CVE-2016-1245
published 2017-02-22CVE-2016-1245: It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery…
PriorityP352critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
3.66%
88.2th percentile
It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size; however, BUFSIZ is system-dependent.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| quagga | quagga | <= 1.0.20160315 | — |
| quagga | quagga | >= 0 < 0.99.22.4-3ubuntu1.3 | 0.99.22.4-3ubuntu1.3 |
| quagga | quagga | >= 0 < 0.99.24.1-2ubuntu1.2 | 0.99.24.1-2ubuntu1.2 |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-578j-w5r9-87q8: It was discovered that the zebra daemon in Quagga before 1
ghsa_unreviewed·2022-05-14
CVE-2016-1245 [CRITICAL] CWE-119 GHSA-578j-w5r9-87q8: It was discovered that the zebra daemon in Quagga before 1
It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size; however, BUFSIZ is system-dependent.
OSV
CVE-2016-1245: It was discovered that the zebra daemon in Quagga before 1
osv·2016-10-18·CVSS 9.8
CVE-2016-1245 [CRITICAL] CVE-2016-1245: It was discovered that the zebra daemon in Quagga before 1
It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size; however, BUFSIZ is system-dependent.
Ubuntu
Quagga vulnerability
vendor_ubuntu·2016-10-25
CVE-2016-1245 Quagga vulnerability
Title: Quagga vulnerability
Summary: Quagga could be made to crash if it received specially crafted network
traffic.
David Lamparter discovered that Quagga incorrectly handled certain IPv6
router advertisements. A remote attacker could possibly use this issue to
cause Quagga to crash, resulting in a denial of service.
Instructions: After a standard system update you need to restart Quagga to make all the
necessary changes.
Red Hat
quagga: Buffer Overflow in IPv6 RA handling
vendor_redhat·2016-10-18·CVSS 9.8
CVE-2016-1245 [CRITICAL] CWE-121 quagga: Buffer Overflow in IPv6 RA handling
quagga: Buffer Overflow in IPv6 RA handling
It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size; however, BUFSIZ is system-dependent.
A stack-based buffer overflow flaw was found in the way Quagga handled IPv6 router advertisement messages. A remote attacker could use this flaw to crash the zebra daemon resulting in denial of service.
Package: quagga (Red Hat Enterprise Linux 5) - Will not fix
Package: quagga (Red Hat Enterprise Linux 7) - Will not fix
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2016-1245 quagga: Buffer Overflow in IPv6 RA handling
bugzilla·2016-10-18·CVSS 9.8
CVE-2016-1245 [CRITICAL] CVE-2016-1245 quagga: Buffer Overflow in IPv6 RA handling
CVE-2016-1245 quagga: Buffer Overflow in IPv6 RA handling
A buffer overflow exists in the IPv6 (Router Advertisement) code in Zebra. The issue can be triggered on an IPv6 address where the Quagga daemon is reachable by a RA (Router Advertisement or IPv6 ICMP message. The issue leads to a crash of the zebra daemon. In specific circumstances this vulnerability may allow remote code execution.
Upstream patch:
https://github.com/Quagga/quagga/commit/cfb1fae25f8c092e0d17073eaf7bd428ce1cd546
References:
http://www.gossamer-threads.com/lists/quagga/users/31952
Workarounds:
Disable IPv6 neighbor discovery announcements on all interfaces ("ipv6 nd suppress-ra" configured under all interfaces). Make sure to have it disabled on ALL interfaces.
Discussion:
Created quagga tracking bugs for thi
Bugzilla
CVE-2016-1245 quagga: Buffer Overflow in IPv6 RA handling [fedora-all]
bugzilla·2016-10-18·CVSS 9.8
CVE-2016-1245 [CRITICAL] CVE-2016-1245 quagga: Buffer Overflow in IPv6 RA handling [fedora-all]
CVE-2016-1245 quagga: Buffer Overflow in IPv6 RA handling [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora.
Bugzilla
CVE-2016-2316 asterisk: File descriptor exhaustion in chan_sip (AST-2016-002)
bugzilla·2016-02-04·CVSS 5.9
CVE-2016-2316 [MEDIUM] CVE-2016-2316 asterisk: File descriptor exhaustion in chan_sip (AST-2016-002)
CVE-2016-2316 asterisk: File descriptor exhaustion in chan_sip (AST-2016-002)
It was reported that setting the sip.conf timert1 value to a value higher than 1245 can cause an integer overflow and result in large retransmit timeout times. These large timeout values hold system file descriptors hostage and can cause the system to run out of file descriptors.
External Reference:
http://downloads.asterisk.org/pub/security/AST-2016-002.html
http://seclists.org/bugtraq/2016/Feb/28
Discussion:
Created asterisk tracking bugs for this issue:
Affects: fedora-all [bug 1304671]
Affects: epel-6 [bug 1304672]
---
I've updated Rawhide to upstream release 13.7.1, which corrects this issue (as well as two other reported security issues).
Once the build finishes in Rawhide, I'll push to f23 and f22
http://rhn.redhat.com/errata/RHSA-2017-0794.htmlhttp://www.gossamer-threads.com/lists/quagga/users/31952http://www.securityfocus.com/bid/93775https://bugzilla.redhat.com/show_bug.cgi?id=1386109https://github.com/Quagga/quagga/commit/cfb1fae25f8c092e0d17073eaf7bd428ce1cd546https://security.gentoo.org/glsa/201701-48https://www.debian.org/security/2016/dsa-3695http://rhn.redhat.com/errata/RHSA-2017-0794.htmlhttp://www.gossamer-threads.com/lists/quagga/users/31952http://www.securityfocus.com/bid/93775https://bugzilla.redhat.com/show_bug.cgi?id=1386109https://github.com/Quagga/quagga/commit/cfb1fae25f8c092e0d17073eaf7bd428ce1cd546https://security.gentoo.org/glsa/201701-48https://www.debian.org/security/2016/dsa-3695
2017-02-22
Published