rpm package
opensuse/quagga&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/quagga&distro=openSUSE%20Tumbleweed
Vulnerabilities (19)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-44038 | — | < 1.2.4-5.1 | 1.2.4-5.1 | Nov 19, 2021 | An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users (with control of the non-root-owned directory /etc/quagga) to escalate their privileges to root upon package installation or update. | ||
| CVE-2018-5381 | — | < 1.2.4-2.14 | 1.2.4-2.14 | Feb 19, 2018 | The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a | ||
| CVE-2018-5380 | — | < 1.2.4-2.14 | 1.2.4-2.14 | Feb 19, 2018 | The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input. | ||
| CVE-2018-5379 | — | < 1.2.4-2.14 | 1.2.4-2.14 | Feb 19, 2018 | The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary | ||
| CVE-2018-5378 | — | < 1.2.4-2.14 | 1.2.4-2.14 | Feb 19, 2018 | The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may crash. | ||
| CVE-2018-5281 | — | < 1.2.4-2.14 | 1.2.4-2.14 | Jan 8, 2018 | SonicWall SonicOS on Network Security Appliance (NSA) 2017 Q4 devices has XSS via the CFS Custom Category and Cloud AV DB Exclusion Settings screens. | ||
| CVE-2018-5280 | — | < 1.2.4-2.14 | 1.2.4-2.14 | Jan 8, 2018 | SonicWall SonicOS on Network Security Appliance (NSA) 2016 Q4 devices has XSS via the Configure SSO screens. | ||
| CVE-2018-5279 | — | < 1.2.4-2.14 | 1.2.4-2.14 | Jan 8, 2018 | In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e02c. NOTE: the vendor reported that they "have not been able | ||
| CVE-2018-5278 | — | < 1.2.4-2.14 | 1.2.4-2.14 | Jan 8, 2018 | In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e00c. NOTE: the vendor reported that they "have not been able | ||
| CVE-2017-16227 | Hig | 7.5 | < 1.2.4-2.14 | 1.2.4-2.14 | Oct 29, 2017 | The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid messa | |
| CVE-2016-1245 | Cri | 9.8 | < 1.0.20160315-5.1 | 1.0.20160315-5.1 | Feb 22, 2017 | It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size; however, BUFSIZ is system-dependent. | |
| CVE-2017-5495 | Hig | 7.5 | < 1.2.4-2.14 | 1.2.4-2.14 | Jan 24, 2017 | All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading to a Denial-of-Service of Quagga daemons, or even the entire host. When Quagga daemons are configured with their telnet CLI enabled, anyone who can connec | |
| CVE-2016-4049 | Hig | 7.5 | < 1.0.20160315-5.1 | 1.0.20160315-5.1 | May 23, 2016 | The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to cause a denial of service (assertion failure and daemon crash) via a large BGP packet. | |
| CVE-2016-2342 | Hig | 8.1 | < 1.0.20160315-5.1 | 1.0.20160315-5.1 | Mar 17, 2016 | The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitr | |
| CVE-2013-2236 | — | < 1.0.20160315-5.1 | 1.0.20160315-5.1 | Oct 24, 2013 | Stack-based buffer overflow in the new_msg_lsa_change_notify function in the OSPFD API (ospf_api.c) in Quagga before 0.99.22.2, when --enable-opaque-lsa and the -a command line option are used, allows remote attackers to cause a denial of service (crash) via a large LSA. | ||
| CVE-2010-1675 | — | < 1.0.20160315-5.1 | 1.0.20160315-5.1 | Mar 29, 2011 | bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (session reset) via a malformed AS_PATHLIMIT path attribute. | ||
| CVE-2010-1674 | — | < 1.0.20160315-5.1 | 1.0.20160315-5.1 | Mar 29, 2011 | The extended-community parser in bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed Extended Communities attribute. | ||
| CVE-2007-1995 | — | < 1.2.4-2.14 | 1.2.4-2.14 | Apr 12, 2007 | bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages t | ||
| CVE-2006-2223 | — | < 1.2.4-2.14 | 1.2.4-2.14 | May 5, 2006 | RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly implement configurations that (1) disable RIPv1 or (2) require plaintext or MD5 authentication, which allows remote attackers to obtain sensitive information (routing state) via REQUEST packets such as SEND UPDATE. |
- CVE-2021-44038Nov 19, 2021affected < 1.2.4-5.1fixed 1.2.4-5.1
An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users (with control of the non-root-owned directory /etc/quagga) to escalate their privileges to root upon package installation or update.
- CVE-2018-5381Feb 19, 2018affected < 1.2.4-2.14fixed 1.2.4-2.14
The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a
- CVE-2018-5380Feb 19, 2018affected < 1.2.4-2.14fixed 1.2.4-2.14
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input.
- CVE-2018-5379Feb 19, 2018affected < 1.2.4-2.14fixed 1.2.4-2.14
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary
- CVE-2018-5378Feb 19, 2018affected < 1.2.4-2.14fixed 1.2.4-2.14
The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may crash.
- CVE-2018-5281Jan 8, 2018affected < 1.2.4-2.14fixed 1.2.4-2.14
SonicWall SonicOS on Network Security Appliance (NSA) 2017 Q4 devices has XSS via the CFS Custom Category and Cloud AV DB Exclusion Settings screens.
- CVE-2018-5280Jan 8, 2018affected < 1.2.4-2.14fixed 1.2.4-2.14
SonicWall SonicOS on Network Security Appliance (NSA) 2016 Q4 devices has XSS via the Configure SSO screens.
- CVE-2018-5279Jan 8, 2018affected < 1.2.4-2.14fixed 1.2.4-2.14
In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e02c. NOTE: the vendor reported that they "have not been able
- CVE-2018-5278Jan 8, 2018affected < 1.2.4-2.14fixed 1.2.4-2.14
In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e00c. NOTE: the vendor reported that they "have not been able
- affected < 1.2.4-2.14fixed 1.2.4-2.14
The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid messa
- affected < 1.0.20160315-5.1fixed 1.0.20160315-5.1
It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size; however, BUFSIZ is system-dependent.
- affected < 1.2.4-2.14fixed 1.2.4-2.14
All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading to a Denial-of-Service of Quagga daemons, or even the entire host. When Quagga daemons are configured with their telnet CLI enabled, anyone who can connec
- affected < 1.0.20160315-5.1fixed 1.0.20160315-5.1
The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to cause a denial of service (assertion failure and daemon crash) via a large BGP packet.
- affected < 1.0.20160315-5.1fixed 1.0.20160315-5.1
The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitr
- CVE-2013-2236Oct 24, 2013affected < 1.0.20160315-5.1fixed 1.0.20160315-5.1
Stack-based buffer overflow in the new_msg_lsa_change_notify function in the OSPFD API (ospf_api.c) in Quagga before 0.99.22.2, when --enable-opaque-lsa and the -a command line option are used, allows remote attackers to cause a denial of service (crash) via a large LSA.
- CVE-2010-1675Mar 29, 2011affected < 1.0.20160315-5.1fixed 1.0.20160315-5.1
bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (session reset) via a malformed AS_PATHLIMIT path attribute.
- CVE-2010-1674Mar 29, 2011affected < 1.0.20160315-5.1fixed 1.0.20160315-5.1
The extended-community parser in bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed Extended Communities attribute.
- CVE-2007-1995Apr 12, 2007affected < 1.2.4-2.14fixed 1.2.4-2.14
bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages t
- CVE-2006-2223May 5, 2006affected < 1.2.4-2.14fixed 1.2.4-2.14
RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly implement configurations that (1) disable RIPv1 or (2) require plaintext or MD5 authentication, which allows remote attackers to obtain sensitive information (routing state) via REQUEST packets such as SEND UPDATE.