oss-sec mailing list archives

CVE Request -- quagga (ospf6d): Assertion failure when removing routes (retrieving information which route to remove)

From: Jan Lieskovsky <jlieskov () redhat com>
Date: Tue, 13 Nov 2012 09:48:59 -0500 (EST)

Hello Kurt, Steve, vendors,

  Marco d'Itri in Debian bug [1] has reported the following deficiency,
being present in 0.99.21 and possibly earlier versions of the Quagga 
routing suite:

A denial of service flaw was found in the way Quagga's ospf6d daemon
performed routes removal. In certain circumstances when removing the
route the ospf6d daemon terminated with assertion failure when trying
to determine / find, which route to remove. An OSPF6 router could use
this flaw to cause ospf6d on an adjacent router to abort.

References:
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693102
[2] https://bugzilla.redhat.com/show_bug.cgi?id=876197

Upstream bug report:
[3] https://bugzilla.quagga.net/show_bug.cgi?id=747

Could you allocate a CVE id for this?

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Current thread:

CVE Request -- quagga (ospf6d): Assertion failure when removing routes (retrieving information which route to remove) Jan Lieskovsky (Nov 13)
- Re: CVE Request -- quagga (ospf6d): Assertion failure when removing routes (retrieving information which route to remove) Kurt Seiifried (Nov 13)