Red Hat Local Security Checks : RedHat Update for quagga RHSA-2011:0406-01

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.870623

Categoría: Red Hat Local Security Checks

Título: RedHat Update for quagga RHSA-2011:0406-01

Resumen: The remote host is missing an update for the 'quagga'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'quagga'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon
implements the BGP (Border Gateway Protocol) routing protocol.

A denial of service flaw was found in the way the Quagga bgpd daemon
processed certain route metrics information. A BGP message with a
specially-crafted path limit attribute would cause the bgpd daemon to reset
its session with the peer through which this message was received.
(CVE-2010-1675)

A NULL pointer dereference flaw was found in the way the Quagga bgpd daemon
processed malformed route extended communities attributes. A configured BGP
peer could crash bgpd on a target system via a specially-crafted BGP
message. (CVE-2010-1674)

Users of quagga should upgrade to these updated packages, which contain
backported patches to correct these issues. After installing the updated
packages, the bgpd daemon must be restarted for the update to take effect.

Affected Software/OS:
quagga on Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-1674
BugTraq ID: 46942
http://www.securityfocus.com/bid/46942
Debian Security Information: DSA-2197 (Google Search)
http://www.debian.org/security/2011/dsa-2197
http://security.gentoo.org/glsa/glsa-201202-02.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2011:058
http://www.osvdb.org/71259
RedHat Security Advisories: RHSA-2012:1258
http://rhn.redhat.com/errata/RHSA-2012-1258.html
http://secunia.com/advisories/43499
http://secunia.com/advisories/43770
http://secunia.com/advisories/48106
SuSE Security Announcement: SUSE-SR:2011:005 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
SuSE Security Announcement: SUSE-SU-2011:1316 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html
http://www.vupen.com/english/advisories/2011/0711
XForce ISS Database: quagga-community-dos(66211)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66211
Common Vulnerability Exposure (CVE) ID: CVE-2010-1675
BugTraq ID: 46943
http://www.securityfocus.com/bid/46943
http://www.osvdb.org/71258
XForce ISS Database: quagga-aspath-dos(66212)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66212

Copyright Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.870623
Categoría:	Red Hat Local Security Checks
Título:	RedHat Update for quagga RHSA-2011:0406-01
Resumen:	The remote host is missing an update for the 'quagga'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'quagga' package(s) announced via the referenced advisory. Vulnerability Insight: Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP (Border Gateway Protocol) routing protocol. A denial of service flaw was found in the way the Quagga bgpd daemon processed certain route metrics information. A BGP message with a specially-crafted path limit attribute would cause the bgpd daemon to reset its session with the peer through which this message was received. (CVE-2010-1675) A NULL pointer dereference flaw was found in the way the Quagga bgpd daemon processed malformed route extended communities attributes. A configured BGP peer could crash bgpd on a target system via a specially-crafted BGP message. (CVE-2010-1674) Users of quagga should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the bgpd daemon must be restarted for the update to take effect. Affected Software/OS: quagga on Red Hat Enterprise Linux Server (v. 6), Red Hat Enterprise Linux Workstation (v. 6) Solution: Please Install the Updated Packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-1674 BugTraq ID: 46942 http://www.securityfocus.com/bid/46942 Debian Security Information: DSA-2197 (Google Search) http://www.debian.org/security/2011/dsa-2197 http://security.gentoo.org/glsa/glsa-201202-02.xml http://www.mandriva.com/security/advisories?name=MDVSA-2011:058 http://www.osvdb.org/71259 RedHat Security Advisories: RHSA-2012:1258 http://rhn.redhat.com/errata/RHSA-2012-1258.html http://secunia.com/advisories/43499 http://secunia.com/advisories/43770 http://secunia.com/advisories/48106 SuSE Security Announcement: SUSE-SR:2011:005 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html SuSE Security Announcement: SUSE-SU-2011:1316 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html http://www.vupen.com/english/advisories/2011/0711 XForce ISS Database: quagga-community-dos(66211) https://exchange.xforce.ibmcloud.com/vulnerabilities/66211 Common Vulnerability Exposure (CVE) ID: CVE-2010-1675 BugTraq ID: 46943 http://www.securityfocus.com/bid/46943 http://www.osvdb.org/71258 XForce ISS Database: quagga-aspath-dos(66212) https://exchange.xforce.ibmcloud.com/vulnerabilities/66212
Copyright	Copyright (C) 2012 Greenbone AG