CVE-2016-4036

Several security issues were fixed in Quagga ...

Debian Bug report logs - #822787 quagga: CVE-2016-4049: Missing size check in bgp_dump_routes_func in bgpd/bgp_dumpc allowing DoS Package: src:quagga; Maintainer for src:quagga is Brett Parker <iDunno@sommitrealweirdcouk>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 27 Apr 2016 14:06:02 UTC Se ...

Debian Bug report logs - #835223 quagga: CVE-2016-4036 Package: src:quagga; Maintainer for src:quagga is Brett Parker <iDunno@sommitrealweirdcouk>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 23 Aug 2016 16:30:10 UTC Severity: important Tags: security Found in versions quagga/099224-1, quag ...

Two vulnerabilities were discovered in quagga, a BGP/OSPF/RIP routing daemon CVE-2016-4036 Tamás Németh discovered that sensitive configuration files in /etc/quagga were world-readable despite containing sensitive information CVE-2016-4049 Evgeny Uskov discovered that a bgpd instance handling many peers could be cras ...

The quagga package before 09923-261 in openSUSE and SUSE Linux Enterprise Server 11 SP 1 uses weak permissions for /etc/quagga, which allows local users to obtain sensitive information by reading files in the directory ...