FreeBSD Local Security Checks : FreeBSD Ports: quagga

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.71290

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: quagga

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following packages are affected:

quagga
quagga-re

CVE-2012-0249
Buffer overflow in the ospf_ls_upd_list_lsa function in ospf_packet.c
in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1
allows remote attackers to cause a denial of service (assertion
failure and daemon exit) via a Link State Update (aka LS Update)
packet that is smaller than the length specified in its header.
CVE-2012-0250
Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before
0.99.20.1 allows remote attackers to cause a denial of service (daemon
crash) via a Link State Update (aka LS Update) packet containing a
network-LSA link-state advertisement for which the data-structure
length is smaller than the value in the Length header field.
CVE-2012-0255
The BGP implementation in bgpd in Quagga before 0.99.20.1 does not
properly use message buffers for OPEN messages, which allows remote
attackers to cause a denial of service (assertion failure and daemon
exit) via a message associated with a malformed Four-octet AS Number
Capability (aka AS4 capability).

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-0249
CERT/CC vulnerability note: VU#551715
http://www.kb.cert.org/vuls/id/551715
Debian Security Information: DSA-2459 (Google Search)
http://www.debian.org/security/2012/dsa-2459
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078794.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078910.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078926.html
RedHat Security Advisories: RHSA-2012:1258
http://rhn.redhat.com/errata/RHSA-2012-1258.html
RedHat Security Advisories: RHSA-2012:1259
http://rhn.redhat.com/errata/RHSA-2012-1259.html
http://secunia.com/advisories/48949
Common Vulnerability Exposure (CVE) ID: CVE-2012-0250
Common Vulnerability Exposure (CVE) ID: CVE-2012-0255

Copyright Copyright (C) 2012 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.71290
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: quagga
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following packages are affected: quagga quagga-re CVE-2012-0249 Buffer overflow in the ospf_ls_upd_list_lsa function in ospf_packet.c in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a Link State Update (aka LS Update) packet that is smaller than the length specified in its header. CVE-2012-0250 Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (daemon crash) via a Link State Update (aka LS Update) packet containing a network-LSA link-state advertisement for which the data-structure length is smaller than the value in the Length header field. CVE-2012-0255 The BGP implementation in bgpd in Quagga before 0.99.20.1 does not properly use message buffers for OPEN messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a message associated with a malformed Four-octet AS Number Capability (aka AS4 capability). Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-0249 CERT/CC vulnerability note: VU#551715 http://www.kb.cert.org/vuls/id/551715 Debian Security Information: DSA-2459 (Google Search) http://www.debian.org/security/2012/dsa-2459 http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078794.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078910.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078926.html RedHat Security Advisories: RHSA-2012:1258 http://rhn.redhat.com/errata/RHSA-2012-1258.html RedHat Security Advisories: RHSA-2012:1259 http://rhn.redhat.com/errata/RHSA-2012-1259.html http://secunia.com/advisories/48949 Common Vulnerability Exposure (CVE) ID: CVE-2012-0250 Common Vulnerability Exposure (CVE) ID: CVE-2012-0255
Copyright	Copyright (C) 2012 E-Soft Inc.