{"cve": [{"lastseen": "2016-09-03T19:07:06", "bulletinFamily": "NVD", "description": "The bgp_attr_unknown function in bgp_attr.c in Quagga 0.99.21 does not properly initialize the total variable, which allows remote attackers to cause a denial of service (bgpd crash) via a crafted BGP update.", "modified": "2013-12-16T15:41:09", "published": "2013-12-14T12:21:46", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6051", "id": "CVE-2013-6051", "title": "CVE-2013-6051", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-05T12:21:16", "bulletinFamily": "NVD", "description": "Stack-based buffer overflow in the new_msg_lsa_change_notify function in the OSPFD API (ospf_api.c) in Quagga before 0.99.22.2, when --enable-opaque-lsa and the -a command line option are used, allows remote attackers to cause a denial of service (crash) via a large LSA.", "modified": "2018-01-04T21:29:33", "published": "2013-10-23T23:48:46", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2236", "id": "CVE-2013-2236", "title": "CVE-2013-2236", "type": "cve", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:49", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2803-1 security@debian.org\r\nhttp://www.debian.org/security/ Moritz Muehlenhoff\r\nNovember 26, 2013 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : quagga\r\nVulnerability : several\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE ID : CVE-2013-2236 CVE-2013-6051\r\nDebian Bug : 730513 726724\r\n\r\nMultiple vulnerabilities were discovered in Quagga, a BGP/OSPF/RIP \r\nrouting daemon:\r\n\r\nCVE-2013-2236\r\n\r\n A buffer overflow was found in the OSPF API-server (exporting the LSDB \r\n and allowing announcement of Opaque-LSAs).\r\n\r\nCVE-2013-6051\r\n\r\n bgpd could be crashed through BGP updates. This only affects Wheezy/stable.\r\n\r\nFor the oldstable distribution (squeeze), these problems have been fixed in\r\nversion 0.99.20.1-0+squeeze5.\r\n\r\nFor the stable distribution (wheezy), these problems have been fixed in\r\nversion 0.99.22.4-1+wheezy1.\r\n\r\nFor the unstable distribution (sid), these problems have been fixed in\r\nversion 0.99.22.4-1.\r\n\r\nWe recommend that you upgrade your quagga packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.15 (GNU/Linux)\r\n\r\niEYEARECAAYFAlKUyFsACgkQXm3vHE4uylouHQCeNCxgOv9G1tH64xIrkFeU4uii\r\nrvAAoIzFahZs7T2On3ppR7ivv3Q4YSuQ\r\n=6ZKz\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2013-12-01T00:00:00", "published": "2013-12-01T00:00:00", "id": "SECURITYVULNS:DOC:30043", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30043", "title": "[SECURITY] [DSA 2803-1] quagga security update", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "debian": [{"lastseen": "2018-10-18T13:49:29", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2803-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nNovember 26, 2013 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : quagga\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2013-2236 CVE-2013-6051\nDebian Bug : 730513 726724\n\nMultiple vulnerabilities were discovered in Quagga, a BGP/OSPF/RIP \nrouting daemon:\n\nCVE-2013-2236\n\n A buffer overflow was found in the OSPF API-server (exporting the LSDB \n and allowing announcement of Opaque-LSAs).\n\nCVE-2013-6051\n\n bgpd could be crashed through BGP updates. This only affects Wheezy/stable.\n\nFor the oldstable distribution (squeeze), these problems have been fixed in\nversion 0.99.20.1-0+squeeze5.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 0.99.22.4-1+wheezy1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 0.99.22.4-1.\n\nWe recommend that you upgrade your quagga packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2013-11-26T16:13:38", "published": "2013-11-26T16:13:38", "id": "DEBIAN:DSA-2803-1:52CB4", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2013/msg00217.html", "title": "[SECURITY] [DSA 2803-1] quagga security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-09-01T23:56:57", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities were discovered in Quagga, a BGP/OSPF/RIP\nrouting daemon:\n\nCVE-2013-2236 \nA buffer overflow was found in the OSPF API-server (exporting the LSDB\nand allowing announcement of Opaque-LSAs).\n\nCVE-2013-6051 \nbgpd could be crashed through BGP updates. This only affects Wheezy/stable.", "modified": "2018-04-06T00:00:00", "published": "2013-11-26T00:00:00", "id": "OPENVAS:1361412562310892803", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892803", "title": "Debian Security Advisory DSA 2803-1 (quagga - several vulnerabilities)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2803.nasl 9353 2018-04-06 07:14:20Z cfischer $\n# Auto-generated from advisory DSA 2803-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"quagga on Debian Linux\";\ntag_insight = \"GNU Quagga is free software which manages TCP/IP based routing protocols.\nIt supports BGP4, BGP4+, OSPFv2, OSPFv3, IS-IS, RIPv1, RIPv2, and RIPng as\nwell as the IPv6 versions of these.\";\ntag_solution = \"For the oldstable distribution (squeeze), these problems have been fixed in\nversion 0.99.20.1-0+squeeze5.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 0.99.22.4-1+wheezy1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 0.99.22.4-1.\n\nWe recommend that you upgrade your quagga packages.\";\ntag_summary = \"Multiple vulnerabilities were discovered in Quagga, a BGP/OSPF/RIP\nrouting daemon:\n\nCVE-2013-2236 \nA buffer overflow was found in the OSPF API-server (exporting the LSDB\nand allowing announcement of Opaque-LSAs).\n\nCVE-2013-6051 \nbgpd could be crashed through BGP updates. This only affects Wheezy/stable.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892803\");\n script_version(\"$Revision: 9353 $\");\n script_cve_id(\"CVE-2013-2236\", \"CVE-2013-6051\");\n script_name(\"Debian Security Advisory DSA 2803-1 (quagga - several vulnerabilities)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2018-04-06 09:14:20 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value:\"2013-11-26 00:00:00 +0100 (Tue, 26 Nov 2013)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2013/dsa-2803.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"quagga\", ver:\"0.99.20.1-0+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"quagga-dbg\", ver:\"0.99.20.1-0+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"quagga-doc\", ver:\"0.99.20.1-0+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"quagga\", ver:\"0.99.22.4-1+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"quagga-dbg\", ver:\"0.99.22.4-1+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"quagga-doc\", ver:\"0.99.22.4-1+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:51:57", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities were discovered in Quagga, a BGP/OSPF/RIP\nrouting daemon:\n\nCVE-2013-2236 \nA buffer overflow was found in the OSPF API-server (exporting the LSDB\nand allowing announcement of Opaque-LSAs).\n\nCVE-2013-6051 \nbgpd could be crashed through BGP updates. This only affects Wheezy/stable.", "modified": "2017-07-07T00:00:00", "published": "2013-11-26T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=892803", "id": "OPENVAS:892803", "title": "Debian Security Advisory DSA 2803-1 (quagga - several vulnerabilities)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2803.nasl 6611 2017-07-07 12:07:20Z cfischer $\n# Auto-generated from advisory DSA 2803-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"quagga on Debian Linux\";\ntag_insight = \"GNU Quagga is free software which manages TCP/IP based routing protocols.\nIt supports BGP4, BGP4+, OSPFv2, OSPFv3, IS-IS, RIPv1, RIPv2, and RIPng as\nwell as the IPv6 versions of these.\";\ntag_solution = \"For the oldstable distribution (squeeze), these problems have been fixed in\nversion 0.99.20.1-0+squeeze5.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 0.99.22.4-1+wheezy1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 0.99.22.4-1.\n\nWe recommend that you upgrade your quagga packages.\";\ntag_summary = \"Multiple vulnerabilities were discovered in Quagga, a BGP/OSPF/RIP\nrouting daemon:\n\nCVE-2013-2236 \nA buffer overflow was found in the OSPF API-server (exporting the LSDB\nand allowing announcement of Opaque-LSAs).\n\nCVE-2013-6051 \nbgpd could be crashed through BGP updates. This only affects Wheezy/stable.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(892803);\n script_version(\"$Revision: 6611 $\");\n script_cve_id(\"CVE-2013-2236\", \"CVE-2013-6051\");\n script_name(\"Debian Security Advisory DSA 2803-1 (quagga - several vulnerabilities)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-07 14:07:20 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2013-11-26 00:00:00 +0100 (Tue, 26 Nov 2013)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2013/dsa-2803.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"quagga\", ver:\"0.99.20.1-0+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"quagga-dbg\", ver:\"0.99.20.1-0+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"quagga-doc\", ver:\"0.99.20.1-0+squeeze5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"quagga\", ver:\"0.99.22.4-1+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"quagga-dbg\", ver:\"0.99.22.4-1+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"quagga-doc\", ver:\"0.99.22.4-1+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-10-02T14:32:16", "bulletinFamily": "scanner", "description": "Amazon Linux Local Security Checks", "modified": "2018-10-01T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120563", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120563", "title": "Amazon Linux Local Check: ALAS-2014-279", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: alas-2014-279.nasl 7000 2017-08-24 11:51:46Z teissa$\n#\n# Amazon Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@iki.fi>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120563\");\n script_version(\"$Revision: 11703 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:29:40 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-01 10:05:31 +0200 (Mon, 01 Oct 2018) $\");\n script_name(\"Amazon Linux Local Check: ALAS-2014-279\");\n script_tag(name:\"insight\", value:\"The bgp_attr_unknown function in bgp_attr.c in Quagga 0.99.21 does not properly initialize the total variable, which allows remote attackers to cause a denial of service (bgpd crash) via a crafted BGP update.\");\n script_tag(name:\"solution\", value:\"Run yum update quagga to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2014-279.html\");\n script_cve_id(\"CVE-2013-6051\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"quagga-devel\", rpm:\"quagga-devel~0.99.21~6.12.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"quagga-contrib\", rpm:\"quagga-contrib~0.99.21~6.12.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"quagga\", rpm:\"quagga~0.99.21~6.12.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"quagga-debuginfo\", rpm:\"quagga-debuginfo~0.99.21~6.12.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-23T13:09:33", "bulletinFamily": "scanner", "description": "Check for the Version of quagga", "modified": "2018-01-23T00:00:00", "published": "2013-12-30T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=867197", "id": "OPENVAS:867197", "title": "Fedora Update for quagga FEDORA-2013-23504", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for quagga FEDORA-2013-23504\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867197);\n script_version(\"$Revision: 8494 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-23 07:57:55 +0100 (Tue, 23 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-30 11:03:54 +0530 (Mon, 30 Dec 2013)\");\n script_cve_id(\"CVE-2013-6051\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for quagga FEDORA-2013-23504\");\n\n tag_insight = \"Quagga is free software that operates TCP/IP-based routing protocols. It takes\na multi-server and multi-threaded approach to resolving the current complexity\nof the Internet.\n\nQuagga supports Babel, BGP4, BGP4+, BGP4-, IS-IS (experimental), OSPFv2,\nOSPFv3, RIPv1, RIPv2, and RIPng.\n\nQuagga is intended to be used as a Route Server and a Route Reflector. It is\nnot a toolkit it provides full routing power under a new architecture.\nQuagga by design has a process for each protocol.\n\nQuagga is a fork of GNU Zebra.\n\";\n\n tag_affected = \"quagga on Fedora 18\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-23504\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-December/125130.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of quagga\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"quagga\", rpm:\"quagga~0.99.21~6.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:57:15", "bulletinFamily": "scanner", "description": "Check for the Version of quagga", "modified": "2018-04-06T00:00:00", "published": "2013-12-30T00:00:00", "id": "OPENVAS:1361412562310867197", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867197", "title": "Fedora Update for quagga FEDORA-2013-23504", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for quagga FEDORA-2013-23504\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867197\");\n script_version(\"$Revision: 9353 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:14:20 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-30 11:03:54 +0530 (Mon, 30 Dec 2013)\");\n script_cve_id(\"CVE-2013-6051\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for quagga FEDORA-2013-23504\");\n\n tag_insight = \"Quagga is free software that operates TCP/IP-based routing protocols. It takes\na multi-server and multi-threaded approach to resolving the current complexity\nof the Internet.\n\nQuagga supports Babel, BGP4, BGP4+, BGP4-, IS-IS (experimental), OSPFv2,\nOSPFv3, RIPv1, RIPv2, and RIPng.\n\nQuagga is intended to be used as a Route Server and a Route Reflector. It is\nnot a toolkit it provides full routing power under a new architecture.\nQuagga by design has a process for each protocol.\n\nQuagga is a fork of GNU Zebra.\n\";\n\n tag_affected = \"quagga on Fedora 18\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-23504\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-December/125130.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of quagga\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"quagga\", rpm:\"quagga~0.99.21~6.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-11-19T12:59:33", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2016-03-25T00:00:00", "id": "OPENVAS:1361412562310842703", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842703", "title": "Ubuntu Update for quagga USN-2941-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for quagga USN-2941-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842703\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-25 06:13:48 +0100 (Fri, 25 Mar 2016)\");\n script_cve_id(\"CVE-2016-2342\", \"CVE-2013-2236\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for quagga USN-2941-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'quagga'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Kostya Kortchinsky discovered that Quagga\n incorrectly handled certain route data when configured with BGP peers enabled\n for VPNv4. A remote attacker could use this issue to cause Quagga to crash,\n resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-2342)\n\n It was discovered that Quagga incorrectly handled messages with a large\n LSA when used in certain configurations. A remote attacker could use this\n issue to cause Quagga to crash, resulting in a denial of service. This\n issue only affected Ubuntu 12.04 LTS. (CVE-2013-2236)\");\n script_tag(name:\"affected\", value:\"quagga on Ubuntu 15.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"2941-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2941-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS|15\\.10)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"quagga\", ver:\"0.99.22.4-3ubuntu1.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"quagga\", ver:\"0.99.20.1-0ubuntu0.12.04.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU15.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"quagga\", ver:\"0.99.24.1-2ubuntu0.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-29T12:39:38", "bulletinFamily": "scanner", "description": "Gentoo Linux Local Security Checks GLSA 201310-08", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121046", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121046", "title": "Gentoo Security Advisory GLSA 201310-08", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201310-08.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121046\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:26:06 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201310-08\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in Quagga. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201310-08\");\n script_cve_id(\"CVE-2012-0249\", \"CVE-2012-0250\", \"CVE-2012-0255\", \"CVE-2012-1820\", \"CVE-2013-2236\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201310-08\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"net-misc/quagga\", unaffected: make_list(\"ge 0.99.22.4\"), vulnerable: make_list(\"lt 0.99.22.4\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-11-23T15:08:35", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2017-03-22T00:00:00", "id": "OPENVAS:1361412562310871784", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871784", "title": "RedHat Update for quagga RHSA-2017:0794-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for quagga RHSA-2017:0794-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871784\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-22 05:48:36 +0100 (Wed, 22 Mar 2017)\");\n script_cve_id(\"CVE-2013-2236\", \"CVE-2016-1245\", \"CVE-2016-2342\", \"CVE-2016-4049\", \"CVE-2017-5495\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for quagga RHSA-2017:0794-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'quagga'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The quagga packages contain Quagga, the\nfree network-routing software suite that manages TCP/IP based protocols. Quagga\nsupports the BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng protocols, and\nis intended to be used as a Route Server and Route Reflector.\n\nSecurity Fix(es):\n\n * A stack-based buffer overflow flaw was found in the way Quagga handled\nIPv6 router advertisement messages. A remote attacker could use this flaw\nto crash the zebra daemon resulting in denial of service. (CVE-2016-1245)\n\n * A stack-based buffer overflow flaw was found in the way the Quagga BGP\nrouting daemon (bgpd) handled Labeled-VPN SAFI routes data. A remote\nattacker could use this flaw to crash the bgpd daemon resulting in denial\nof service. (CVE-2016-2342)\n\n * A denial of service flaw was found in the Quagga BGP routing daemon\n(bgpd). Under certain circumstances, a remote attacker could send a crafted\npacket to crash the bgpd daemon resulting in denial of service.\n(CVE-2016-4049)\n\n * A denial of service flaw affecting various daemons in Quagga was found. A\nremote attacker could use this flaw to cause the various Quagga daemons,\nwhich expose their telnet interface, to crash. (CVE-2017-5495)\n\n * A stack-based buffer overflow flaw was found in the way the Quagga OSPFD\ndaemon handled LSA (link-state advertisement) packets. A remote attacker\ncould use this flaw to crash the ospfd daemon resulting in denial of\nservice. (CVE-2013-2236)\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9\nTechnical Notes linked from the References section.\");\n script_tag(name:\"affected\", value:\"quagga on Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:0794-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-March/msg00054.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"quagga\", rpm:\"quagga~0.99.15~14.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"quagga-debuginfo\", rpm:\"quagga-debuginfo~0.99.15~14.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-02-21T01:20:26", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities were discovered in Quagga, a BGP/OSPF/RIP routing daemon :\n\n - CVE-2013-2236 A buffer overflow was found in the OSPF API-server (exporting the LSDB and allowing announcement of Opaque-LSAs).\n\n - CVE-2013-6051 bgpd could be crashed through BGP updates. This only affects Wheezy/stable.", "modified": "2018-11-10T00:00:00", "id": "DEBIAN_DSA-2803.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=71097", "published": "2013-11-27T00:00:00", "title": "Debian DSA-2803-1 : quagga - several vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2803. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71097);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/11/10 11:49:36\");\n\n script_cve_id(\"CVE-2013-2236\", \"CVE-2013-6051\");\n script_bugtraq_id(60955);\n script_xref(name:\"DSA\", value:\"2803\");\n\n script_name(english:\"Debian DSA-2803-1 : quagga - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities were discovered in Quagga, a BGP/OSPF/RIP\nrouting daemon :\n\n - CVE-2013-2236\n A buffer overflow was found in the OSPF API-server\n (exporting the LSDB and allowing announcement of\n Opaque-LSAs).\n\n - CVE-2013-6051\n bgpd could be crashed through BGP updates. This only\n affects Wheezy/stable.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730513\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726724\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6051\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/quagga\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/quagga\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2013/dsa-2803\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the quagga packages.\n\nFor the oldstable distribution (squeeze), these problems have been\nfixed in version 0.99.20.1-0+squeeze5.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 0.99.22.4-1+wheezy1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:quagga\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"quagga\", reference:\"0.99.20.1-0+squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"quagga-dbg\", reference:\"0.99.20.1-0+squeeze5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"quagga-doc\", reference:\"0.99.20.1-0+squeeze5\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"quagga\", reference:\"0.99.22.4-1+wheezy1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"quagga-dbg\", reference:\"0.99.22.4-1+wheezy1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"quagga-doc\", reference:\"0.99.22.4-1+wheezy1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:20:19", "bulletinFamily": "scanner", "description": "According to its self-reported version number, the installation of Quagga listening on the remote host is potentially affected by a stack-based buffer overflow that occurs in the OSPF API server ('ospf_api.c') when it receives an LSA larger than 1488 bytes. \n\nThe vulnerability is only present when Quagga is compiled with the '--enable-opaque-lsa' flag and the OSPF API server is running (ospfd is run with the '-a' parameter). Exploitation of this issue may lead to a denial of service or arbitrary code execution.", "modified": "2018-11-15T00:00:00", "id": "QUAGGA_0_99_22_2.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=70761", "published": "2013-11-05T00:00:00", "title": "Quagga < 0.99.22.2 OSPF API Buffer Overflow", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70761);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/11/15 20:50:23\");\n\n script_cve_id(\"CVE-2013-2236\");\n script_bugtraq_id(60955);\n\n script_name(english:\"Quagga < 0.99.22.2 OSPF API Buffer Overflow\");\n script_summary(english:\"Check the version of Quagga\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote service may be affected by a buffer overflow\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the installation of\nQuagga listening on the remote host is potentially affected by a\nstack-based buffer overflow that occurs in the OSPF API server\n('ospf_api.c') when it receives an LSA larger than 1488 bytes. \n\nThe vulnerability is only present when Quagga is compiled with the\n'--enable-opaque-lsa' flag and the OSPF API server is running (ospfd is\nrun with the '-a' parameter). Exploitation of this issue may lead to a\ndenial of service or arbitrary code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.quagga.net/pipermail/quagga-dev/2013-July/010622.html\");\n # http://git.savannah.gnu.org/gitweb/?p=quagga.git;a=commitdiff;h=3f872fe60463a931c5c766dbf8c36870c0023e88\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9cfd7251\");\n script_set_attribute(attribute:\"see_also\", value:\"http://nongnu.askapache.com//quagga/quagga-0.99.22.3.changelog.txt\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to version 0.99.22.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/07/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/05\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:quagga:quagga\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"quagga_zebra_detect.nasl\");\n script_require_keys(\"Quagga/Installed\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\napp = \"Quagga Zebra\";\nkb = \"Quagga/\";\n\nport = get_kb_item_or_exit(kb + \"Installed\");\n\nkb += port + \"/\";\nbanner = get_kb_item_or_exit(kb + \"Banner\");\nver = get_kb_item_or_exit(kb + \"Version\");\n\nif (ver !~ \"^\\d+(\\.\\d+)*$\") audit(AUDIT_NONNUMERIC_VER, app, port, ver);\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nfix = \"0.99.22.2\";\nif (ver_compare(ver:ver, fix:fix, strict:FALSE) >= 0) audit(AUDIT_LISTEN_NOT_VULN, app, port, ver);\n\nfullver = get_kb_item(kb + \"FullVersion\");\nif (isnull(fullver)) fullver = ver;\n\nreport = NULL;\nif (report_verbosity > 0)\n{\n report =\n '\\n Version source : ' + banner +\n '\\n Installed version : ' + fullver +\n '\\n Fixed version : ' + fix +\n '\\n';\n}\nsecurity_warning(port:port, extra:report);\n", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:23:16", "bulletinFamily": "scanner", "description": "The remote Solaris system is missing necessary patches to address security updates :\n\n - Stack-based buffer overflow in the new_msg_lsa_change_notify function in the OSPFD API (ospf_api.c) in Quagga before 0.99.22.2, when\n\n --enable-opaque-lsa and the -a command line option are used, allows remote attackers to cause a denial of service (crash) via a large LSA. (CVE-2013-2236)", "modified": "2018-11-15T00:00:00", "id": "SOLARIS11_QUAGGA_20140721.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=80753", "published": "2015-01-19T00:00:00", "title": "Oracle Solaris Third-Party Patch Update : quagga (cve_2013_2236_buffer_errors)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80753);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/11/15 20:50:25\");\n\n script_cve_id(\"CVE-2013-2236\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : quagga (cve_2013_2236_buffer_errors)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - Stack-based buffer overflow in the\n new_msg_lsa_change_notify function in the OSPFD API\n (ospf_api.c) in Quagga before 0.99.22.2, when\n\n --enable-opaque-lsa and the -a command line option are\n used, allows remote attackers to cause a denial of\n service (crash) via a large LSA. (CVE-2013-2236)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://blogs.oracle.com/sunsecurity/cve-2013-2236-buffer-errors-vulnerability-in-quagga\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11.1.17.5.0.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:quagga\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^quagga$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"quagga\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.1.17.0.5.0\", sru:\"SRU 11.1.17.5.0\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : quagga\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_note(port:0, extra:error_extra);\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"quagga\");\n", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:20:11", "bulletinFamily": "scanner", "description": "Updated quagga packages fix security vulnerability :\n\nRemotely exploitable buffer overflow in ospf_api.c and ospfclient.c when processing LSA messages in quagga before 0.99.22.2 (CVE-2013-2236).\n\nNote: We have worked around this vulnerability by disabling the ospf_api and ospfclient features, which did not provide useful functionality.", "modified": "2018-07-19T00:00:00", "id": "MANDRIVA_MDVSA-2013-254.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=70521", "published": "2013-10-20T00:00:00", "title": "Mandriva Linux Security Advisory : quagga (MDVSA-2013:254)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2013:254. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70521);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/07/19 20:59:18\");\n\n script_cve_id(\"CVE-2013-2236\");\n script_bugtraq_id(60955);\n script_xref(name:\"MDVSA\", value:\"2013:254\");\n\n script_name(english:\"Mandriva Linux Security Advisory : quagga (MDVSA-2013:254)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated quagga packages fix security vulnerability :\n\nRemotely exploitable buffer overflow in ospf_api.c and ospfclient.c\nwhen processing LSA messages in quagga before 0.99.22.2\n(CVE-2013-2236).\n\nNote: We have worked around this vulnerability by disabling the\nospf_api and ospfclient features, which did not provide useful\nfunctionality.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2013-0310.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64quagga-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64quagga0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:quagga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:quagga-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64quagga-devel-0.99.20.1-4.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64quagga0-0.99.20.1-4.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"quagga-0.99.20.1-4.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"quagga-contrib-0.99.20.1-4.2.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:20:33", "bulletinFamily": "scanner", "description": "Fix for CVE-2013-6051\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-05T00:00:00", "id": "FEDORA_2013-23504.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=71638", "published": "2013-12-27T00:00:00", "title": "Fedora 18 : quagga-0.99.21-6.fc18 (2013-23504)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-23504.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71638);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/12/05 20:31:21\");\n\n script_cve_id(\"CVE-2013-6051\");\n script_bugtraq_id(63937);\n script_xref(name:\"FEDORA\", value:\"2013-23504\");\n\n script_name(english:\"Fedora 18 : quagga-0.99.21-6.fc18 (2013-23504)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for CVE-2013-6051\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1043370\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-December/125130.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?15d0954b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected quagga package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:quagga\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"quagga-0.99.21-6.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"quagga\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:20:43", "bulletinFamily": "scanner", "description": "The bgp_attr_unknown function in bgp_attr.c in Quagga 0.99.21 does not properly initialize the total variable, which allows remote attackers to cause a denial of service (bgpd crash) via a crafted BGP update.", "modified": "2018-04-18T00:00:00", "id": "ALA_ALAS-2014-279.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=72297", "published": "2014-02-05T00:00:00", "title": "Amazon Linux AMI : quagga (ALAS-2014-279)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2014-279.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72297);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2013-6051\");\n script_xref(name:\"ALAS\", value:\"2014-279\");\n\n script_name(english:\"Amazon Linux AMI : quagga (ALAS-2014-279)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The bgp_attr_unknown function in bgp_attr.c in Quagga 0.99.21 does not\nproperly initialize the total variable, which allows remote attackers\nto cause a denial of service (bgpd crash) via a crafted BGP update.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2014-279.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update quagga' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:quagga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:quagga-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:quagga-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:quagga-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"quagga-0.99.21-6.12.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"quagga-contrib-0.99.21-6.12.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"quagga-debuginfo-0.99.21-6.12.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"quagga-devel-0.99.21-6.12.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"quagga / quagga-contrib / quagga-debuginfo / quagga-devel\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:20:32", "bulletinFamily": "scanner", "description": "According to its self-reported version number, the installation of Quagga's BGP daemon listening on the remote host is affected by a denial of service vulnerability. This issue exists due to a failure to properly initialize the packet's total size variable in the 'bgp_attr.c' source file. Normal, valid BGP update messages can trigger this issue.", "modified": "2018-11-15T00:00:00", "id": "QUAGGA_0_99_22.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=71536", "published": "2013-12-19T00:00:00", "title": "Quagga 0.99.21 bgp_attr.c BGP Update DoS", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71536);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/11/15 20:50:23\");\n\n script_cve_id(\"CVE-2013-6051\");\n script_bugtraq_id(63937);\n\n script_name(english:\"Quagga 0.99.21 bgp_attr.c BGP Update DoS\");\n script_summary(english:\"Checks the version of Quagga\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote service may be affected by a denial of service\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the installation of\nQuagga's BGP daemon listening on the remote host is affected by a denial\nof service vulnerability. This issue exists due to a failure to\nproperly initialize the packet's total size variable in the 'bgp_attr.c'\nsource file. Normal, valid BGP update messages can trigger this\nissue.\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to version 0.99.22 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"see_also\", value:\"https://savannah.nongnu.org/forum/forum.php?forum_id=7501\");\n # http://savannah.spinellicreations.com//quagga/quagga-0.99.22.changelog.txt\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?11e41901\");\n # http://git.savannah.gnu.org/gitweb/?p=quagga.git;a=commitdiff;h=8794e8d229dc9fe29ea31424883433d4880ef408\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d4828438\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730513\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/11/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/19\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:quagga:quagga\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"quagga_zebra_detect.nasl\");\n script_require_keys(\"Quagga/Installed\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\napp = \"Quagga Zebra\";\nkb = \"Quagga/\";\n\nport = get_kb_item_or_exit(kb + \"Installed\");\n\nkb += port + \"/\";\nbanner = get_kb_item_or_exit(kb + \"Banner\");\nver = get_kb_item_or_exit(kb + \"Version\");\n\nif (ver !~ \"^\\d+(\\.\\d+)*$\") audit(AUDIT_NONNUMERIC_VER, app, port, ver);\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nif (ver == \"0.99.21\")\n{\n fix = \"0.99.22\";\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : ' + banner +\n '\\n Installed version : ' + ver +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_note(port:port, extra:report);\n }\n else security_note(port);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, app, port, ver);\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:20:03", "bulletinFamily": "scanner", "description": "This update of quagga fixes two security issues :\n\n - specially crafted OSPF packets could have caused the routing table to be erased. (bnc#822572).\n (CVE-2013-0149)\n\n - local network stack overflow (bnc#828117).\n (CVE-2013-2236)", "modified": "2014-10-21T00:00:00", "id": "SUSE_11_QUAGGA-130822.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=70020", "published": "2013-09-20T00:00:00", "title": "SuSE 11.2 / 11.3 Security Update : quagga (SAT Patch Numbers 8234 / 8235)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70020);\n script_version(\"$Revision: 1.7 $\");\n script_cvs_date(\"$Date: 2014/10/21 15:11:22 $\");\n\n script_cve_id(\"CVE-2013-0149\", \"CVE-2013-2236\");\n\n script_name(english:\"SuSE 11.2 / 11.3 Security Update : quagga (SAT Patch Numbers 8234 / 8235)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of quagga fixes two security issues :\n\n - specially crafted OSPF packets could have caused the\n routing table to be erased. (bnc#822572).\n (CVE-2013-0149)\n\n - local network stack overflow (bnc#828117).\n (CVE-2013-2236)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=822572\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=828117\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0149.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2236.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 8234 / 8235 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:quagga\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/08/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"quagga-0.99.15-0.14.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"quagga-0.99.15-0.14.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:26:34", "bulletinFamily": "scanner", "description": "Kostya Kortchinsky discovered that Quagga incorrectly handled certain route data when configured with BGP peers enabled for VPNv4. A remote attacker could use this issue to cause Quagga to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-2342)\n\nIt was discovered that Quagga incorrectly handled messages with a large LSA when used in certain configurations. A remote attacker could use this issue to cause Quagga to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. (CVE-2013-2236).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-01T00:00:00", "id": "UBUNTU_USN-2941-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=90188", "published": "2016-03-25T00:00:00", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : quagga vulnerabilities (USN-2941-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2941-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90188);\n script_version(\"2.7\");\n script_cvs_date(\"Date: 2018/12/01 15:12:40\");\n\n script_cve_id(\"CVE-2013-2236\", \"CVE-2016-2342\");\n script_xref(name:\"USN\", value:\"2941-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : quagga vulnerabilities (USN-2941-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Kostya Kortchinsky discovered that Quagga incorrectly handled certain\nroute data when configured with BGP peers enabled for VPNv4. A remote\nattacker could use this issue to cause Quagga to crash, resulting in a\ndenial of service, or possibly execute arbitrary code. (CVE-2016-2342)\n\nIt was discovered that Quagga incorrectly handled messages with a\nlarge LSA when used in certain configurations. A remote attacker could\nuse this issue to cause Quagga to crash, resulting in a denial of\nservice. This issue only affected Ubuntu 12.04 LTS. (CVE-2013-2236).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2941-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected quagga package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:quagga\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(12\\.04|14\\.04|15\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 15.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"quagga\", pkgver:\"0.99.20.1-0ubuntu0.12.04.4\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"quagga\", pkgver:\"0.99.22.4-3ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"quagga\", pkgver:\"0.99.24.1-2ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"quagga\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:29:52", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2017:0794 :\n\nAn update for quagga is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe quagga packages contain Quagga, the free network-routing software suite that manages TCP/IP based protocols. Quagga supports the BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng protocols, and is intended to be used as a Route Server and Route Reflector.\n\nSecurity Fix(es) :\n\n* A stack-based buffer overflow flaw was found in the way Quagga handled IPv6 router advertisement messages. A remote attacker could use this flaw to crash the zebra daemon resulting in denial of service. (CVE-2016-1245)\n\n* A stack-based buffer overflow flaw was found in the way the Quagga BGP routing daemon (bgpd) handled Labeled-VPN SAFI routes data. A remote attacker could use this flaw to crash the bgpd daemon resulting in denial of service. (CVE-2016-2342)\n\n* A denial of service flaw was found in the Quagga BGP routing daemon (bgpd). Under certain circumstances, a remote attacker could send a crafted packet to crash the bgpd daemon resulting in denial of service. (CVE-2016-4049)\n\n* A denial of service flaw affecting various daemons in Quagga was found. A remote attacker could use this flaw to cause the various Quagga daemons, which expose their telnet interface, to crash.\n(CVE-2017-5495)\n\n* A stack-based buffer overflow flaw was found in the way the Quagga OSPFD daemon handled LSA (link-state advertisement) packets. A remote attacker could use this flaw to crash the ospfd daemon resulting in denial of service. (CVE-2013-2236)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section.", "modified": "2018-07-24T00:00:00", "id": "ORACLELINUX_ELSA-2017-0794.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=99073", "published": "2017-03-30T00:00:00", "title": "Oracle Linux 6 : quagga (ELSA-2017-0794)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2017:0794 and \n# Oracle Linux Security Advisory ELSA-2017-0794 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99073);\n script_version(\"3.2\");\n script_cvs_date(\"Date: 2018/07/24 18:56:12\");\n\n script_cve_id(\"CVE-2013-2236\", \"CVE-2016-1245\", \"CVE-2016-2342\", \"CVE-2016-4049\", \"CVE-2017-5495\");\n script_xref(name:\"RHSA\", value:\"2017:0794\");\n\n script_name(english:\"Oracle Linux 6 : quagga (ELSA-2017-0794)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2017:0794 :\n\nAn update for quagga is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe quagga packages contain Quagga, the free network-routing software\nsuite that manages TCP/IP based protocols. Quagga supports the BGP4,\nBGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng protocols, and is\nintended to be used as a Route Server and Route Reflector.\n\nSecurity Fix(es) :\n\n* A stack-based buffer overflow flaw was found in the way Quagga\nhandled IPv6 router advertisement messages. A remote attacker could\nuse this flaw to crash the zebra daemon resulting in denial of\nservice. (CVE-2016-1245)\n\n* A stack-based buffer overflow flaw was found in the way the Quagga\nBGP routing daemon (bgpd) handled Labeled-VPN SAFI routes data. A\nremote attacker could use this flaw to crash the bgpd daemon resulting\nin denial of service. (CVE-2016-2342)\n\n* A denial of service flaw was found in the Quagga BGP routing daemon\n(bgpd). Under certain circumstances, a remote attacker could send a\ncrafted packet to crash the bgpd daemon resulting in denial of\nservice. (CVE-2016-4049)\n\n* A denial of service flaw affecting various daemons in Quagga was\nfound. A remote attacker could use this flaw to cause the various\nQuagga daemons, which expose their telnet interface, to crash.\n(CVE-2017-5495)\n\n* A stack-based buffer overflow flaw was found in the way the Quagga\nOSPFD daemon handled LSA (link-state advertisement) packets. A remote\nattacker could use this flaw to crash the ospfd daemon resulting in\ndenial of service. (CVE-2013-2236)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9\nTechnical Notes linked from the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-March/006802.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected quagga packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:quagga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:quagga-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:quagga-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"quagga-0.99.15-14.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"quagga-contrib-0.99.15-14.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"quagga-devel-0.99.15-14.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"quagga / quagga-contrib / quagga-devel\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "amazon": [{"lastseen": "2018-10-02T16:55:17", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nThe bgp_attr_unknown function in bgp_attr.c in Quagga 0.99.21 does not properly initialize the total variable, which allows remote attackers to cause a denial of service (bgpd crash) via a crafted BGP update.\n\n \n**Affected Packages:** \n\n\nquagga\n\n \n**Issue Correction:** \nRun _yum update quagga_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n quagga-devel-0.99.21-6.12.amzn1.i686 \n quagga-contrib-0.99.21-6.12.amzn1.i686 \n quagga-0.99.21-6.12.amzn1.i686 \n quagga-debuginfo-0.99.21-6.12.amzn1.i686 \n \n src: \n quagga-0.99.21-6.12.amzn1.src \n \n x86_64: \n quagga-contrib-0.99.21-6.12.amzn1.x86_64 \n quagga-0.99.21-6.12.amzn1.x86_64 \n quagga-debuginfo-0.99.21-6.12.amzn1.x86_64 \n quagga-devel-0.99.21-6.12.amzn1.x86_64 \n \n \n", "modified": "2014-09-16T22:19:00", "published": "2014-09-16T22:19:00", "id": "ALAS-2014-279", "href": "https://alas.aws.amazon.com/ALAS-2014-279.html", "title": "Medium: quagga", "type": "amazon", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:10:19", "bulletinFamily": "unix", "description": "Kostya Kortchinsky discovered that Quagga incorrectly handled certain route data when configured with BGP peers enabled for VPNv4. A remote attacker could use this issue to cause Quagga to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-2342)\n\nIt was discovered that Quagga incorrectly handled messages with a large LSA when used in certain configurations. A remote attacker could use this issue to cause Quagga to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. (CVE-2013-2236)", "modified": "2016-03-24T00:00:00", "published": "2016-03-24T00:00:00", "id": "USN-2941-1", "href": "https://usn.ubuntu.com/2941-1/", "title": "Quagga vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:22", "bulletinFamily": "unix", "description": "### Background\n\nQuagga is a free routing daemon replacing Zebra supporting RIP, OSPF and BGP. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Quagga. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker may be able to cause arbitrary code execution or a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Quagga users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/quagga-0.99.22.4\"", "modified": "2013-10-10T00:00:00", "published": "2013-10-10T00:00:00", "id": "GLSA-201310-08", "href": "https://security.gentoo.org/glsa/201310-08", "type": "gentoo", "title": "Quagga: Multiple vulnerabilities", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-12-11T19:40:52", "bulletinFamily": "unix", "description": "The quagga packages contain Quagga, the free network-routing software suite that manages TCP/IP based protocols. Quagga supports the BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng protocols, and is intended to be used as a Route Server and Route Reflector.\n\nSecurity Fix(es):\n\n* A stack-based buffer overflow flaw was found in the way Quagga handled IPv6 router advertisement messages. A remote attacker could use this flaw to crash the zebra daemon resulting in denial of service. (CVE-2016-1245)\n\n* A stack-based buffer overflow flaw was found in the way the Quagga BGP routing daemon (bgpd) handled Labeled-VPN SAFI routes data. A remote attacker could use this flaw to crash the bgpd daemon resulting in denial of service. (CVE-2016-2342)\n\n* A denial of service flaw was found in the Quagga BGP routing daemon (bgpd). Under certain circumstances, a remote attacker could send a crafted packet to crash the bgpd daemon resulting in denial of service. (CVE-2016-4049)\n\n* A denial of service flaw affecting various daemons in Quagga was found. A remote attacker could use this flaw to cause the various Quagga daemons, which expose their telnet interface, to crash. (CVE-2017-5495)\n\n* A stack-based buffer overflow flaw was found in the way the Quagga OSPFD daemon handled LSA (link-state advertisement) packets. A remote attacker could use this flaw to crash the ospfd daemon resulting in denial of service. (CVE-2013-2236)\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section.", "modified": "2018-06-07T18:23:16", "published": "2017-03-21T10:17:51", "id": "RHSA-2017:0794", "href": "https://access.redhat.com/errata/RHSA-2017:0794", "type": "redhat", "title": "(RHSA-2017:0794) Moderate: quagga security and bug fix update", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-03T18:26:31", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2017:0794\n\n\nThe quagga packages contain Quagga, the free network-routing software suite that manages TCP/IP based protocols. Quagga supports the BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng protocols, and is intended to be used as a Route Server and Route Reflector.\n\nSecurity Fix(es):\n\n* A stack-based buffer overflow flaw was found in the way Quagga handled IPv6 router advertisement messages. A remote attacker could use this flaw to crash the zebra daemon resulting in denial of service. (CVE-2016-1245)\n\n* A stack-based buffer overflow flaw was found in the way the Quagga BGP routing daemon (bgpd) handled Labeled-VPN SAFI routes data. A remote attacker could use this flaw to crash the bgpd daemon resulting in denial of service. (CVE-2016-2342)\n\n* A denial of service flaw was found in the Quagga BGP routing daemon (bgpd). Under certain circumstances, a remote attacker could send a crafted packet to crash the bgpd daemon resulting in denial of service. (CVE-2016-4049)\n\n* A denial of service flaw affecting various daemons in Quagga was found. A remote attacker could use this flaw to cause the various Quagga daemons, which expose their telnet interface, to crash. (CVE-2017-5495)\n\n* A stack-based buffer overflow flaw was found in the way the Quagga OSPFD daemon handled LSA (link-state advertisement) packets. A remote attacker could use this flaw to crash the ospfd daemon resulting in denial of service. (CVE-2013-2236)\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2017-March/003917.html\n\n**Affected packages:**\nquagga\nquagga-contrib\nquagga-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2017-0794.html", "modified": "2017-03-24T15:42:29", "published": "2017-03-24T15:42:29", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2017-March/003917.html", "id": "CESA-2017:0794", "title": "quagga security update", "type": "centos", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:49:23", "bulletinFamily": "unix", "description": "[0.99.15-14]\n- Resolves: #1416013 - CVE-2017-5495 quagga: Telnet interface input buffer allocates unbounded amounts of memory\n[0.99.15-13]\n- fix path of ripd pid file (#842308)\n[0.99.15-12]\n- fix start() function in watchqugga initscript (#862826, #1208617)\n[0.99.15-11]\n- fix for CVE-2013-2236 (#1391918)\n- fix for CVE-2016-1245 (#1391914)\n- fix for CVE-2016-2342 (#1391916)\n- fix for CVE-2016-4049 (#1391919)\n[0.99.15-11]\n- ospf6d: Fix crash when '[no] ipv6 ospf6 advertise prefix-list' is in startup-config (#770731)\n[0.99.15-10]\n- add watchquagga initscript (#862826, #1208617)\n- remove pidfile when service is stopped (#842308)\n- use QCONFDIR correctly in initscripts (#839620)\n- include watchquagga and ospfclient manpages (#674862)\n[0.99.15-9]\n- improve fix for CVE-2011-3325\n[0.99.15-8]\n- fix CVE-2011-3323\n- fix CVE-2011-3324\n- fix CVE-2011-3325\n- fix CVE-2011-3326\n- fix CVE-2011-3327\n- fix CVE-2012-0255\n- fix CVE-2012-0249 and CVE-2012-0250\n- fix CVE-2012-1820", "modified": "2017-03-27T00:00:00", "published": "2017-03-27T00:00:00", "id": "ELSA-2017-0794", "href": "http://linux.oracle.com/errata/ELSA-2017-0794.html", "title": "quagga security and bug fix update", "type": "oraclelinux", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}]}
