CVE-2010-2948
published 2010-09-10CVE-2010-2948: Stack-based buffer overflow in the bgp_route_refresh_receive function in bgp_packet.c in bgpd in Quagga before 0.99.17 allows remote authenticated users to…
PriorityP334medium6.5CVSS 2.0
AVNACLAuSCPIPAP
EPSS
4.04%
89.3th percentile
Stack-based buffer overflow in the bgp_route_refresh_receive function in bgp_packet.c in bgpd in Quagga before 0.99.17 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a malformed Outbound Route Filtering (ORF) record in a BGP ROUTE-REFRESH (RR) message.
Affected
36 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| quagga | quagga | <= 0.99.16 | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
CVSS provenance
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
vendor_redhat6.5MEDIUM
vendor_ubuntu6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-q48q-864h-7c7w: Stack-based buffer overflow in the bgp_route_refresh_receive function in bgp_packet
ghsa_unreviewed·2022-05-14
CVE-2010-2948 [MEDIUM] CWE-119 GHSA-q48q-864h-7c7w: Stack-based buffer overflow in the bgp_route_refresh_receive function in bgp_packet
Stack-based buffer overflow in the bgp_route_refresh_receive function in bgp_packet.c in bgpd in Quagga before 0.99.17 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a malformed Outbound Route Filtering (ORF) record in a BGP ROUTE-REFRESH (RR) message.
Ubuntu
Quagga vulnerabilities
vendor_ubuntu·2010-12-07·CVSS 6.5
CVE-2010-2948 [MEDIUM] Quagga vulnerabilities
Title: Quagga vulnerabilities
It was discovered that Quagga incorrectly handled certain Outbound Route
Filtering (ORF) records. A remote authenticated attacker could use this
flaw to cause a denial of service or potentially execute arbitrary code.
The default compiler options for Ubuntu 8.04 LTS and later should reduce
the vulnerability to a denial of service. (CVE-2010-2948)
It was discovered that Quagga incorrectly parsed certain AS paths. A remote
attacker could use this flaw to cause Quagga to crash, resulting in a
denial of service. (CVE-2010-2949)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
(bgpd): Stack buffer overflow by processing certain Route-Refresh messages
vendor_redhat·2010-08-19·CVSS 6.5
CVE-2010-2948 [MEDIUM] CWE-121 (bgpd): Stack buffer overflow by processing certain Route-Refresh messages
(bgpd): Stack buffer overflow by processing certain Route-Refresh messages
Stack-based buffer overflow in the bgp_route_refresh_receive function in bgp_packet.c in bgpd in Quagga before 0.99.17 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a malformed Outbound Route Filtering (ORF) record in a BGP ROUTE-REFRESH (RR) message.
Statement: This issue is not planned to be fixed in Red Hat Enterprise Linux 3
due to this product being in Production 3 of its maintenance
life-cycle, where only qualified security errata of important and
critical impact are addressed.
For further information about the Errata Support Policy, visit:
http://www.redhat.com/security/updates/errata
A future update in Red Hat Enterprise Linux 4 and
Red
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2010-2948 CVE-2010-2949 quagga various flaws [fedora-all]
bugzilla·2010-08-31·CVSS 6.5
CVE-2010-2948 [MEDIUM] CVE-2010-2948 CVE-2010-2949 quagga various flaws [fedora-all]
CVE-2010-2948 CVE-2010-2949 quagga various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=626783
Please note: this issue affects multiple supported ve
Bugzilla
CVE-2010-2948 Quagga (bgpd): Stack buffer overflow by processing certain Route-Refresh messages
bugzilla·2010-08-24·CVSS 6.5
CVE-2010-2948 [MEDIUM] CVE-2010-2948 Quagga (bgpd): Stack buffer overflow by processing certain Route-Refresh messages
CVE-2010-2948 Quagga (bgpd): Stack buffer overflow by processing certain Route-Refresh messages
A stack buffer overflow flaw was found in the way Quagga's bgpd daemon
processed Route-Refresh messages. A configured Border Gateway Protocol
(BGP) peer could send a Route-Refresh message with specially-crafted
Outbound Route Filtering (ORF) record, which would cause the master BGP
daemon (bgpd) to crash or, possibly, execute arbitrary code with the
privileges of the user running bgpd.
Upstream changeset:
[1] http://code.quagga.net/?p=quagga.git;a=commit;h=d64379e8f3c0636df53ed08d5b2f1946cfedd0e3
References:
[2] http://www.quagga.net/news2.php?y=2010&m=8&d=19#id1282241100
CVE request:
[3] http://www.openwall.com/lists/oss-security/2010/08/24/3
Discussion:
This issue affects the versions of
http://code.quagga.net/?p=quagga.git%3Ba=commit%3Bh=d64379e8f3c0636df53ed08d5b2f1946cfedd0e3http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.htmlhttp://secunia.com/advisories/41038http://secunia.com/advisories/41238http://secunia.com/advisories/42397http://secunia.com/advisories/42446http://secunia.com/advisories/42498http://secunia.com/advisories/48106http://security.gentoo.org/glsa/glsa-201202-02.xmlhttp://www.debian.org/security/2010/dsa-2104http://www.mandriva.com/security/advisories?name=MDVSA-2010:174http://www.openwall.com/lists/oss-security/2010/08/24/3http://www.openwall.com/lists/oss-security/2010/08/25/4http://www.quagga.net/news2.php?y=2010&m=8&d=19http://www.redhat.com/support/errata/RHSA-2010-0785.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0945.htmlhttp://www.securityfocus.com/bid/42635http://www.ubuntu.com/usn/USN-1027-1http://www.vupen.com/english/advisories/2010/2304http://www.vupen.com/english/advisories/2010/3097http://www.vupen.com/english/advisories/2010/3124https://bugzilla.redhat.com/show_bug.cgi?id=626783http://code.quagga.net/?p=quagga.git%3Ba=commit%3Bh=d64379e8f3c0636df53ed08d5b2f1946cfedd0e3http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.htmlhttp://secunia.com/advisories/41038http://secunia.com/advisories/41238http://secunia.com/advisories/42397http://secunia.com/advisories/42446http://secunia.com/advisories/42498http://secunia.com/advisories/48106http://security.gentoo.org/glsa/glsa-201202-02.xmlhttp://www.debian.org/security/2010/dsa-2104http://www.mandriva.com/security/advisories?name=MDVSA-2010:174http://www.openwall.com/lists/oss-security/2010/08/24/3http://www.openwall.com/lists/oss-security/2010/08/25/4http://www.quagga.net/news2.php?y=2010&m=8&d=19http://www.redhat.com/support/errata/RHSA-2010-0785.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0945.htmlhttp://www.securityfocus.com/bid/42635http://www.ubuntu.com/usn/USN-1027-1http://www.vupen.com/english/advisories/2010/2304http://www.vupen.com/english/advisories/2010/3097http://www.vupen.com/english/advisories/2010/3124https://bugzilla.redhat.com/show_bug.cgi?id=626783
2010-09-10
Published