EUVD-2013-6783

Malware in sbrugna...

RHEL 7 : quagga (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - quagga: Buffer Overflow in IPv6 RA handling CVE-2016-1245 - quagga: VPNv4 NLRI parser memcpys to stack on...

RHEL 5 : quagga (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - quagga: VPNv4 NLRI parser memcpys to stack on unchecked length CVE-2016-2342 - quagga: Double free...

K21921812: Quagga vulnerability CVE-2016-2342

Security Advisory Description The bgpnlriparsevpnv4 function in bgpmplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execu...

Buffer Overflow

Quagga is vulnerable to stack-based buffer overflow attacks. When a certain VPNv4 configuration is used a remote attacker may crash Quagga BGP routing daemon bgpd which leads to denial of service DoS...

GLSA-201610-03 : Quagga: Arbitrary code execution

The remote host is affected by the vulnerability described in GLSA-201610-03 Quagga: Arbitrary code execution A memcpy function in the VPNv4 NLRI parser of bgpmplsvpn.c does not properly check the upper-bound length of received Labeled-VPN SAFI routes data, which may allow for arbitrary code...

Quagga: Arbitrary code execution

Background Quagga is a free routing daemon replacing Zebra supporting RIP, OSPF and BGP. Description A memcpy function in the VPNv4 NLRI parser of bgpmplsvpn.c does not properly check the upper-bound length of received Labeled-VPN SAFI routes data, which may allow for arbitrary code execution on...

Debian DSA-3532-1 : quagga - security update

Kostya Kortchinsky discovered a stack-based buffer overflow vulnerability in the VPNv4 NLRI parser in bgpd in quagga, a BGP/OSPF/RIP routing daemon. A remote attacker can exploit this flaw to cause a denial of service daemon crash, or potentially, execution of arbitrary code, if bgpd is configure...

[SECURITY] [DSA 3532-1] quagga security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3532-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 27, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3532-1] quagga security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3532-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 27, 2016 https://www.debian.org/security/faq -...

DSA-3532-1 quagga - security update

Bulletin has no description...

Debian Security Advisory DSA 3532-1 (quagga - security update)

Kostya Kortchinsky discovered a stack-based buffer overflow vulnerability in the VPNv4 NLRI parser in bgpd in quagga, a BGP/OSPF/RIP routing daemon. A remote attacker can exploit this flaw to cause a denial of service daemon crash, or potentially, execution of arbitrary code, if bgpd is configure...

Updated quagga packages fix security vulnerability

A vulnerability was found in a way VPNv4 NLRI parser copied packet data to the stack. Memcpy to stack data structure based on length field from packet data whose length field upper-bound was not properly checked CVE-2016-2342...

MGASA-2016-0126 Updated quagga packages fix security vulnerability

A vulnerability was found in a way VPNv4 NLRI parser copied packet data to the stack. Memcpy to stack data structure based on length field from packet data whose length field upper-bound was not properly checked CVE-2016-2342...

Debian: Security Advisory (DSA-3532-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-2941-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2016-2342

The bgpnlriparsevpnv4 function in bgpmplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitrary code or cause a...

Stack overflow

The bgpnlriparsevpnv4 function in bgpmplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitrary code or cause a...

CVE-2016-2342

The bgpnlriparsevpnv4 function in bgpmplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitrary code or cause a...

CVE-2016-2342

Removed by vendor...