CVE-2010-2948

Опубликовано: 19 авг. 2010

Источник: redhat

CVSS2: 5.4

Описание

Stack-based buffer overflow in the bgp_route_refresh_receive function in bgp_packet.c in bgpd in Quagga before 0.99.17 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a malformed Outbound Route Filtering (ORF) record in a BGP ROUTE-REFRESH (RR) message.

Отчет

This issue is not planned to be fixed in Red Hat Enterprise Linux 3 due to this product being in Production 3 of its maintenance life-cycle, where only qualified security errata of important and critical impact are addressed. For further information about the Errata Support Policy, visit: http://www.redhat.com/security/updates/errata A future update in Red Hat Enterprise Linux 4 and Red Hat Enterprise Linux 5 may address this flaw.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 3	quagga	Affected
Red Hat Enterprise Linux 4	quagga	Fixed	RHSA-2010:0785	20.10.2010
Red Hat Enterprise Linux 5	quagga	Fixed	RHSA-2010:0785	20.10.2010
Red Hat Enterprise Linux 6	quagga	Fixed	RHSA-2010:0945	06.12.2010

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-121

https://bugzilla.redhat.com/show_bug.cgi?id=626783(bgpd): Stack buffer overflow by processing certain Route-Refresh messages

5.4 Medium

CVSS2

Связанные уязвимости

CVE-2010-2948

ubuntu

почти 15 лет назад

CVE-2010-2948

nvd

почти 15 лет назад

CVE-2010-2948

debian

почти 15 лет назад

Stack-based buffer overflow in the bgp_route_refresh_receive function ...

GHSA-q48q-864h-7c7w

github

около 3 лет назад

ELSA-2010-0945

oracle-oval

больше 14 лет назад

ELSA-2010-0945: quagga security update (MODERATE)

5.4 Medium

CVSS2