CVE-2013-2236

Related Files

Red Hat Security Advisory 2017-0794-01

Posted Mar 21, 2017

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0794-01 - The quagga packages contain Quagga, the free network-routing software suite that manages TCP/IP based protocols. Quagga supports the BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng protocols, and is intended to be used as a Route Server and Route Reflector. Security Fix: A stack-based buffer overflow flaw was found in the way Quagga handled IPv6 router advertisement messages. A remote attacker could use this flaw to crash the zebra daemon resulting in denial of service.

tags | advisory, remote, denial of service, overflow, tcp, protocol

systems | linux, redhat

advisories | CVE-2013-2236, CVE-2016-1245, CVE-2016-2342, CVE-2016-4049, CVE-2017-5495

SHA-256 | 382a7eb4860c0cafcd06124913757757571d5dd5111b8d10cb82337462076114

Download | Favorite | View

Ubuntu Security Notice USN-2941-1

Posted Mar 24, 2016

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2941-1 - Kostya Kortchinsky discovered that Quagga incorrectly handled certain route data when configured with BGP peers enabled for VPNv4. A remote attacker could use this issue to cause Quagga to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that Quagga incorrectly handled messages with a large LSA when used in certain configurations. A remote attacker could use this issue to cause Quagga to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary

systems | linux, ubuntu

advisories | CVE-2013-2236, CVE-2016-2342

SHA-256 | dec0b6f9f3b35d3f8a8eb68d683beaa94258a1981f7ede3d89ddbda7fc3e091b

Download | Favorite | View

Debian Security Advisory 2803-1

Posted Nov 26, 2013

Authored by Debian | Site debian.org

Debian Linux Security Advisory 2803-1 - Multiple vulnerabilities were discovered in Quagga, a BGP/OSPF/RIP routing daemon.

tags | advisory, vulnerability

systems | linux, debian

advisories | CVE-2013-2236, CVE-2013-6051

SHA-256 | bb3b05ec11b37b0531a2aca1e1d48ff15bede13374e77f396d94caf2a28756ab

Download | Favorite | View

Mandriva Linux Security Advisory 2013-254

Posted Oct 18, 2013

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-254 - Remotely exploitable buffer overflow in ospf_api.c and ospfclient.c when processing LSA messages in quagga before 0.99.22.2. Note: We have worked around this vulnerability by disabling the ospf_api and ospfclient features, which did not provide useful functionality.

tags | advisory, overflow

systems | linux, mandriva

advisories | CVE-2013-2236

SHA-256 | 0eb2cd82b2ff838ef4aa7c6c1c69bfa24d50a5ce038cbd73a1f91cf1c12c3ccd

Download | Favorite | View

Gentoo Linux Security Advisory 201310-08

Posted Oct 10, 2013

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201310-8 - Multiple vulnerabilities have been found in Quagga, the worst of which could lead to arbitrary code execution. Versions less than 0.99.22.4 are affected.

tags | advisory, arbitrary, vulnerability, code execution

systems | linux, gentoo

advisories | CVE-2012-0249, CVE-2012-0250, CVE-2012-0255, CVE-2012-1820, CVE-2013-2236

SHA-256 | ba9ca5c17e84ebeec9337e6ffbaa556d3fbe8194187caaf3a58902d40d14f254

Download | Favorite | View