | linux, ubuntu

advisories | CVE-2012-1820

SHA-256 | 4cbd744f767a7f2c0d9f0d5fb600e54e33cb368e5875c40aeff2ec2ce54426d1

Download | Favorite | View

Red Hat Security Advisory 2012-1259-01

Posted Sep 12, 2012

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1259-01 - Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP routing protocol. The Quagga ospfd and ospf6d daemons implement the OSPF routing protocol. A heap-based buffer overflow flaw was found in the way the bgpd daemon processed malformed Extended Communities path attributes. An attacker could send a specially-crafted BGP message, causing bgpd on a target system to crash or, possibly, execute arbitrary code with the privileges of the user running bgpd. The UPDATE message would have to arrive from an explicitly configured BGP peer, but could have originated elsewhere in the BGP network.

tags | advisory, overflow, arbitrary, tcp, protocol

systems | linux, redhat

advisories | CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, CVE-2011-3326, CVE-2011-3327, CVE-2012-0249, CVE-2012-0250, CVE-2012-0255, CVE-2012-1820

SHA-256 | 37b20bb55b5cac2a78ef3d512a2dcd040a9fa6e30e2802150f11501eda2c1742

Download | Favorite | View

Debian Security Advisory 2497-1

Posted Jun 21, 2012

Authored by Debian | Site debian.org

Debian Linux Security Advisory 2497-1 - It was discovered that Quagga, a routing daemon, contains a vulnerability in processing the ORF capability in BGP OPEN messages. A malformed OPEN message from a previously configured BGP peer could cause bgpd to crash, causing a denial of service.

tags | advisory, denial of service

systems | linux, debian

advisories | CVE-2012-1820

SHA-256 | 767d155bcdfd3b4f54914b90d6d6c4d6892ecd75f4ed52e90b949e54eecb66d3

Download | Favorite | View