English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.871784
Kategorie:Red Hat Local Security Checks
Titel:RedHat Update for quagga RHSA-2017:0794-01
Zusammenfassung:The remote host is missing an update for the 'quagga'; package(s) announced via the referenced advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'quagga'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The quagga packages contain Quagga, the
free network-routing software suite that manages TCP/IP based protocols. Quagga
supports the BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng protocols, and
is intended to be used as a Route Server and Route Reflector.

Security Fix(es):

* A stack-based buffer overflow flaw was found in the way Quagga handled
IPv6 router advertisement messages. A remote attacker could use this flaw
to crash the zebra daemon resulting in denial of service. (CVE-2016-1245)

* A stack-based buffer overflow flaw was found in the way the Quagga BGP
routing daemon (bgpd) handled Labeled-VPN SAFI routes data. A remote
attacker could use this flaw to crash the bgpd daemon resulting in denial
of service. (CVE-2016-2342)

* A denial of service flaw was found in the Quagga BGP routing daemon
(bgpd). Under certain circumstances, a remote attacker could send a crafted
packet to crash the bgpd daemon resulting in denial of service.
(CVE-2016-4049)

* A denial of service flaw affecting various daemons in Quagga was found. A
remote attacker could use this flaw to cause the various Quagga daemons,
which expose their telnet interface, to crash. (CVE-2017-5495)

* A stack-based buffer overflow flaw was found in the way the Quagga OSPFD
daemon handled LSA (link-state advertisement) packets. A remote attacker
could use this flaw to crash the ospfd daemon resulting in denial of
service. (CVE-2013-2236)

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9
Technical Notes linked from the References section.

Affected Software/OS:
quagga on Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2013-2236
BugTraq ID: 60955
http://www.securityfocus.com/bid/60955
Debian Security Information: DSA-2803 (Google Search)
http://www.debian.org/security/2013/dsa-2803
http://seclists.org/oss-sec/2013/q3/24
http://lists.quagga.net/pipermail/quagga-dev/2013-July/010622.html
RedHat Security Advisories: RHSA-2017:0794
http://rhn.redhat.com/errata/RHSA-2017-0794.html
http://www.ubuntu.com/usn/USN-2941-1
Common Vulnerability Exposure (CVE) ID: CVE-2016-1245
BugTraq ID: 93775
http://www.securityfocus.com/bid/93775
Debian Security Information: DSA-3695 (Google Search)
https://www.debian.org/security/2016/dsa-3695
https://security.gentoo.org/glsa/201701-48
Common Vulnerability Exposure (CVE) ID: CVE-2016-2342
BugTraq ID: 84318
http://www.securityfocus.com/bid/84318
CERT/CC vulnerability note: VU#270232
http://www.kb.cert.org/vuls/id/270232
Debian Security Information: DSA-3532 (Google Search)
http://www.debian.org/security/2016/dsa-3532
https://security.gentoo.org/glsa/201610-03
SuSE Security Announcement: openSUSE-SU-2016:0863 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-03/msg00102.html
SuSE Security Announcement: openSUSE-SU-2016:0888 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-03/msg00117.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-4049
BugTraq ID: 88561
http://www.securityfocus.com/bid/88561
Debian Security Information: DSA-3654 (Google Search)
http://www.debian.org/security/2016/dsa-3654
http://www.openwall.com/lists/oss-security/2016/04/27/7
https://lists.quagga.net/pipermail/quagga-dev/2016-January/014699.html
https://lists.quagga.net/pipermail/quagga-dev/2016-February/014743.html
http://www.securitytracker.com/id/1035699
SuSE Security Announcement: openSUSE-SU-2016:1313 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-05/msg00062.html
Common Vulnerability Exposure (CVE) ID: CVE-2017-5495
BugTraq ID: 95745
http://www.securityfocus.com/bid/95745
http://www.securitytracker.com/id/1037688
CopyrightCopyright (C) 2017 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.