Oracle Solaris Third-Party Patch Update : quagga (cve_2013_2236_buffer_errors)
Low Nessus Plugin ID 80753
SynopsisThe remote Solaris system is missing a security patch for third-party software.
DescriptionThe remote Solaris system is missing necessary patches to address security updates :
- Stack-based buffer overflow in the new_msg_lsa_change_notify function in the OSPFD API (ospf_api.c) in Quagga before 0.99.22.2, when
--enable-opaque-lsa and the -a command line option are used, allows remote attackers to cause a denial of service (crash) via a large LSA. (CVE-2013-2236)
SolutionUpgrade to Solaris 126.96.36.199.0.