oss-sec mailing list archives
Re: CVE Request -- quagga (ospf6d): Assertion failure when removing routes (retrieving information which route to remove)
From: Kurt Seiifried <kseifried () redhat com>
Date: Tue, 13 Nov 2012 11:27:27 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/13/2012 07:48 AM, Jan Lieskovsky wrote:
Hello Kurt, Steve, vendors, Marco d'Itri in Debian bug [1] has reported the following deficiency, being present in 0.99.21 and possibly earlier versions of the Quagga routing suite: A denial of service flaw was found in the way Quagga's ospf6d daemon performed routes removal. In certain circumstances when removing the route the ospf6d daemon terminated with assertion failure when trying to determine / find, which route to remove. An OSPF6 router could use this flaw to cause ospf6d on an adjacent router to abort. References: [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693102 [2] https://bugzilla.redhat.com/show_bug.cgi?id=876197 Upstream bug report: [3] https://bugzilla.quagga.net/show_bug.cgi?id=747 Could you allocate a CVE id for this? Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Please use CVE-2012-5521 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iQIcBAEBAgAGBQJQopEPAAoJEBYNRVNeJnmT5fQP/0T4SrIhya2QCMKB6xwXh2A3 g15i+A2X0ToXLDgUpnMlJPUbQMSRKvncm+prkHUJNsDxP6KW/hzMj/lsFGfdxsda drGePasJJNJUT0f1Z2g8IXNfy1iUq3ZnjAFpwbd93iR/iRclDvNPhC5813XOr37G ozpR4E4K+7Uf2GUvPAHwbTsgYeCQwnOzWZ3wIet9+Ej1vaEqRuXra3XmSnLAPiRp RTZb6A4TROnc/+KLRI8JHH5AZUSNODJClG00sewI8CVSEp+EtbRRljntzzRVlqOJ OXqITx5F5a+Su1S93dlRCoj4GJlPOJ9ALZ74+9RxmBFmR/ApE+uVUqZmIlJbvK73 sAUBEvvV8yymP6WoaamA/UP8HcICATvjjdQe+I5fgCiFLxOU2z2vVkNuOdNZNwom iDGnnckWVEfjy9uRPAf7ubybCAMyY54pMZP2YHOwEzCaH7p74G3Pgv52DtGnQqU6 ADSJPp0Sc6R0/QyqCbnSyksdPw/gAUWEbAZvlct63o2k+tENii3DjN8oz7bd4dsB afIuUqXbV+/1ta/6fkduY6Hir5gOyBXkh9KNg84FM6aa1sYgLGuxzVb1OOxXzXd8 dsc6nahjFM98n80yx5InFKgyEcGr9BEzEWjn3dqKtagEyr5X3RjeFEabTlojYZIS sMvb3K2PDbLv/+TJ2NIG =S1si -----END PGP SIGNATURE-----
Current thread:
- CVE Request -- quagga (ospf6d): Assertion failure when removing routes (retrieving information which route to remove) Jan Lieskovsky (Nov 13)
- Re: CVE Request -- quagga (ospf6d): Assertion failure when removing routes (retrieving information which route to remove) Kurt Seiifried (Nov 13)