Computer Security
[EN] securityvulns.ru no-pyccku


quagga security vulnerabilities
Published:01.12.2013
Source:
SecurityVulns ID:13436
Type:remote
Threat Level:
8/10
Description:OSPF parsing buffer overflow, BGP DoS.
Affected:QUAGGA : quagga 0.99
CVE:CVE-2013-6051 (The bgp_attr_unknown function in bgp_attr.c in Quagga 0.99.21 does not properly initialize the total variable, which allows remote attackers to cause a denial of service (bgpd crash) via a crafted BGP update.)
 CVE-2013-2236 (Stack-based buffer overflow in the new_msg_lsa_change_notify function in the OSPFD API (ospf_api.c) in Quagga before 0.99.22.2, when --enable-opaque-lsa and the -a command line option are used, allows remote attackers to cause a denial of service (crash) via a large LSA.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2803-1] quagga security update (01.12.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod