Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2010:0785
HistoryOct 20, 2010 - 12:00 a.m.

(RHSA-2010:0785) Moderate: quagga security update

2010-10-2000:00:00
access.redhat.com
13

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.056 Low

EPSS

Percentile

92.5%

JSON

Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon
implements the BGP (Border Gateway Protocol) routing protocol.

A stack-based buffer overflow flaw was found in the way the Quagga bgpd
daemon processed certain BGP Route Refresh (RR) messages. A configured BGP
peer could send a specially-crafted BGP message, causing bgpd on a target
system to crash or, possibly, execute arbitrary code with the privileges of
the user running bgpd. (CVE-2010-2948)

Note: On Red Hat Enterprise Linux 5 it is not possible to exploit
CVE-2010-2948 to run arbitrary code as the overflow is blocked by
FORTIFY_SOURCE.

Multiple NULL pointer dereference flaws were found in the way the Quagga
bgpd daemon processed certain specially-crafted BGP messages. A configured
BGP peer could crash bgpd on a target system via specially-crafted BGP
messages. (CVE-2007-4826)

Users of quagga should upgrade to these updated packages, which contain
backported patches to correct these issues. After installing the updated
packages, the bgpd daemon must be restarted for the update to take effect.

OSVersionArchitecturePackageVersionFilename
RedHat5ia64quagga< 0.98.6-5.el5_5.2quagga-0.98.6-5.el5_5.2.ia64.rpm
RedHat4s390xquagga-devel< 0.98.3-4.el4_8.1quagga-devel-0.98.3-4.el4_8.1.s390x.rpm
RedHat5x86_64quagga< 0.98.6-5.el5_5.2quagga-0.98.6-5.el5_5.2.x86_64.rpm
RedHat4x86_64quagga-devel< 0.98.3-4.el4_8.1quagga-devel-0.98.3-4.el4_8.1.x86_64.rpm
RedHat4x86_64quagga-contrib< 0.98.3-4.el4_8.1quagga-contrib-0.98.3-4.el4_8.1.x86_64.rpm
RedHat4ia64quagga< 0.98.3-4.el4_8.1quagga-0.98.3-4.el4_8.1.ia64.rpm
RedHat4ppcquagga-devel< 0.98.3-4.el4_8.1quagga-devel-0.98.3-4.el4_8.1.ppc.rpm
RedHat5ia64quagga-devel< 0.98.6-5.el5_5.2quagga-devel-0.98.6-5.el5_5.2.ia64.rpm
RedHat5s390xquagga-devel< 0.98.6-5.el5_5.2quagga-devel-0.98.6-5.el5_5.2.s390x.rpm
RedHat4ia64quagga-contrib< 0.98.3-4.el4_8.1quagga-contrib-0.98.3-4.el4_8.1.ia64.rpm
Rows per page:
1-10 of 371

Related

openvas 22
nessus 28
centos 1
oraclelinux 4
cve 2
prion 2
debian 2
ubuntu 2
ubuntucve 2
osv 2
veracode 2
debiancve 2
fedora 5
securityvulns 2
redhat 1
suse 1
gentoo 1
openvas
openvas
RedHat Update for quagga RHSA-2010:0785-01
2010-10-22 00:00:00
Oracle Linux Local Check: ELSA-2010-0785
2015-10-06 00:00:00
CentOS Update for quagga CESA-2010:0785 centos5 i386
2011-08-09 00:00:00
nessus
nessus
CentOS 4 / 5 : quagga (CESA-2010:0785)
2010-11-24 00:00:00
RHEL 4 / 5 : quagga (RHSA-2010:0785)
2010-10-21 00:00:00
Oracle Linux 4 / 5 : quagga (ELSA-2010-0785)
2013-07-12 00:00:00
centos
centos
quagga security update
2010-10-20 20:56:39
oraclelinux
oraclelinux
quagga security update
2010-10-20 00:00:00
quagga security update
2011-02-10 00:00:00
quagga security update
2012-09-12 00:00:00
cve
cve
CVE-2007-4826
2007-09-12 10:17:00
CVE-2010-2948
2010-09-10 19:00:00
prion
prion
Null pointer dereference
2007-09-12 10:17:00
Stack overflow
2010-09-10 19:00:00
debian
debian
[SECURITY] [DSA 1379-1] New quagga packages fix denial of service
2007-10-03 08:59:11
[SECURITY] [DSA-2104-1] New quagga packages fix denial of service
2010-09-06 19:20:44
ubuntu
ubuntu
Quagga vulnerability
2007-09-15 00:00:00
Quagga vulnerabilities
2010-12-07 00:00:00
ubuntucve
ubuntucve
CVE-2007-4826
2007-09-12 00:00:00
CVE-2010-2948
2010-09-10 00:00:00
osv
osv
quagga
2007-10-01 00:00:00
quagga - denial of service
2010-09-06 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:49:10
Denial Of Service (DoS)
2020-04-10 00:49:10
debiancve
debiancve
CVE-2007-4826
2007-09-12 10:17:00
CVE-2010-2948
2010-09-10 19:00:00
fedora
fedora
[SECURITY] Fedora 14 Update: quagga-0.99.17-1.fc14
2010-09-11 03:44:52
[SECURITY] Fedora 13 Update: quagga-0.99.17-1.fc13
2010-09-11 08:58:15
[SECURITY] Fedora 7 Update: quagga-0.99.9-1.fc7
2007-09-18 19:21:48
securityvulns
securityvulns
[SECURITY] [DSA-2104-1] New quagga packages fix denial of service
2010-09-12 00:00:00
quagga BGP daemon DoS
2010-09-12 00:00:00
redhat
redhat
(RHSA-2010:0945) Moderate: quagga security update
2010-12-06 00:00:00
suse
suse
Security update for quagga (important)
2011-12-12 02:08:23
gentoo
gentoo
Quagga: Multiple vulnerabilities
2012-02-21 00:00:00

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.056 Low

EPSS

Percentile

92.5%

JSON
Related for RHSA-2010:0785
openvas22nessus28centos1oraclelinux4cve2prion2debian2ubuntu2ubuntucve2osv2veracode2debiancve2fedora5securityvulns2redhat1suse1gentoo1