FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-19 19:12:13 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
1e14d46f-af1f-11e1-b242-00215af774f0	quagga -- BGP OPEN denial of service vulnerability CERT reports: If a pre-configured BGP peer sends a specially-crafted OPEN message with a malformed ORF capability TLV, Quagga bgpd process will erroneously try to consume extra bytes from the input packet buffer. The process will detect a buffer overrun attempt before it happens and immediately terminate with an error message. All BGP sessions established by the attacked router will be closed and its BGP routing disrupted. Discovery 2012-06-04 Entry 2012-06-05 quagga <= 0.99.20.1 quagga-re < 0.99.17.10 CVE-2012-1820 http://www.kb.cert.org/vuls/id/962587
42a2c82a-75b9-11e1-89b4-001ec9578670	quagga -- multiple vulnerabilities CERT reports: The ospfd implementation of OSPF in Quagga allows a remote attacker (on a local network segment with OSPF enabled) to cause a denial of service (daemon aborts due to an assert) with a malformed OSPF LS-Update message. The ospfd implementation of OSPF in Quagga allows a remote attacker (on a local network segment with OSPF enabled) to cause a denial of service (daemon crash) with a malformed OSPF Network- LSA message. The bgpd implementation of BGP in Quagga allows remote attackers to cause a denial of service (daemon aborts due to an assert) via BGP Open message with an invalid AS4 capability. Discovery 2012-03-23 Entry 2012-03-24 Modified 2012-03-26 quagga < 0.99.20.1 quagga-re < 0.99.17.8 CVE-2012-0249 CVE-2012-0250 CVE-2012-0255 http://www.kb.cert.org/vuls/id/551715

VuXML ID

Description

1e14d46f-af1f-11e1-b242-00215af774f0

quagga -- BGP OPEN denial of service vulnerability

CERT reports:

If a pre-configured BGP peer sends a specially-crafted OPEN message with a malformed ORF capability TLV, Quagga bgpd process will erroneously try to consume extra bytes from the input packet buffer. The process will detect a buffer overrun attempt before it happens and immediately terminate with an error message. All BGP sessions established by the attacked router will be closed and its BGP routing disrupted.

Discovery 2012-06-04
Entry 2012-06-05
quagga

<= 0.99.20.1

quagga-re

< 0.99.17.10

CVE-2012-1820
http://www.kb.cert.org/vuls/id/962587

42a2c82a-75b9-11e1-89b4-001ec9578670

quagga -- multiple vulnerabilities

CERT reports:

The ospfd implementation of OSPF in Quagga allows a remote attacker (on a local network segment with OSPF enabled) to cause a denial of service (daemon aborts due to an assert) with a malformed OSPF LS-Update message.

The ospfd implementation of OSPF in Quagga allows a remote attacker (on a local network segment with OSPF enabled) to cause a denial of service (daemon crash) with a malformed OSPF Network- LSA message.

The bgpd implementation of BGP in Quagga allows remote attackers to cause a denial of service (daemon aborts due to an assert) via BGP Open message with an invalid AS4 capability.

Discovery 2012-03-23
Entry 2012-03-24
Modified 2012-03-26
quagga

< 0.99.20.1

quagga-re

< 0.99.17.8

CVE-2012-0249
CVE-2012-0250
CVE-2012-0255
http://www.kb.cert.org/vuls/id/551715