Detections
Analytics

FreeBSD : quagga -- stack overflow and DoS vulnerabilities (167953a4-b01c-11df-9a98-0015587e2cc1)

high Nessus Plugin ID 48749

Language:

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

The Red Hat security team reported two vulnerabilities :

A stack-based buffer overflow flaw was found in the way Quagga's bgpd daemon processed Route-Refresh messages. A configured Border Gateway Protocol (BGP) peer could send a Route-Refresh message with specially crafted Outbound Route Filtering (ORF) record, which would cause the master BGP daemon (bgpd) to crash or, possibly, execute arbitrary code with the privileges of the user running bgpd.

A NULL pointer dereference flaw was found in the way Quagga's bgpd daemon parsed paths of autonomous systems (AS). A configured BGP peer could send a BGP update AS path request with unknown AS type, which could lead to denial of service (bgpd daemon crash).

Solution

Update the affected package.

See Also

https://www.openwall.com/lists/oss-security/2010/08/24/3

http://www.nessus.org/u?f44df379

http://www.nessus.org/u?40f70110

Plugin Details

Severity: High

ID: 48749

File Name: freebsd_pkg_167953a4b01c11df9a980015587e2cc1.nasl

Version: 1.13

Type: local

Published: 8/26/2010

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:quagga, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 8/25/2010

Vulnerability Publication Date: 8/24/2010