oss-sec mailing list archives

Re: CVE request: Quagga OSPF-API stack overrun

From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 03 Jul 2013 20:06:28 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/03/2013 03:14 PM, David Lamparter wrote:

Hi,

I guess I need a CVE number for this, we've discovered a local
network exploitable stack overrun in Quagga's ospfd.

Reference: 
http://lists.quagga.net/pipermail/quagga-dev/2013-July/010621.html

Cheers,

-David (Quagga maintainer)


Please use CVE-2013-2236  for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJR1NikAAoJEBYNRVNeJnmTAG4QANY+YzJfkiSoHeuAg7sjlJvt
iEYl7tGVg3eejA18SrqiBtFv9/QT+8gyvHStlAO8VK/nVwIB1vuH8zbLMDq/77rg
c94f/NCfUk6LNDhOx8HrjX6hDmrYpJZ3wAF+8cuu2iIew04Bpov2O1VMyWqisshM
N4zo2cYKObeqlnVjMr8Nq42A11Jk99vXq2QTRDX3IKiZDFKLThue+G4gG25ffGUD
Rf1vFY99ctcNbNai+CaujkdO+JnlM6t3Na4mK/1RD/ZAqjtLoAHQyJdCmO72dKe6
K3Ew2z9NcD4tA0IJ6MsF+HbMKdRLxXN89aI95/McKjTxhcImDwVGyOVNCQYfs00E
y5OKUASrfHauQkvdHfbQ3toeCaYe8pJB+87PBlqq5DWE0QXFqXcqdRoB43m+K1/z
mvQW8zvlg0VZaozScM9xeVNoRWwHSk+biMCixkbCydb915VKGVCWmAIYIKoTjEQd
8wEH7rq8W42lgZ/rPhK7bErPbRIIhSQPGgi1PVB6BoImbDx0wrWoauaXaW3zqgSl
kHszTObV3atTCmAEUzIjYk6rod3mLzl8zvVqfaW9yXfaihBmjJpWuv0jRrmLb5iP
dq/30TF4rLD2D3liwDocerzDSP8T4Mhd5/BcU/VvQmdKCCR2U7B8Y1rhaxpW4/Aa
1G5X8ZlaG7HNSdV10VWG
=/ILj
-----END PGP SIGNATURE-----

Current thread:

CVE request: Quagga OSPF-API stack overrun David Lamparter (Jul 03)
- Re: CVE request: Quagga OSPF-API stack overrun Kurt Seifried (Jul 03)