 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.70412 |
| Kategorie: | FreeBSD Local Security Checks |
| Titel: | FreeBSD Ports: quagga |
| Zusammenfassung: | The remote host is missing an update to the system; as announced in the referenced advisory. |
| Beschreibung: | Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: quagga CVE-2011-3323 The OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a denial of service (out-of-bounds memory access and daemon crash) via a Link State Update message with an invalid IPv6 prefix length. CVE-2011-3324 The ospf6_lsa_is_changed function in ospf6_lsa.c in the OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via trailing zero values in the Link State Advertisement (LSA) header list of an IPv6 Database Description message. CVE-2011-3325 ospf_packet.c in ospfd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) via (1) a 0x0a type field in an IPv4 packet header or (2) a truncated IPv4 Hello packet. CVE-2011-3326 The ospf_flood function in ospf_flood.c in ospfd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) via an invalid Link State Advertisement (LSA) type in an IPv4 Link State Update message. CVE-2011-3327 Heap-based buffer overflow in the ecommunity_ecom2str function in bgp_ecommunity.c in bgpd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by sending a crafted BGP UPDATE message over IPv4. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2011-3323 CERT/CC vulnerability note: VU#668534 http://www.kb.cert.org/vuls/id/668534 Debian Security Information: DSA-2316 (Google Search) http://www.debian.org/security/2011/dsa-2316 http://security.gentoo.org/glsa/glsa-201202-02.xml https://www.cert.fi/en/reports/2011/vulnerability539178.html RedHat Security Advisories: RHSA-2012:1258 http://rhn.redhat.com/errata/RHSA-2012-1258.html RedHat Security Advisories: RHSA-2012:1259 http://rhn.redhat.com/errata/RHSA-2012-1259.html http://secunia.com/advisories/46139 http://secunia.com/advisories/46274 http://secunia.com/advisories/48106 SuSE Security Announcement: SUSE-SU-2011:1075 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00027.html SuSE Security Announcement: SUSE-SU-2011:1171 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00010.html SuSE Security Announcement: SUSE-SU-2011:1316 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html SuSE Security Announcement: openSUSE-SU-2011:1155 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00007.html Common Vulnerability Exposure (CVE) ID: CVE-2011-3324 Common Vulnerability Exposure (CVE) ID: CVE-2011-3325 Common Vulnerability Exposure (CVE) ID: CVE-2011-3326 Common Vulnerability Exposure (CVE) ID: CVE-2011-3327 |
| Copyright | Copyright (C) 2011 E-Soft Inc. |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |