ID F5:K21921812 Type f5 Reporter f5 Modified 2018-04-13T01:53:00
Description
F5 Product Development has evaluated the currently supported releases for potential vulnerability.
To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:
Product| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature
---|---|---|---|---
BIG-IP LTM| None| 12.0.0
11.0.0 - 11.6.0
10.1.0 - 10.2.4| Not vulnerable| None
BIG-IP AAM| None| 12.0.0
11.4.0 - 11.6.0| Not vulnerable| None
BIG-IP AFM| None| 12.0.0
11.3.0 - 11.6.0| Not vulnerable| None
BIG-IP Analytics| None| 12.0.0
11.0.0 - 11.6.0| Not vulnerable| None
BIG-IP APM| None| 12.0.0
11.0.0 - 11.6.0
10.1.0 - 10.2.4| Not vulnerable| None
BIG-IP ASM| None| 12.0.0
11.0.0 - 11.6.0
10.1.0 - 10.2.4| Not vulnerable| None
BIG-IP DNS| None| 12.0.0| Not vulnerable| None
BIG-IP Edge Gateway| None| 11.0.0 - 11.3.0
10.1.0 - 10.2.4| Not vulnerable| None
BIG-IP GTM| None| 11.0.0 - 11.6.0
10.1.0 - 10.2.4| Not vulnerable| None
BIG-IP Link Controller| None| 12.0.0
11.0.0 - 11.6.0
10.1.0 - 10.2.4| Not vulnerable| None
BIG-IP PEM| None| 12.0.0
11.3.0 - 11.6.0| Not vulnerable| None
BIG-IP PSM| None| 11.0.0 - 11.4.1
10.1.0 - 10.2.4| Not vulnerable| None
BIG-IP WebAccelerator| None| 11.0.0 - 11.3.0
10.1.0 - 10.2.4| Not vulnerable| None
BIG-IP WOM| None| 11.0.0 - 11.3.0
10.1.0 - 10.2.4| Not vulnerable| None
ARX| None| 6.0.0 - 6.4.0| Not vulnerable| None
Enterprise Manager| None| 3.0.0 - 3.1.1| Not vulnerable| None
FirePass| None| 7.0.0
6.0.0 - 6.1.0| Not vulnerable| None
BIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None
BIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None
BIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None
BIG-IQ ADC| None| 4.5.0| Not vulnerable| None
BIG-IQ Centralized Management| None| 4.6.0| Not vulnerable| None
BIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None
LineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None
F5 WebSafe| None| 1.0.0| Not vulnerable| None
Traffix SDC| None| 4.0.0 - 4.4.0
3.3.2 - 3.5.1| Not vulnerable| None
{"id": "F5:K21921812", "bulletinFamily": "software", "title": "Quagga vulnerability CVE-2016-2342 ", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 \n11.4.0 - 11.6.0| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 \n11.3.0 - 11.6.0| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 \n11.0.0 - 11.6.0| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 \n11.3.0 - 11.6.0| Not vulnerable| None \nBIG-IP PSM| None| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WOM| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.0.0 - 3.1.1| Not vulnerable| None \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| Not vulnerable| None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n", "published": "2016-04-08T20:19:00", "modified": "2018-04-13T01:53:00", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "href": "https://support.f5.com/csp/article/K21921812", "reporter": "f5", "references": [], "cvelist": ["CVE-2016-2342"], "type": "f5", "lastseen": "2019-10-15T20:30:20", "edition": 1, "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2016-2342"]}, {"type": "f5", "idList": ["SOL21921812"]}, {"type": "gentoo", "idList": ["GLSA-201610-03"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310810174", "OPENVAS:1361412562310871784", "OPENVAS:703532", "OPENVAS:1361412562311220192657", "OPENVAS:1361412562310131272", "OPENVAS:1361412562310842703", "OPENVAS:1361412562310871969", "OPENVAS:1361412562310703532", "OPENVAS:1361412562311220192408", "OPENVAS:1361412562310810179"]}, {"type": "nessus", "idList": ["SUSE_SU-2016-0946-1.NASL", "GENTOO_GLSA-201610-03.NASL", "UBUNTU_USN-2941-1.NASL", "FEDORA_2016-8ACC6B66F1.NASL", "DEBIAN_DSA-3532.NASL", "FREEBSD_PKG_70C44CD0E71711E585BE14DAE9D210B8.NASL", "SUSE_SU-2016-0936-1.NASL", "FEDORA_2016-CAE6456F63.NASL", "OPENSUSE-2016-383.NASL", "OPENSUSE-2016-396.NASL"]}, {"type": "cert", "idList": ["VU:270232"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3532-1:D6B14"]}, {"type": "freebsd", "idList": ["70C44CD0-E717-11E5-85BE-14DAE9D210B8"]}, {"type": "ubuntu", "idList": ["USN-2941-1"]}, {"type": "fedora", "idList": ["FEDORA:086D860E6A17", "FEDORA:E3A74605853D", "FEDORA:9A29B60D9A8A"]}, {"type": "redhat", "idList": ["RHSA-2017:0794"]}, {"type": "centos", "idList": ["CESA-2017:0794"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-0794"]}], "modified": "2019-10-15T20:30:20", "rev": 2}, "score": {"value": 5.6, "vector": "NONE", "modified": "2019-10-15T20:30:20", "rev": 2}, "vulnersScore": 5.6}, "affectedSoftware": []}
{"cve": [{"lastseen": "2020-10-03T12:10:43", "description": "The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted packet.", "edition": 3, "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-03-17T14:59:00", "title": "CVE-2016-2342", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2342"], "modified": "2018-01-05T02:30:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:7.0", "cpe:/a:quagga:quagga:0.99.24"], "id": "CVE-2016-2342", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2342", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:quagga:quagga:0.99.24:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"]}], "f5": [{"lastseen": "2016-09-26T17:22:52", "bulletinFamily": "software", "cvelist": ["CVE-2016-2342"], "description": "Vulnerability Recommended Actions\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "edition": 1, "modified": "2016-04-08T00:00:00", "published": "2016-04-08T00:00:00", "id": "SOL21921812", "href": "http://support.f5.com/kb/en-us/solutions/public/k/21/sol21921812.html", "type": "f5", "title": "SOL21921812 - Quagga vulnerability CVE-2016-2342", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cert": [{"lastseen": "2020-09-18T20:41:20", "bulletinFamily": "info", "cvelist": ["CVE-2016-2342"], "description": "### Overview \n\nQuagga, version 0.99.24.1 and earlier, contains a buffer overflow vulnerability in `bgpd` with BGP peers enabled for VPNv4 that may leveraged to gain code execution.\n\n### Description \n\n[**CWE-121**](<https://cwe.mitre.org/data/definitions/121.html>)**: Stack-based Buffer Overflow** \\- CVE-2016-2342\n\n[Quagga](<http://www.nongnu.org/quagga/>) is a software routing suite that implements numerous routing protocols for Unix-based platforms. A `memcpy` function in the VPNv4 NLRI parser of `bgp_mplsvpn.c` does not properly check the upper-bound length of received Labeled-VPN SAFI routes data, which may allow for arbitrary code execution on the stack. Note that hosts are only vulnerable if `bgpd` is running with BGP peers enabled for VPNv4, which is not a default configuration. For more details, refer to the Quagga [changelog](<http://nongnu.askapache.com//quagga/quagga-1.0.20160309.changelog.txt>) and [commit notes](<http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=a3bc7e9400b214a0f078fdb19596ba54214a1442>). \n \n--- \n \n### Impact \n\nA malicious BGP peer may execute arbitrary code in particularly configured remote `bgpd` hosts. \n \n--- \n \n### Solution \n\n**Apply an update** \n \nQuagga has released version 1.0.20160309 which addresses this issue. \n \n--- \n \n### Vendor Information\n\n270232\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Quagga Affected\n\nNotified: November 24, 2015 Updated: March 10, 2016 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | 7.6 | AV:N/AC:H/Au:N/C:C/I:C/A:C \nTemporal | 6 | E:POC/RL:OF/RC:C \nEnvironmental | 1.5 | CDP:ND/TD:L/CR:ND/IR:ND/AR:ND \n \n \n\n\n### References \n\n * <http://www.quagga.net/>\n * <http://nongnu.askapache.com//quagga/quagga-1.0.20160309.changelog.txt>\n * <http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=a3bc7e9400b214a0f078fdb19596ba54214a1442>\n\n### Acknowledgements\n\nThanks to Kostya Kortchinsky for reporting this vulnerability.\n\nThis document was written by Joel Land.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2016-2342](<http://web.nvd.nist.gov/vuln/detail/CVE-2016-2342>) \n---|--- \n**Date Public:** | 2016-03-10 \n**Date First Published:** | 2016-03-10 \n**Date Last Updated: ** | 2016-03-10 21:41 UTC \n**Document Revision: ** | 12 \n", "modified": "2016-03-10T21:41:00", "published": "2016-03-10T00:00:00", "id": "VU:270232", "href": "https://www.kb.cert.org/vuls/id/270232", "type": "cert", "title": "Quagga bgpd with BGP peers enabled for VPNv4 contains a buffer overflow vulnerability", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:35:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2342"], "description": "Kostya Kortchinsky discovered a\nstack-based buffer overflow vulnerability in the VPNv4 NLRI parser in bgpd in\nquagga, a BGP/OSPF/RIP routing daemon. A remote attacker can exploit this flaw to\ncause a denial of service (daemon crash), or potentially, execution of arbitrary\ncode, if bgpd is configured with BGP peers enabled for VPNv4.", "modified": "2019-03-18T00:00:00", "published": "2016-03-27T00:00:00", "id": "OPENVAS:1361412562310703532", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703532", "type": "openvas", "title": "Debian Security Advisory DSA 3532-1 (quagga - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3532.nasl 14279 2019-03-18 14:48:34Z cfischer $\n# Auto-generated from advisory DSA 3532-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703532\");\n script_version(\"$Revision: 14279 $\");\n script_cve_id(\"CVE-2016-2342\");\n script_name(\"Debian Security Advisory DSA 3532-1 (quagga - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:48:34 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-27 00:00:00 +0100 (Sun, 27 Mar 2016)\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3532.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(7|8)\");\n script_tag(name:\"affected\", value:\"quagga on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (wheezy),\nthis problem has been fixed in version 0.99.22.4-1+wheezy2.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 0.99.23.1-1+deb8u1.\n\nWe recommend that you upgrade your quagga packages.\");\n script_tag(name:\"summary\", value:\"Kostya Kortchinsky discovered a\nstack-based buffer overflow vulnerability in the VPNv4 NLRI parser in bgpd in\nquagga, a BGP/OSPF/RIP routing daemon. A remote attacker can exploit this flaw to\ncause a denial of service (daemon crash), or potentially, execution of arbitrary\ncode, if bgpd is configured with BGP peers enabled for VPNv4.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"quagga\", ver:\"0.99.22.4-1+wheezy2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"quagga-dbg\", ver:\"0.99.22.4-1+wheezy2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"quagga-doc\", ver:\"0.99.22.4-1+wheezy2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"quagga\", ver:\"0.99.23.1-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"quagga-dbg\", ver:\"0.99.23.1-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"quagga-doc\", ver:\"0.99.23.1-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:55:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2342"], "description": "Kostya Kortchinsky discovered a\nstack-based buffer overflow vulnerability in the VPNv4 NLRI parser in bgpd in\nquagga, a BGP/OSPF/RIP routing daemon. A remote attacker can exploit this flaw to\ncause a denial of service (daemon crash), or potentially, execution of arbitrary\ncode, if bgpd is configured with BGP peers enabled for VPNv4.", "modified": "2017-07-07T00:00:00", "published": "2016-03-27T00:00:00", "id": "OPENVAS:703532", "href": "http://plugins.openvas.org/nasl.php?oid=703532", "type": "openvas", "title": "Debian Security Advisory DSA 3532-1 (quagga - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3532.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3532-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703532);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2016-2342\");\n script_name(\"Debian Security Advisory DSA 3532-1 (quagga - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-03-27 00:00:00 +0100 (Sun, 27 Mar 2016)\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3532.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"quagga on Debian Linux\");\n script_tag(name: \"insight\", value: \"GNU Quagga is free software which\nmanages TCP/IP based routing protocols. It supports BGP4, BGP4+, OSPFv2, OSPFv3,\nIS-IS, RIPv1, RIPv2, and RIPng as well as the IPv6 versions of these.\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (wheezy),\nthis problem has been fixed in version 0.99.22.4-1+wheezy2.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 0.99.23.1-1+deb8u1.\n\nWe recommend that you upgrade your quagga packages.\");\n script_tag(name: \"summary\", value: \"Kostya Kortchinsky discovered a\nstack-based buffer overflow vulnerability in the VPNv4 NLRI parser in bgpd in\nquagga, a BGP/OSPF/RIP routing daemon. A remote attacker can exploit this flaw to\ncause a denial of service (daemon crash), or potentially, execution of arbitrary\ncode, if bgpd is configured with BGP peers enabled for VPNv4.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"quagga\", ver:\"0.99.22.4-1+wheezy2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"quagga-dbg\", ver:\"0.99.22.4-1+wheezy2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"quagga-doc\", ver:\"0.99.22.4-1+wheezy2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"quagga\", ver:\"0.99.23.1-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"quagga-dbg\", ver:\"0.99.23.1-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"quagga-doc\", ver:\"0.99.23.1-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:35:42", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2342"], "description": "Mageia Linux Local Security Checks mgasa-2016-0126", "modified": "2019-03-14T00:00:00", "published": "2016-03-31T00:00:00", "id": "OPENVAS:1361412562310131272", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310131272", "type": "openvas", "title": "Mageia Linux Local Check: mgasa-2016-0126", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: mgasa-2016-0126.nasl 14180 2019-03-14 12:29:16Z cfischer $\n#\n# Mageia Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://www.solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.131272\");\n script_version(\"$Revision: 14180 $\");\n script_tag(name:\"creation_date\", value:\"2016-03-31 08:04:58 +0300 (Thu, 31 Mar 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 13:29:16 +0100 (Thu, 14 Mar 2019) $\");\n script_name(\"Mageia Linux Local Check: mgasa-2016-0126\");\n script_tag(name:\"insight\", value:\"A vulnerability was found in a way VPNv4 NLRI parser copied packet data to the stack. Memcpy to stack data structure based on length field from packet data whose length field upper-bound was not properly checked (CVE-2016-2342).\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://advisories.mageia.org/MGASA-2016-0126.html\");\n script_cve_id(\"CVE-2016-2342\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\", re:\"ssh/login/release=MAGEIA5\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Mageia Linux Local Security Checks mgasa-2016-0126\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Mageia Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"quagga\", rpm:\"quagga~0.99.22.4~4.1.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2342", "CVE-2013-2236"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2016-03-25T00:00:00", "id": "OPENVAS:1361412562310842703", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842703", "type": "openvas", "title": "Ubuntu Update for quagga USN-2941-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for quagga USN-2941-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842703\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-25 06:13:48 +0100 (Fri, 25 Mar 2016)\");\n script_cve_id(\"CVE-2016-2342\", \"CVE-2013-2236\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for quagga USN-2941-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'quagga'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Kostya Kortchinsky discovered that Quagga\n incorrectly handled certain route data when configured with BGP peers enabled\n for VPNv4. A remote attacker could use this issue to cause Quagga to crash,\n resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-2342)\n\n It was discovered that Quagga incorrectly handled messages with a large\n LSA when used in certain configurations. A remote attacker could use this\n issue to cause Quagga to crash, resulting in a denial of service. This\n issue only affected Ubuntu 12.04 LTS. (CVE-2013-2236)\");\n script_tag(name:\"affected\", value:\"quagga on Ubuntu 15.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"2941-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2941-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS|15\\.10)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"quagga\", ver:\"0.99.22.4-3ubuntu1.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"quagga\", ver:\"0.99.20.1-0ubuntu0.12.04.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU15.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"quagga\", ver:\"0.99.24.1-2ubuntu0.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4049", "CVE-2016-1245", "CVE-2016-2342"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-12-02T00:00:00", "id": "OPENVAS:1361412562310810179", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810179", "type": "openvas", "title": "Fedora Update for quagga FEDORA-2016-cae6456f63", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for quagga FEDORA-2016-cae6456f63\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810179\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-02 14:06:39 +0100 (Fri, 02 Dec 2016)\");\n script_cve_id(\"CVE-2016-1245\", \"CVE-2016-4049\", \"CVE-2016-2342\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for quagga FEDORA-2016-cae6456f63\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'quagga'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"quagga on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-cae6456f63\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JU6F72Q3RX6PEQNZLT24K5NN62GP6QW\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"quagga\", rpm:\"quagga~0.99.24.1~4.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4049", "CVE-2016-1245", "CVE-2016-2342"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-12-07T00:00:00", "id": "OPENVAS:1361412562310871969", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871969", "type": "openvas", "title": "Fedora Update for quagga FEDORA-2016-8acc6b66f1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for quagga FEDORA-2016-8acc6b66f1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871969\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:22:02 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-1245\", \"CVE-2016-4049\", \"CVE-2016-2342\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for quagga FEDORA-2016-8acc6b66f1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'quagga'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"quagga on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-8acc6b66f1\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AXTBU5YNCEJMAWR6MI6Z6NEELZU3NW7G\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"quagga\", rpm:\"quagga~0.99.24.1~4.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4049", "CVE-2016-1245", "CVE-2016-2342"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-12-02T00:00:00", "id": "OPENVAS:1361412562310810174", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810174", "type": "openvas", "title": "Fedora Update for quagga FEDORA-2016-568c7ff4f6", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for quagga FEDORA-2016-568c7ff4f6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810174\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-02 14:04:02 +0100 (Fri, 02 Dec 2016)\");\n script_cve_id(\"CVE-2016-1245\", \"CVE-2016-4049\", \"CVE-2016-2342\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for quagga FEDORA-2016-568c7ff4f6\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'quagga'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"quagga on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-568c7ff4f6\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X4EXXPQTSPEX3RJFNL2LETKLJRRTOITL\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"quagga\", rpm:\"quagga~0.99.24.1~3.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4049", "CVE-2016-1245", "CVE-2016-2342", "CVE-2013-2236", "CVE-2017-5495"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2017-03-22T00:00:00", "id": "OPENVAS:1361412562310871784", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871784", "type": "openvas", "title": "RedHat Update for quagga RHSA-2017:0794-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for quagga RHSA-2017:0794-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871784\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-22 05:48:36 +0100 (Wed, 22 Mar 2017)\");\n script_cve_id(\"CVE-2013-2236\", \"CVE-2016-1245\", \"CVE-2016-2342\", \"CVE-2016-4049\", \"CVE-2017-5495\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for quagga RHSA-2017:0794-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'quagga'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The quagga packages contain Quagga, the\nfree network-routing software suite that manages TCP/IP based protocols. Quagga\nsupports the BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng protocols, and\nis intended to be used as a Route Server and Route Reflector.\n\nSecurity Fix(es):\n\n * A stack-based buffer overflow flaw was found in the way Quagga handled\nIPv6 router advertisement messages. A remote attacker could use this flaw\nto crash the zebra daemon resulting in denial of service. (CVE-2016-1245)\n\n * A stack-based buffer overflow flaw was found in the way the Quagga BGP\nrouting daemon (bgpd) handled Labeled-VPN SAFI routes data. A remote\nattacker could use this flaw to crash the bgpd daemon resulting in denial\nof service. (CVE-2016-2342)\n\n * A denial of service flaw was found in the Quagga BGP routing daemon\n(bgpd). Under certain circumstances, a remote attacker could send a crafted\npacket to crash the bgpd daemon resulting in denial of service.\n(CVE-2016-4049)\n\n * A denial of service flaw affecting various daemons in Quagga was found. A\nremote attacker could use this flaw to cause the various Quagga daemons,\nwhich expose their telnet interface, to crash. (CVE-2017-5495)\n\n * A stack-based buffer overflow flaw was found in the way the Quagga OSPFD\ndaemon handled LSA (link-state advertisement) packets. A remote attacker\ncould use this flaw to crash the ospfd daemon resulting in denial of\nservice. (CVE-2013-2236)\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9\nTechnical Notes linked from the References section.\");\n script_tag(name:\"affected\", value:\"quagga on Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:0794-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-March/msg00054.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"quagga\", rpm:\"quagga~0.99.15~14.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"quagga-debuginfo\", rpm:\"quagga-debuginfo~0.99.15~14.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-01-27T18:35:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4049", "CVE-2016-1245", "CVE-2016-2342", "CVE-2017-3224", "CVE-2018-5381", "CVE-2018-5380"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192657", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192657", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for quagga (EulerOS-SA-2019-2657)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2657\");\n script_version(\"2020-01-23T13:12:53+0000\");\n script_cve_id(\"CVE-2016-1245\", \"CVE-2016-2342\", \"CVE-2016-4049\", \"CVE-2017-3224\", \"CVE-2018-5380\", \"CVE-2018-5381\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 13:12:53 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 13:12:53 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for quagga (EulerOS-SA-2019-2657)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2657\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2657\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'quagga' package(s) announced via the EulerOS-SA-2019-2657 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size, however, BUFSIZ is system-dependent.(CVE-2016-1245)\n\nOpen Shortest Path First (OSPF) protocol implementations may improperly determine Link State Advertisement (LSA) recency for LSAs with MaxSequenceNumber. According to RFC 2328 section 13.1, for two instances of the same LSA, recency is determined by first comparing sequence numbers, then checksums, and finally MaxAge. In a case where the sequence numbers are the same, the LSA with the larger checksum is considered more recent, and will not be flushed from the Link State Database (LSDB). Since the RFC does not explicitly state that the values of links carried by a LSA must be the same when prematurely aging a self-originating LSA with MaxSequenceNumber, it is possible in vulnerable OSPF implementations for an attacker to craft a LSA with MaxSequenceNumber and invalid links that will result in a larger checksum and thus a 'newer' LSA that will not be flushed from the LSDB. Propagation of the crafted LSA can result in the erasure or alteration of the routing tables of routers within the routing domain, creating a denial of service condition or the re-routing of traffic on the network. CVE-2017-3224 has been reserved for Quagga and downstream implementations (SUSE, openSUSE, and Red Hat packages).(CVE-2017-3224)\n\nThe bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to cause a denial of service (assertion failure and daemon crash) via a large BGP packet.(CVE-2016-4049)\n\nThe bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted packet.(CVE-2016-2342)\n\nThe Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input.(CVE-2018-5380)\n\nThe Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of 'Capabilities' in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI, causing a denial of service.(CVE-2018-5381)\");\n\n script_tag(name:\"affected\", value:\"'quagga' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"quagga\", rpm:\"quagga~0.99.22.4~5.h5\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:34:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4049", "CVE-2016-1245", "CVE-2016-2342", "CVE-2017-3224", "CVE-2018-5381", "CVE-2018-5380"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192408", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192408", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for quagga (EulerOS-SA-2019-2408)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2408\");\n script_version(\"2020-01-23T12:53:45+0000\");\n script_cve_id(\"CVE-2016-1245\", \"CVE-2016-2342\", \"CVE-2016-4049\", \"CVE-2017-3224\", \"CVE-2018-5380\", \"CVE-2018-5381\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:53:45 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:53:45 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for quagga (EulerOS-SA-2019-2408)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2408\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2408\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'quagga' package(s) announced via the EulerOS-SA-2019-2408 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State Advertisement (LSA) recency for LSAs with MaxSequenceNumber. According to RFC 2328 section 13.1, for two instances of the same LSA, recency is determined by first comparing sequence numbers, then checksums, and finally MaxAge. In a case where the sequence numbers are the same, the LSA with the larger checksum is considered more recent, and will not be flushed from the Link State Database (LSDB). Since the RFC does not explicitly state that the values of links carried by a LSA must be the same when prematurely aging a self-originating LSA with MaxSequenceNumber, it is possible in vulnerable OSPF implementations for an attacker to craft a LSA with MaxSequenceNumber and invalid links that will result in a larger checksum and thus a 'newer' LSA that will not be flushed from the LSDB. Propagation of the crafted LSA can result in the erasure or alteration of the routing tables of routers within the routing domain, creating a denial of service condition or the re-routing of traffic on the network. CVE-2017-3224 has been reserved for Quagga and downstream implementations (SUSE, openSUSE, and Red Hat packages).(CVE-2017-3224)\n\nThe bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to cause a denial of service (assertion failure and daemon crash) via a large BGP packet.(CVE-2016-4049)\n\nThe bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted packet.(CVE-2016-2342)\n\nThe Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input.(CVE-2018-5380)\n\nThe Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of 'Capabilities' in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI, causing a denial of service.(CVE-2018-5381)\n\nIt was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size, however, BUFSIZ is system-dependent.(CVE-2016-1245)\");\n\n script_tag(name:\"affected\", value:\"'quagga' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"quagga\", rpm:\"quagga~0.99.22.4~5.h6\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-08-12T01:01:57", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2342"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3532-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nMarch 27, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : quagga\nCVE ID : CVE-2016-2342\nDebian Bug : 819179\n\nKostya Kortchinsky discovered a stack-based buffer overflow\nvulnerability in the VPNv4 NLRI parser in bgpd in quagga, a BGP/OSPF/RIP\nrouting daemon. A remote attacker can exploit this flaw to cause a\ndenial of service (daemon crash), or potentially, execution of arbitrary\ncode, if bgpd is configured with BGP peers enabled for VPNv4.\n\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 0.99.22.4-1+wheezy2.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 0.99.23.1-1+deb8u1.\n\nWe recommend that you upgrade your quagga packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 9, "modified": "2016-03-27T15:17:20", "published": "2016-03-27T15:17:20", "id": "DEBIAN:DSA-3532-1:D6B14", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00106.html", "title": "[SECURITY] [DSA 3532-1] quagga security update", "type": "debian", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:32:46", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2342"], "description": "\nDonald Sharp reports:\n\nA malicious BGP peer may execute arbitrary code in\n\t particularly configured remote bgpd hosts.\n\n", "edition": 4, "modified": "2016-01-27T00:00:00", "published": "2016-01-27T00:00:00", "id": "70C44CD0-E717-11E5-85BE-14DAE9D210B8", "href": "https://vuxml.freebsd.org/freebsd/70c44cd0-e717-11e5-85be-14dae9d210b8.html", "title": "quagga -- stack based buffer overflow vulnerability", "type": "freebsd", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-10-10T08:54:49", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2342"], "edition": 1, "description": "### Background\n\nQuagga is a free routing daemon replacing Zebra supporting RIP, OSPF and BGP. \n\n### Description\n\nA memcpy function in the VPNv4 NLRI parser of bgp_mplsvpn.c does not properly check the upper-bound length of received Labeled-VPN SAFI routes data, which may allow for arbitrary code execution on the stack. \n\n### Impact\n\nA remote attacker could send a specially crafted packet, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Quagga users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/quagga-1.0.20160315\"", "modified": "2016-10-10T00:00:00", "published": "2016-10-10T00:00:00", "id": "GLSA-201610-03", "href": "https://security.gentoo.org/glsa/201610-03", "type": "gentoo", "title": "Quagga: Arbitrary code execution", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-12T11:05:17", "description": "The remote host is affected by the vulnerability described in GLSA-201610-03\n(Quagga: Arbitrary code execution)\n\n A memcpy function in the VPNv4 NLRI parser of bgp_mplsvpn.c does not\n properly check the upper-bound length of received Labeled-VPN SAFI routes\n data, which may allow for arbitrary code execution on the stack.\n \nImpact :\n\n A remote attacker could send a specially crafted packet, possibly\n resulting in execution of arbitrary code with the privileges of the\n process or a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 23, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-11T00:00:00", "title": "GLSA-201610-03 : Quagga: Arbitrary code execution", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2342"], "modified": "2016-10-11T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:quagga"], "id": "GENTOO_GLSA-201610-03.NASL", "href": "https://www.tenable.com/plugins/nessus/93945", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201610-03.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93945);\n script_version(\"2.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-2342\");\n script_xref(name:\"GLSA\", value:\"201610-03\");\n\n script_name(english:\"GLSA-201610-03 : Quagga: Arbitrary code execution\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201610-03\n(Quagga: Arbitrary code execution)\n\n A memcpy function in the VPNv4 NLRI parser of bgp_mplsvpn.c does not\n properly check the upper-bound length of received Labeled-VPN SAFI routes\n data, which may allow for arbitrary code execution on the stack.\n \nImpact :\n\n A remote attacker could send a specially crafted packet, possibly\n resulting in execution of arbitrary code with the privileges of the\n process or a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201610-03\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Quagga users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/quagga-1.0.20160315'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:quagga\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-misc/quagga\", unaffected:make_list(\"ge 1.0.20160315\"), vulnerable:make_list(\"lt 1.0.20160315\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Quagga\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T14:23:46", "description": "This update for quagga fixes the following security issue :\n\n - CVE-2016-2342: Quagga was extended the prefixlen check\n to ensure it is within the bound of the NLRI packet data\n and the on-stack prefix structure and the maximum size\n for the address family (bsc#970952).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 28, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-04-05T00:00:00", "title": "SUSE SLES12 Security Update : quagga (SUSE-SU-2016:0936-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2342"], "modified": "2016-04-05T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:quagga-debugsource", "p-cpe:/a:novell:suse_linux:quagga", "p-cpe:/a:novell:suse_linux:quagga-debuginfo"], "id": "SUSE_SU-2016-0936-1.NASL", "href": "https://www.tenable.com/plugins/nessus/90347", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:0936-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90347);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-2342\");\n\n script_name(english:\"SUSE SLES12 Security Update : quagga (SUSE-SU-2016:0936-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for quagga fixes the following security issue :\n\n - CVE-2016-2342: Quagga was extended the prefixlen check\n to ensure it is within the bound of the NLRI packet data\n and the on-stack prefix structure and the maximum size\n for the address family (bsc#970952).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=970952\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2342/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20160936-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0200c7db\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP1 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP1-2016-540=1\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2016-540=1\n\nSUSE Linux Enterprise Server 12-SP1 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-540=1\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2016-540=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:quagga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:quagga-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:quagga-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0/1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"quagga-0.99.22.1-5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"quagga-debuginfo-0.99.22.1-5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"quagga-debugsource-0.99.22.1-5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"quagga-0.99.22.1-5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"quagga-debuginfo-0.99.22.1-5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"quagga-debugsource-0.99.22.1-5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"quagga\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T09:49:31", "description": "Kostya Kortchinsky discovered a stack-based buffer overflow\nvulnerability in the VPNv4 NLRI parser in bgpd in quagga, a\nBGP/OSPF/RIP routing daemon. A remote attacker can exploit this flaw\nto cause a denial of service (daemon crash), or potentially, execution\nof arbitrary code, if bgpd is configured with BGP peers enabled for\nVPNv4.", "edition": 24, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-03-28T00:00:00", "title": "Debian DSA-3532-1 : quagga - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2342"], "modified": "2016-03-28T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:quagga", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-3532.NASL", "href": "https://www.tenable.com/plugins/nessus/90207", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3532. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90207);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-2342\");\n script_xref(name:\"DSA\", value:\"3532\");\n\n script_name(english:\"Debian DSA-3532-1 : quagga - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Kostya Kortchinsky discovered a stack-based buffer overflow\nvulnerability in the VPNv4 NLRI parser in bgpd in quagga, a\nBGP/OSPF/RIP routing daemon. A remote attacker can exploit this flaw\nto cause a denial of service (daemon crash), or potentially, execution\nof arbitrary code, if bgpd is configured with BGP peers enabled for\nVPNv4.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819179\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/quagga\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/quagga\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3532\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the quagga packages.\n\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 0.99.22.4-1+wheezy2.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 0.99.23.1-1+deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:quagga\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"quagga\", reference:\"0.99.22.4-1+wheezy2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"quagga-dbg\", reference:\"0.99.22.4-1+wheezy2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"quagga-doc\", reference:\"0.99.22.4-1+wheezy2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"quagga\", reference:\"0.99.23.1-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"quagga-dbg\", reference:\"0.99.23.1-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"quagga-doc\", reference:\"0.99.23.1-1+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T10:53:23", "description": "Donald Sharp reports :\n\nA malicious BGP peer may execute arbitrary code in particularly\nconfigured remote bgpd hosts.", "edition": 26, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-03-11T00:00:00", "title": "FreeBSD : quagga -- stack based buffer overflow vulnerability (70c44cd0-e717-11e5-85be-14dae9d210b8)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2342"], "modified": "2016-03-11T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:quagga"], "id": "FREEBSD_PKG_70C44CD0E71711E585BE14DAE9D210B8.NASL", "href": "https://www.tenable.com/plugins/nessus/89852", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89852);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-2342\");\n\n script_name(english:\"FreeBSD : quagga -- stack based buffer overflow vulnerability (70c44cd0-e717-11e5-85be-14dae9d210b8)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Donald Sharp reports :\n\nA malicious BGP peer may execute arbitrary code in particularly\nconfigured remote bgpd hosts.\"\n );\n # https://www.kb.cert.org/vuls/id/270232\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.kb.cert.org/vuls/id/270232/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://savannah.nongnu.org/forum/forum.php?forum_id=8476\"\n );\n # https://vuxml.freebsd.org/freebsd/70c44cd0-e717-11e5-85be-14dae9d210b8.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?451fd459\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:quagga\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"quagga<1.0.20160309\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T12:30:12", "description": "This update for quagga fixes the following security issue :\n\n - CVE-2016-2342: Quagga was extended the prefixlen check\n to ensure it is within the bound of the NLRI packet data\n and the on-stack prefix structure and the maximum size\n for the address family (bsc#970952).", "edition": 18, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-03-24T00:00:00", "title": "openSUSE Security Update : quagga (openSUSE-2016-383)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2342"], "modified": "2016-03-24T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:quagga-debugsource", "p-cpe:/a:novell:opensuse:quagga-devel", "p-cpe:/a:novell:opensuse:quagga-debuginfo", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:quagga"], "id": "OPENSUSE-2016-383.NASL", "href": "https://www.tenable.com/plugins/nessus/90135", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-383.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90135);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-2342\");\n\n script_name(english:\"openSUSE Security Update : quagga (openSUSE-2016-383)\");\n script_summary(english:\"Check for the openSUSE-2016-383 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for quagga fixes the following security issue :\n\n - CVE-2016-2342: Quagga was extended the prefixlen check\n to ensure it is within the bound of the NLRI packet data\n and the on-stack prefix structure and the maximum size\n for the address family (bsc#970952).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=970952\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected quagga packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quagga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quagga-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quagga-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quagga-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"quagga-0.99.23-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"quagga-debuginfo-0.99.23-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"quagga-debugsource-0.99.23-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"quagga-devel-0.99.23-2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"quagga / quagga-debuginfo / quagga-debugsource / quagga-devel\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T12:30:12", "description": "This update for quagga fixes the following security issue :\n\n - CVE-2016-2342: Quagga was extended the prefixlen check\n to ensure it is within the bound of the NLRI packet data\n and the on-stack prefix structure and the maximum size\n for the address family (bsc#970952).", "edition": 18, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-03-25T00:00:00", "title": "openSUSE Security Update : quagga (openSUSE-2016-396)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2342"], "modified": "2016-03-25T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:quagga-debugsource", "p-cpe:/a:novell:opensuse:quagga-devel", "cpe:/o:novell:opensuse:42.1", "p-cpe:/a:novell:opensuse:quagga-debuginfo", "p-cpe:/a:novell:opensuse:quagga"], "id": "OPENSUSE-2016-396.NASL", "href": "https://www.tenable.com/plugins/nessus/90171", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-396.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90171);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-2342\");\n\n script_name(english:\"openSUSE Security Update : quagga (openSUSE-2016-396)\");\n script_summary(english:\"Check for the openSUSE-2016-396 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for quagga fixes the following security issue :\n\n - CVE-2016-2342: Quagga was extended the prefixlen check\n to ensure it is within the bound of the NLRI packet data\n and the on-stack prefix structure and the maximum size\n for the address family (bsc#970952).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=970952\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected quagga packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quagga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quagga-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quagga-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:quagga-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"quagga-0.99.24.1-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"quagga-debuginfo-0.99.24.1-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"quagga-debugsource-0.99.24.1-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"quagga-devel-0.99.24.1-5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"quagga / quagga-debuginfo / quagga-debugsource / quagga-devel\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T14:45:27", "description": "This update for quagga fixes the following security issue :\n\n - CVE-2016-2342: Quagga was extended the prefixlen check\n to ensure it is within the bound of the NLRI packet data\n and the on-stack prefix structure and the maximum size\n for the address family (bsc#970952).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-04-05T00:00:00", "title": "SUSE SLES11 Security Update : quagga (SUSE-SU-2016:0946-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2342"], "modified": "2016-04-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:quagga", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2016-0946-1.NASL", "href": "https://www.tenable.com/plugins/nessus/90348", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:0946-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90348);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-2342\");\n\n script_name(english:\"SUSE SLES11 Security Update : quagga (SUSE-SU-2016:0946-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for quagga fixes the following security issue :\n\n - CVE-2016-2342: Quagga was extended the prefixlen check\n to ensure it is within the bound of the NLRI packet data\n and the on-stack prefix structure and the maximum size\n for the address family (bsc#970952).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=970952\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2342/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20160946-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?068054e0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4 :\n\nzypper in -t patch sdksp4-quagga-12489=1\n\nSUSE Linux Enterprise Server 11-SP4 :\n\nzypper in -t patch slessp4-quagga-12489=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4 :\n\nzypper in -t patch dbgsp4-quagga-12489=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:quagga\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"quagga-0.99.15-0.16.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"quagga\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:43:27", "description": "Kostya Kortchinsky discovered that Quagga incorrectly handled certain\nroute data when configured with BGP peers enabled for VPNv4. A remote\nattacker could use this issue to cause Quagga to crash, resulting in a\ndenial of service, or possibly execute arbitrary code. (CVE-2016-2342)\n\nIt was discovered that Quagga incorrectly handled messages with a\nlarge LSA when used in certain configurations. A remote attacker could\nuse this issue to cause Quagga to crash, resulting in a denial of\nservice. This issue only affected Ubuntu 12.04 LTS. (CVE-2013-2236).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-03-25T00:00:00", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : quagga vulnerabilities (USN-2941-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2342", "CVE-2013-2236"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:15.10", "p-cpe:/a:canonical:ubuntu_linux:quagga", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2941-1.NASL", "href": "https://www.tenable.com/plugins/nessus/90188", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2941-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90188);\n script_version(\"2.8\");\n script_cvs_date(\"Date: 2019/09/18 12:31:45\");\n\n script_cve_id(\"CVE-2013-2236\", \"CVE-2016-2342\");\n script_xref(name:\"USN\", value:\"2941-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : quagga vulnerabilities (USN-2941-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Kostya Kortchinsky discovered that Quagga incorrectly handled certain\nroute data when configured with BGP peers enabled for VPNv4. A remote\nattacker could use this issue to cause Quagga to crash, resulting in a\ndenial of service, or possibly execute arbitrary code. (CVE-2016-2342)\n\nIt was discovered that Quagga incorrectly handled messages with a\nlarge LSA when used in certain configurations. A remote attacker could\nuse this issue to cause Quagga to crash, resulting in a denial of\nservice. This issue only affected Ubuntu 12.04 LTS. (CVE-2013-2236).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2941-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected quagga package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:quagga\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/10/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|15\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 15.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"quagga\", pkgver:\"0.99.20.1-0ubuntu0.12.04.4\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"quagga\", pkgver:\"0.99.22.4-3ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"quagga\", pkgver:\"0.99.24.1-2ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"quagga\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:14:49", "description": "This update addresses multiple security problems and fixes systemd\ndependencies.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 18, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-11-04T00:00:00", "title": "Fedora 24 : quagga (2016-cae6456f63)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4049", "CVE-2016-1245", "CVE-2016-2342"], "modified": "2016-11-04T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:quagga", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2016-CAE6456F63.NASL", "href": "https://www.tenable.com/plugins/nessus/94526", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-cae6456f63.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94526);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-1245\", \"CVE-2016-2342\", \"CVE-2016-4049\");\n script_xref(name:\"FEDORA\", value:\"2016-cae6456f63\");\n\n script_name(english:\"Fedora 24 : quagga (2016-cae6456f63)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update addresses multiple security problems and fixes systemd\ndependencies.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-cae6456f63\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected quagga package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:quagga\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"quagga-0.99.24.1-4.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"quagga\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:14:15", "description": "This update addresses multiple security problems and fixes systemd\ndependencies.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 18, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-11-04T00:00:00", "title": "Fedora 23 : quagga (2016-568c7ff4f6)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4049", "CVE-2016-1245", "CVE-2016-2342"], "modified": "2016-11-04T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:quagga", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-568C7FF4F6.NASL", "href": "https://www.tenable.com/plugins/nessus/94524", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-568c7ff4f6.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94524);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-1245\", \"CVE-2016-2342\", \"CVE-2016-4049\");\n script_xref(name:\"FEDORA\", value:\"2016-568c7ff4f6\");\n\n script_name(english:\"Fedora 23 : quagga (2016-568c7ff4f6)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update addresses multiple security problems and fixes systemd\ndependencies.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-568c7ff4f6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected quagga package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:quagga\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"quagga-0.99.24.1-3.fc23\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"quagga\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-02T11:41:35", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2342", "CVE-2013-2236"], "description": "Kostya Kortchinsky discovered that Quagga incorrectly handled certain route \ndata when configured with BGP peers enabled for VPNv4. A remote attacker \ncould use this issue to cause Quagga to crash, resulting in a denial of \nservice, or possibly execute arbitrary code. (CVE-2016-2342)\n\nIt was discovered that Quagga incorrectly handled messages with a large \nLSA when used in certain configurations. A remote attacker could use this \nissue to cause Quagga to crash, resulting in a denial of service. This \nissue only affected Ubuntu 12.04 LTS. (CVE-2013-2236)", "edition": 5, "modified": "2016-03-24T00:00:00", "published": "2016-03-24T00:00:00", "id": "USN-2941-1", "href": "https://ubuntu.com/security/notices/USN-2941-1", "title": "Quagga vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1245", "CVE-2016-2342", "CVE-2016-4049"], "description": "Quagga is free software that operates TCP/IP-based routing protocols. It ta kes a multi-server and multi-threaded approach to resolving the current complex ity of the Internet. Quagga supports Babel, BGP4, BGP4+, BGP4-, IS-IS (experimental), OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng. Quagga is intended to be used as a Route Server and a Route Reflector. It is not a toolkit; it provides full routing power under a new architecture. Quagga by design has a process for each protocol. Quagga is a fork of GNU Zebra. ", "modified": "2016-11-19T21:27:34", "published": "2016-11-19T21:27:34", "id": "FEDORA:E3A74605853D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: quagga-0.99.24.1-4.fc25", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1245", "CVE-2016-2342", "CVE-2016-4049"], "description": "Quagga is free software that operates TCP/IP-based routing protocols. It ta kes a multi-server and multi-threaded approach to resolving the current complex ity of the Internet. Quagga supports Babel, BGP4, BGP4+, BGP4-, IS-IS (experimental), OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng. Quagga is intended to be used as a Route Server and a Route Reflector. It is not a toolkit; it provides full routing power under a new architecture. Quagga by design has a process for each protocol. Quagga is a fork of GNU Zebra. ", "modified": "2016-11-04T02:53:38", "published": "2016-11-04T02:53:38", "id": "FEDORA:086D860E6A17", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: quagga-0.99.24.1-3.fc23", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1245", "CVE-2016-2342", "CVE-2016-4049"], "description": "Quagga is free software that operates TCP/IP-based routing protocols. It ta kes a multi-server and multi-threaded approach to resolving the current complex ity of the Internet. Quagga supports Babel, BGP4, BGP4+, BGP4-, IS-IS (experimental), OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng. Quagga is intended to be used as a Route Server and a Route Reflector. It is not a toolkit; it provides full routing power under a new architecture. Quagga by design has a process for each protocol. Quagga is a fork of GNU Zebra. ", "modified": "2016-11-03T23:59:33", "published": "2016-11-03T23:59:33", "id": "FEDORA:9A29B60D9A8A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: quagga-0.99.24.1-4.fc24", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:25:22", "bulletinFamily": "unix", "cvelist": ["CVE-2016-4049", "CVE-2016-1245", "CVE-2016-2342", "CVE-2013-2236", "CVE-2017-5495"], "description": "**CentOS Errata and Security Advisory** CESA-2017:0794\n\n\nThe quagga packages contain Quagga, the free network-routing software suite that manages TCP/IP based protocols. Quagga supports the BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng protocols, and is intended to be used as a Route Server and Route Reflector.\n\nSecurity Fix(es):\n\n* A stack-based buffer overflow flaw was found in the way Quagga handled IPv6 router advertisement messages. A remote attacker could use this flaw to crash the zebra daemon resulting in denial of service. (CVE-2016-1245)\n\n* A stack-based buffer overflow flaw was found in the way the Quagga BGP routing daemon (bgpd) handled Labeled-VPN SAFI routes data. A remote attacker could use this flaw to crash the bgpd daemon resulting in denial of service. (CVE-2016-2342)\n\n* A denial of service flaw was found in the Quagga BGP routing daemon (bgpd). Under certain circumstances, a remote attacker could send a crafted packet to crash the bgpd daemon resulting in denial of service. (CVE-2016-4049)\n\n* A denial of service flaw affecting various daemons in Quagga was found. A remote attacker could use this flaw to cause the various Quagga daemons, which expose their telnet interface, to crash. (CVE-2017-5495)\n\n* A stack-based buffer overflow flaw was found in the way the Quagga OSPFD daemon handled LSA (link-state advertisement) packets. A remote attacker could use this flaw to crash the ospfd daemon resulting in denial of service. (CVE-2013-2236)\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2017-March/003917.html\n\n**Affected packages:**\nquagga\nquagga-contrib\nquagga-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2017-0794.html", "edition": 3, "modified": "2017-03-24T15:42:29", "published": "2017-03-24T15:42:29", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2017-March/003917.html", "id": "CESA-2017:0794", "title": "quagga security update", "type": "centos", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:45:19", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2236", "CVE-2016-1245", "CVE-2016-2342", "CVE-2016-4049", "CVE-2017-5495"], "description": "The quagga packages contain Quagga, the free network-routing software suite that manages TCP/IP based protocols. Quagga supports the BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng protocols, and is intended to be used as a Route Server and Route Reflector.\n\nSecurity Fix(es):\n\n* A stack-based buffer overflow flaw was found in the way Quagga handled IPv6 router advertisement messages. A remote attacker could use this flaw to crash the zebra daemon resulting in denial of service. (CVE-2016-1245)\n\n* A stack-based buffer overflow flaw was found in the way the Quagga BGP routing daemon (bgpd) handled Labeled-VPN SAFI routes data. A remote attacker could use this flaw to crash the bgpd daemon resulting in denial of service. (CVE-2016-2342)\n\n* A denial of service flaw was found in the Quagga BGP routing daemon (bgpd). Under certain circumstances, a remote attacker could send a crafted packet to crash the bgpd daemon resulting in denial of service. (CVE-2016-4049)\n\n* A denial of service flaw affecting various daemons in Quagga was found. A remote attacker could use this flaw to cause the various Quagga daemons, which expose their telnet interface, to crash. (CVE-2017-5495)\n\n* A stack-based buffer overflow flaw was found in the way the Quagga OSPFD daemon handled LSA (link-state advertisement) packets. A remote attacker could use this flaw to crash the ospfd daemon resulting in denial of service. (CVE-2013-2236)\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section.", "modified": "2018-06-07T18:23:16", "published": "2017-03-21T10:17:51", "id": "RHSA-2017:0794", "href": "https://access.redhat.com/errata/RHSA-2017:0794", "type": "redhat", "title": "(RHSA-2017:0794) Moderate: quagga security and bug fix update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:22", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1820", "CVE-2016-4049", "CVE-2016-1245", "CVE-2011-3326", "CVE-2012-0250", "CVE-2012-0255", "CVE-2012-0249", "CVE-2011-3325", "CVE-2016-2342", "CVE-2011-3323", "CVE-2013-2236", "CVE-2017-5495", "CVE-2011-3327", "CVE-2011-3324"], "description": "[0.99.15-14]\n- Resolves: #1416013 - CVE-2017-5495 quagga: Telnet interface input buffer allocates unbounded amounts of memory\n[0.99.15-13]\n- fix path of ripd pid file (#842308)\n[0.99.15-12]\n- fix start() function in watchqugga initscript (#862826, #1208617)\n[0.99.15-11]\n- fix for CVE-2013-2236 (#1391918)\n- fix for CVE-2016-1245 (#1391914)\n- fix for CVE-2016-2342 (#1391916)\n- fix for CVE-2016-4049 (#1391919)\n[0.99.15-11]\n- ospf6d: Fix crash when '[no] ipv6 ospf6 advertise prefix-list' is in startup-config (#770731)\n[0.99.15-10]\n- add watchquagga initscript (#862826, #1208617)\n- remove pidfile when service is stopped (#842308)\n- use QCONFDIR correctly in initscripts (#839620)\n- include watchquagga and ospfclient manpages (#674862)\n[0.99.15-9]\n- improve fix for CVE-2011-3325\n[0.99.15-8]\n- fix CVE-2011-3323\n- fix CVE-2011-3324\n- fix CVE-2011-3325\n- fix CVE-2011-3326\n- fix CVE-2011-3327\n- fix CVE-2012-0255\n- fix CVE-2012-0249 and CVE-2012-0250\n- fix CVE-2012-1820", "edition": 4, "modified": "2017-03-27T00:00:00", "published": "2017-03-27T00:00:00", "id": "ELSA-2017-0794", "href": "http://linux.oracle.com/errata/ELSA-2017-0794.html", "title": "quagga security and bug fix update", "type": "oraclelinux", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}]}
