SuSE 10 Security Update : quagga (ZYPP Patch Number 7406)

2011-12-13T00:00:00
ID SUSE_QUAGGA-7406.NASL
Type nessus
Reporter Tenable
Modified 2016-12-22T00:00:00

Description

This security update of quagga fixes :

  • Direct BGP peers can send malformed extended communities which lead to a NULL pointer dereference. (CVE-2010-1674)

  • A malformed AS_PATHLIMIT path attribute will cause a session reset in Quagga. This malformed package is forwarded by other routers and can be used to take 'all' Quagga routers off the Internet with one single announcement. (feature removed). (CVE-2010-1675)

  • CVE-2010-2948: CVSS v2 Base Score: 5.4 (AV:A/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119)

  • CVE-2010-2949: CVSS v2 Base Score: 1.8 (AV:A/AC:H/Au:N/C:N/I:N/A:P)

                                        
                                            #
# (C) Tenable Network Security, Inc.
#
# The text description of this plugin is (C) Novell, Inc.
#

include("compat.inc");

if (description)
{
  script_id(57249);
  script_version ("$Revision: 1.3 $");
  script_cvs_date("$Date: 2016/12/22 20:42:28 $");

  script_cve_id("CVE-2010-1674", "CVE-2010-1675", "CVE-2010-2948", "CVE-2010-2949");

  script_name(english:"SuSE 10 Security Update : quagga (ZYPP Patch Number 7406)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SuSE 10 host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This security update of quagga fixes :

  - Direct BGP peers can send malformed extended communities
    which lead to a NULL pointer dereference.
    (CVE-2010-1674)

  - A malformed AS_PATHLIMIT path attribute will cause a
    session reset in Quagga. This malformed package is
    forwarded by other routers and can be used to take 'all'
    Quagga routers off the Internet with one single
    announcement. (feature removed). (CVE-2010-1675)

  - CVE-2010-2948: CVSS v2 Base Score: 5.4
    (AV:A/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119)

  - CVE-2010-2949: CVSS v2 Base Score: 1.8
    (AV:A/AC:H/Au:N/C:N/I:N/A:P)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-1674.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-1675.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-2948.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-2949.html"
  );
  script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 7406.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
  script_cwe_id(119);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2011/03/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/12/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");


flag = 0;
if (rpm_check(release:"SLES10", sp:4, reference:"quagga-0.99.9-14.9.3")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"quagga-devel-0.99.9-14.9.3")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else exit(0, "The host is not affected.");