oss-sec mailing list archives

Re: CVE Request -- quagga (ospf6d): Assertion failure when removing routes (retrieving information which route to remove)

From: Kurt Seiifried <kseifried () redhat com>
Date: Tue, 13 Nov 2012 11:27:27 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/13/2012 07:48 AM, Jan Lieskovsky wrote:

Hello Kurt, Steve, vendors,

Marco d'Itri in Debian bug [1] has reported the following
deficiency, being present in 0.99.21 and possibly earlier versions
of the Quagga routing suite:

A denial of service flaw was found in the way Quagga's ospf6d
daemon performed routes removal. In certain circumstances when
removing the route the ospf6d daemon terminated with assertion
failure when trying to determine / find, which route to remove. An
OSPF6 router could use this flaw to cause ospf6d on an adjacent
router to abort.

References: [1]
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693102 [2]
https://bugzilla.redhat.com/show_bug.cgi?id=876197

Upstream bug report: [3]
https://bugzilla.quagga.net/show_bug.cgi?id=747

Could you allocate a CVE id for this?

Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat
Security Response Team


Please use CVE-2012-5521 for this issue.


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQopEPAAoJEBYNRVNeJnmT5fQP/0T4SrIhya2QCMKB6xwXh2A3
g15i+A2X0ToXLDgUpnMlJPUbQMSRKvncm+prkHUJNsDxP6KW/hzMj/lsFGfdxsda
drGePasJJNJUT0f1Z2g8IXNfy1iUq3ZnjAFpwbd93iR/iRclDvNPhC5813XOr37G
ozpR4E4K+7Uf2GUvPAHwbTsgYeCQwnOzWZ3wIet9+Ej1vaEqRuXra3XmSnLAPiRp
RTZb6A4TROnc/+KLRI8JHH5AZUSNODJClG00sewI8CVSEp+EtbRRljntzzRVlqOJ
OXqITx5F5a+Su1S93dlRCoj4GJlPOJ9ALZ74+9RxmBFmR/ApE+uVUqZmIlJbvK73
sAUBEvvV8yymP6WoaamA/UP8HcICATvjjdQe+I5fgCiFLxOU2z2vVkNuOdNZNwom
iDGnnckWVEfjy9uRPAf7ubybCAMyY54pMZP2YHOwEzCaH7p74G3Pgv52DtGnQqU6
ADSJPp0Sc6R0/QyqCbnSyksdPw/gAUWEbAZvlct63o2k+tENii3DjN8oz7bd4dsB
afIuUqXbV+/1ta/6fkduY6Hir5gOyBXkh9KNg84FM6aa1sYgLGuxzVb1OOxXzXd8
dsc6nahjFM98n80yx5InFKgyEcGr9BEzEWjn3dqKtagEyr5X3RjeFEabTlojYZIS
sMvb3K2PDbLv/+TJ2NIG
=S1si
-----END PGP SIGNATURE-----

Current thread:

CVE Request -- quagga (ospf6d): Assertion failure when removing routes (retrieving information which route to remove) Jan Lieskovsky (Nov 13)
- Re: CVE Request -- quagga (ospf6d): Assertion failure when removing routes (retrieving information which route to remove) Kurt Seiifried (Nov 13)