FreeBSD : quagga -- multiple vulnerabilities (ab9be2c8-ef91-11e0-ad5a-00215c6a37bb)

This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

CERT-FI reports :

Five vulnerabilities have been found in the BGP, OSPF, and OSPFv3
components of Quagga. The vulnerabilities allow an attacker to cause a
denial of service or potentially to execute his own code by sending a
specially modified packets to an affected server. Routing messages are
typically accepted from the routing peers. Exploiting these
vulnerabilities may require an established routing session (BGP
peering or OSPF/OSPFv3 adjacency) to the router.

The vulnerability CVE-2011-3327 is related to the extended communities
handling in BGP messages. Receiving a malformed BGP update can result
in a buffer overflow and disruption of IPv4 routing.

The vulnerability CVE-2011-3326 results from the handling of LSA (Link
State Advertisement) states in the OSPF service. Receiving a modified
Link State Update message with malicious state information can result
in denial of service in IPv4 routing.

The vulnerability CVE-2011-3325 is a denial of service vulnerability
related to Hello message handling by the OSPF service. As Hello
messages are used to initiate adjacencies, exploiting the
vulnerability may be feasible from the same broadcast domain without
an established adjacency. A malformed packet may result in denial of
service in IPv4 routing.

The vulnerabilities CVE-2011-3324 and CVE-2011-3323 are related to the
IPv6 routing protocol (OSPFv3) implemented in ospf6d daemon. Receiving
modified Database Description and Link State Update messages,
respectively, can result in denial of service in IPv6 routing.

See also :

http://www.nessus.org/u?1a130700

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 56399 ()

Bugtraq ID:

CVE ID: CVE-2011-3323
CVE-2011-3324
CVE-2011-3325
CVE-2011-3326
CVE-2011-3327

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now