Quagga vulnerabilities

2010-12-0700:00:00

ubuntu.com

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.182 Low

EPSS

Percentile

96.2%

JSON

Releases

Ubuntu 10.04
Ubuntu 9.10
Ubuntu 8.04
Ubuntu 6.06

Packages

quagga -

Details

It was discovered that Quagga incorrectly handled certain Outbound Route
Filtering (ORF) records. A remote authenticated attacker could use this
flaw to cause a denial of service or potentially execute arbitrary code.
The default compiler options for Ubuntu 8.04 LTS and later should reduce
the vulnerability to a denial of service. (CVE-2010-2948)

It was discovered that Quagga incorrectly parsed certain AS paths. A remote
attacker could use this flaw to cause Quagga to crash, resulting in a
denial of service. (CVE-2010-2949)

OSVersionArchitecturePackageVersionFilename
Ubuntu9.10noarchquagga< 0.99.13-1ubuntu0.1UNKNOWN
Ubuntu8.04noarchquagga< 0.99.9-2ubuntu1.4UNKNOWN
Ubuntu6.06noarchquagga< 0.99.2-1ubuntu3.7UNKNOWN
Ubuntu10.04noarchquagga< 0.99.15-1ubuntu0.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	9.10	noarch	quagga	< 0.99.13-1ubuntu0.1	UNKNOWN
Ubuntu	8.04	noarch	quagga	< 0.99.9-2ubuntu1.4	UNKNOWN
Ubuntu	6.06	noarch	quagga	< 0.99.2-1ubuntu3.7	UNKNOWN
Ubuntu	10.04	noarch	quagga	< 0.99.15-1ubuntu0.1	UNKNOWN