Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

DSA-3654-1 quagga -- security update

Related Vulnerabilities: CVE-2016-4036   CVE-2016-4049  

Two vulnerabilities were discovered in quagga, a BGP/OSPF/RIP routing daemon. CVE-2016-4036 Tamás Németh discovered that sensitive configuration files in /etc/quagga were world-readable despite containing sensitive information. CVE-2016-4049 Evgeny Uskov discovered that a bgpd instance handling many peers could be crashed by a malicious user when requesting a route dump. For the stable distribution (jessie), these problems have been fixed in version 0.99.23.1-1+deb8u2. We recommend that you upgrade your quagga packages.

Source

Debian Security Advisory

DSA-3654-1 quagga -- security update

Date Reported:
26 Aug 2016
Affected Packages:
quagga
Vulnerable:
Yes
Security database references:
In the Debian bugtracking system: Bug 822787, Bug 835223.
In Mitre's CVE dictionary: CVE-2016-4036, CVE-2016-4049, CVE-2016-4036, CVE-2016-4049.
More information:

Two vulnerabilities were discovered in quagga, a BGP/OSPF/RIP routing daemon.

  • CVE-2016-4036

    Tamás Németh discovered that sensitive configuration files in /etc/quagga were world-readable despite containing sensitive information.

  • CVE-2016-4049

    Evgeny Uskov discovered that a bgpd instance handling many peers could be crashed by a malicious user when requesting a route dump.

For the stable distribution (jessie), these problems have been fixed in version 0.99.23.1-1+deb8u2.

We recommend that you upgrade your quagga packages.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started