漏洞类别:RedHat
漏洞等级: 
漏洞信息
The quagga packages contain Quagga, the free network-routing software suite that manages TCP/IP based protocols.
A stack-based buffer overflow flaw was found in the way Quagga handled IPv6 router advertisement messages. A remote attacker could use this flaw to crash the zebra daemon resulting in denial of service. (CVE-2016-1245)
A stack-based buffer overflow flaw was found in the way the Quagga BGP routing daemon (bgpd) handled Labeled-VPN SAFI routes data. A remote attacker could use this flaw to crash the bgpd daemon resulting in denial of service. (CVE-2016-2342)
A denial of service flaw was found in the Quagga BGP routing daemon (bgpd). Under certain circumstances, a remote attacker could send a crafted packet to crash the bgpd daemon resulting in denial of service. (CVE-2016-4049)
A denial of service flaw affecting various daemons in Quagga was found. A remote attacker could use this flaw to cause the various Quagga daemons, which expose their telnet interface, to crash. (CVE-2017-5495)
A stack-based buffer overflow flaw was found in the way the Quagga OSPFD daemon handled LSA (link-state advertisement) packets. A remote attacker could use this flaw to crash the ospfd daemon resulting in denial of service. (CVE-2013-2236)
漏洞危害
A remote attacker could use this flaw to crash the zebra daemon resulting in denial of service. (CVE-2016-1245)
A remote attacker could use this flaw to crash the bgpd daemon resulting in denial of service. (CVE-2016-2342)
A remote attacker could send a crafted packet to crash the bgpd daemon resulting in denial of service. (CVE-2016-4049)
A remote attacker could use this flaw to cause the various Quagga daemons, which expose their telnet interface, to crash. (CVE-2017-5495)
A remote attacker could use this flaw to crash the ospfd daemon resulting in denial of service. (CVE-2013-2236)
解决方案
Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.
Refer to Red Hat security advisory RHSA-2017:0794 to address this issue and obtain more information.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论