CVE-2011-3323
published 2011-10-10CVE-2011-3323: The OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a denial of service (out-of-bounds memory access and daemon…
PriorityP424medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
4.67%
90.6th percentile
The OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a denial of service (out-of-bounds memory access and daemon crash) via a Link State Update message with an invalid IPv6 prefix length.
Affected
38 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| quagga | quagga | <= 0.99.18 | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_redhat5.0MEDIUM
vendor_ubuntu5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Quagga vulnerabilities
vendor_ubuntu·2011-11-14·CVSS 5.0
CVE-2011-3325 [MEDIUM] Quagga vulnerabilities
Title: Quagga vulnerabilities
Summary: Quagga could be made to crash or run programs if it received specially
crafted network traffic.
Riku Hietamäki, Tuomo Untinen and Jukka Taimisto discovered that Quagga
incorrectly handled Link State Update messages with invalid lengths. A
remote attacker could use this flaw to cause Quagga to crash, resulting in
a denial of service. (CVE-2011-3323)
Riku Hietamäki, Tuomo Untinen and Jukka Taimisto discovered that Quagga
incorrectly handled certain IPv6 Database Description messages. A remote
attacker could use this flaw to cause Quagga to crash, resulting in a
denial of service. (CVE-2011-3324)
Riku Hietamäki, Tuomo Untinen and Jukka Taimisto discovered that Quagga
incorrectly handled certain IPv4 packets. A remote attacker could use this
flaw to c
Red Hat
(ospf6d): Stack-based buffer overflow while decoding Link State Update packet with malformed Inter Area Prefix LSA
vendor_redhat·2011-09-26·CVSS 5.0
CVE-2011-3323 [MEDIUM] CWE-121 (ospf6d): Stack-based buffer overflow while decoding Link State Update packet with malformed Inter Area Prefix LSA
(ospf6d): Stack-based buffer overflow while decoding Link State Update packet with malformed Inter Area Prefix LSA
The OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a denial of service (out-of-bounds memory access and daemon crash) via a Link State Update message with an invalid IPv6 prefix length.
Package: quagga (Red Hat Enterprise Linux 4) - Affected
GHSA
GHSA-rj3r-354g-32cw: The OSPFv3 implementation in ospf6d in Quagga before 0
ghsa_unreviewed·2022-05-14
CVE-2011-3323 [MEDIUM] CWE-119 GHSA-rj3r-354g-32cw: The OSPFv3 implementation in ospf6d in Quagga before 0
The OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a denial of service (out-of-bounds memory access and daemon crash) via a Link State Update message with an invalid IPv6 prefix length.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2011-3323 CVE-2011-3324 CVE-2011-3325 CVE-2011-3326 CVE-2011-3327 quagga various flaws [fedora-all]
bugzilla·2011-09-26·CVSS 5.0
CVE-2011-3323 [MEDIUM] CVE-2011-3323 CVE-2011-3324 CVE-2011-3325 CVE-2011-3326 CVE-2011-3327 quagga various flaws [fedora-all]
CVE-2011-3323 CVE-2011-3324 CVE-2011-3325 CVE-2011-3326 CVE-2011-3327 quagga various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=738393
Please note
Bugzilla
CVE-2011-3323 Quagga (ospf6d): Stack-based buffer overflow while decoding Link State Update packet with malformed Inter Area Prefix LSA
bugzilla·2011-09-14·CVSS 5.0
CVE-2011-3323 [MEDIUM] CVE-2011-3323 Quagga (ospf6d): Stack-based buffer overflow while decoding Link State Update packet with malformed Inter Area Prefix LSA
CVE-2011-3323 Quagga (ospf6d): Stack-based buffer overflow while decoding Link State Update packet with malformed Inter Area Prefix LSA
A stack-based buffer overflow flaw was found in the way the ospf6d daemon of the Quagga routing suite processed certain Link State Update packets with malformed Inter Area Prefix Link-State-Advertisement (LSA). A configured OSPF peer, could use this flaw to the master OSPF daemon (ospf6d) to crash, or, potentially execute arbitrary code with the privileges of the user running the ospf6d via specially-crafted OSPF Link State Update packet.
Discussion:
This issue affects the versions of the quagga package, as shipped with Red Hat Enterprise Linux 4, 5, and 6.
--
This issue affects the versions of the quagga package, as shipped with Fedora release of 14
http://code.quagga.net/?p=quagga.git%3Ba=commit%3Bh=abc7ef44ca05493500865ce81f7b84f5c4eb6594http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00027.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-10/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-10/msg00010.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1258.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1259.htmlhttp://secunia.com/advisories/46139http://secunia.com/advisories/46274http://secunia.com/advisories/48106http://security.gentoo.org/glsa/glsa-201202-02.xmlhttp://www.debian.org/security/2011/dsa-2316http://www.kb.cert.org/vuls/id/668534http://www.quagga.net/download/quagga-0.99.19.changelog.txthttps://www.cert.fi/en/reports/2011/vulnerability539178.htmlhttp://code.quagga.net/?p=quagga.git%3Ba=commit%3Bh=abc7ef44ca05493500865ce81f7b84f5c4eb6594http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00027.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-10/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-10/msg00010.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1258.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1259.htmlhttp://secunia.com/advisories/46139http://secunia.com/advisories/46274http://secunia.com/advisories/48106http://security.gentoo.org/glsa/glsa-201202-02.xmlhttp://www.debian.org/security/2011/dsa-2316http://www.kb.cert.org/vuls/id/668534http://www.quagga.net/download/quagga-0.99.19.changelog.txthttps://www.cert.fi/en/reports/2011/vulnerability539178.html
2011-10-10
Published