Users of quagga please be advised of a Moderate security update that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
RHSA-2010:0785-01: [RHSA-2010:0785-01] Moderate: quagga security update
Description:
Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon
implements the BGP (Border Gateway Protocol) routing protocol.
A stack-based buffer overflow flaw was found in the way the Quagga bgpd
daemon processed certain BGP Route Refresh (RR) messages. A configured BGP
peer could send a specially-crafted BGP message, causing bgpd on a target
system to crash or, possibly, execute arbitrary code with the privileges of
the user running bgpd. (CVE-2010-2948)
Note: On Red Hat Enterprise Linux 5 it is not possible to exploit
CVE-2010-2948 to run arbitrary code as the overflow is blocked by
FORTIFY_SOURCE.
Multiple NULL pointer dereference flaws were found in the way the Quagga
bgpd daemon processed certain specially-crafted BGP messages. A configured
BGP peer could crash bgpd on a target system via specially-crafted BGP
messages. (CVE-2007-4826)Read more at www.criticalwatch.com
See this Amp at http://amplify.com/u/drgo
No comments:
Post a Comment