Red Hat Local Security Checks : RedHat Security Advisory RHSA-2011:0406

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.69387

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2011:0406

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing updates announced in
advisory RHSA-2011:0406.

Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon
implements the BGP (Border Gateway Protocol) routing protocol.

A denial of service flaw was found in the way the Quagga bgpd daemon
processed certain route metrics information. A BGP message with a
specially-crafted path limit attribute would cause the bgpd daemon to reset
its session with the peer through which this message was received.
(CVE-2010-1675)

A NULL pointer dereference flaw was found in the way the Quagga bgpd daemon
processed malformed route extended communities attributes. A configured BGP
peer could crash bgpd on a target system via a specially-crafted BGP
message. (CVE-2010-1674)

Users of quagga should upgrade to these updated packages, which contain
backported patches to correct these issues. After installing the updated
packages, the bgpd daemon must be restarted for the update to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2011-0406.html

Risk factor : Medium

CVSS Score:
5.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-1674
BugTraq ID: 46942
http://www.securityfocus.com/bid/46942
Debian Security Information: DSA-2197 (Google Search)
http://www.debian.org/security/2011/dsa-2197
http://security.gentoo.org/glsa/glsa-201202-02.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2011:058
http://www.osvdb.org/71259
RedHat Security Advisories: RHSA-2012:1258
http://rhn.redhat.com/errata/RHSA-2012-1258.html
http://secunia.com/advisories/43499
http://secunia.com/advisories/43770
http://secunia.com/advisories/48106
SuSE Security Announcement: SUSE-SR:2011:005 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
SuSE Security Announcement: SUSE-SU-2011:1316 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html
http://www.vupen.com/english/advisories/2011/0711
XForce ISS Database: quagga-community-dos(66211)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66211
Common Vulnerability Exposure (CVE) ID: CVE-2010-1675
BugTraq ID: 46943
http://www.securityfocus.com/bid/46943
http://www.osvdb.org/71258
XForce ISS Database: quagga-aspath-dos(66212)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66212

Copyright Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.69387
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2011:0406
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2011:0406. Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP (Border Gateway Protocol) routing protocol. A denial of service flaw was found in the way the Quagga bgpd daemon processed certain route metrics information. A BGP message with a specially-crafted path limit attribute would cause the bgpd daemon to reset its session with the peer through which this message was received. (CVE-2010-1675) A NULL pointer dereference flaw was found in the way the Quagga bgpd daemon processed malformed route extended communities attributes. A configured BGP peer could crash bgpd on a target system via a specially-crafted BGP message. (CVE-2010-1674) Users of quagga should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the bgpd daemon must be restarted for the update to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2011-0406.html Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-1674 BugTraq ID: 46942 http://www.securityfocus.com/bid/46942 Debian Security Information: DSA-2197 (Google Search) http://www.debian.org/security/2011/dsa-2197 http://security.gentoo.org/glsa/glsa-201202-02.xml http://www.mandriva.com/security/advisories?name=MDVSA-2011:058 http://www.osvdb.org/71259 RedHat Security Advisories: RHSA-2012:1258 http://rhn.redhat.com/errata/RHSA-2012-1258.html http://secunia.com/advisories/43499 http://secunia.com/advisories/43770 http://secunia.com/advisories/48106 SuSE Security Announcement: SUSE-SR:2011:005 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html SuSE Security Announcement: SUSE-SU-2011:1316 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html http://www.vupen.com/english/advisories/2011/0711 XForce ISS Database: quagga-community-dos(66211) https://exchange.xforce.ibmcloud.com/vulnerabilities/66211 Common Vulnerability Exposure (CVE) ID: CVE-2010-1675 BugTraq ID: 46943 http://www.securityfocus.com/bid/46943 http://www.osvdb.org/71258 XForce ISS Database: quagga-aspath-dos(66212) https://exchange.xforce.ibmcloud.com/vulnerabilities/66212
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com