6 matches found
Ubuntu: Security Advisory (USN-3102-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 601-1] quagga security update
Package : quagga Version : 0.99.22.4-1+wheezy3 CVE ID : CVE-2016-4036 CVE-2016-4049 Debian Bug : 835223, 822787 The quagga package installs world readable sensitive files in /etc/quagga, and might be subject to denial of service because of lacking packet size checks. CVE-2016-4036 The quagga...
[SECURITY] [DSA 3654-1] quagga security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3654-1 [email protected] https://www.debian.org/security/ Sebastien Delafond August 26, 2016 https://www.debian.org/security/faq -...
Debian Security Advisory DSA 3654-1 (quagga - security update)
Two vulnerabilities were discovered in quagga, a BGP/OSPF/RIP routing daemon. CVE-2016-4036 Tams Nmeth discovered that sensitive configuration files in /etc/quagga were world-readable despite containing sensitive information. CVE-2016-4049 Evgeny Uskov discovered that a bgpd instance handling man...
CVE-2016-4036
CVE-2016-4036 affects the Quagga daemon. The root cause is weak permissions on /etc/quagga, allowing local users to read sensitive configuration files. This is paired with CVE-2016-4049, where bgpd could crash from large route dumps due to missing size checks. Public advisories (Debian/Ubuntu) sh...
CVE-2016-4036
The quagga package before 0.99.23-2.6.1 in openSUSE and SUSE Linux Enterprise Server 11 SP 1 uses weak permissions for /etc/quagga, which allows local users to obtain sensitive information by reading files in the directory...