Otkriven je sigurnosni propust u programskom paketu quagga kojeg udaljeni napadači mogu iskoristiti za DoS napad i pokretanje proizvoljnog programskog koda.
Paket:
quagga 0.x
Operacijski sustavi:
SUSE 10, SUSE 11, SUSE Linux Enterprise Desktop 10, SUSE Linux Enterprise Desktop 11, SUSE Linux Enterprise Server (SLES) 9, SUSE Linux Enterprise Server (SLES) 10, SUSE Linux Enterprise Server (SLES) 11
Kritičnost:
6.5
Problem:
neodgovarajuća provjera ulaznih podataka, pogreška u programskoj funkciji, preljev međuspremnika
Propusti su otkriveni u funkcijama "ospf6_lsa_is_changed" i "ecommunity_ecom2str" te u datotekama "ospf_packet.c" i "ospf_flood.c". Neki od propusta se očituju kao preljev međuspremnika.
Posljedica:
Udaljeni napadač može iskoristiti spomenute nedostatke slanjem posebno oblikovanih mrežnih paketa čime dobiva mogućnost izvođenja DoS napada ili pokretanja proizvoljnog programskog koda.
Rješenje:
Svim korisnicima se savjetuje korištenje programske nadogradnje koja otklanja opisane propuste.
SUSE Security Update: Security update for quagga
______________________________________________________________________________
Announcement ID: SUSE-SU-2011:1171-1
Rating: important
References: #718056 #718058 #718059 #718061 #718062
Cross-References: CVE-2011-3323 CVE-2011-3324 CVE-2011-3325
CVE-2011-3326 CVE-2011-3327
Affected Products:
______________________________________________________________________________
An update that fixes 5 vulnerabilities is now available.
Description:
This update fixes the following security issues in quagga:
* 718056: OSPF6D buffer overflow while decoding Link
State Update with Inter Area Prefix Lsa (CVE-2011-3323)
* 718058: OSPF6D DoS while decoding Database
Description packet (CVE-2011-3324)
* 718059: OSPFD DoS while decoding Hello packet
(CVE-2011-3325)
* 718061: OSPFD DoS while decoding Link State Update
(CVE-2011-3326)
* 718062: DoS while decoding EXTENDED_COMMUNITIES in
Quagga's BGP (CVE-2011-3327)
Security Issue references:
* CVE-2011-3323
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3323
>
* CVE-2011-3324
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3324
>
* CVE-2011-3325
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3325
>
* CVE-2011-3326
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3326
>
* CVE-2011-3327
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3327
>
Indications:
Please install this update.
Package List:
References:
http://support.novell.com/security/cve/CVE-2011-3323.html
http://support.novell.com/security/cve/CVE-2011-3324.html
http://support.novell.com/security/cve/CVE-2011-3325.html
http://support.novell.com/security/cve/CVE-2011-3326.html
http://support.novell.com/security/cve/CVE-2011-3327.html
https://bugzilla.novell.com/718056
https://bugzilla.novell.com/718058
https://bugzilla.novell.com/718059
https://bugzilla.novell.com/718061
https://bugzilla.novell.com/718062
http://download.novell.com/patch/finder/?keywords=b0427e8239de7b04885a01efa30e0599
--
To unsubscribe, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
For additional commands, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
Posljednje sigurnosne preporuke