ID de Prueba:	1.3.6.1.4.1.25623.1.0.68026
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2010:174 (quagga)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to quagga announced via advisory MDVSA-2010:174. Stack-based buffer overflow in the bgp_route_refresh_receive function in bgp_packet.c in bgpd in Quagga before 0.99.17 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a malformed Outbound Route Filtering (ORF) record in a BGP ROUTE-REFRESH (RR) message (CVE-2010-2948). bgpd in Quagga before 0.99.17 does not properly parse AS paths, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unknown AS type in an AS path attribute in a BGP UPDATE message (CVE-2010-2949). Updated packages are available that bring Quagga to version 0.99.17 which provides numerous bugfixes over the previous 0.99.12 version, and also corrects these issues. Affected: Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2010:174 Risk factor : High CVSS Score: 6.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2948 41038 http://secunia.com/advisories/41038 41238 http://secunia.com/advisories/41238 42397 http://secunia.com/advisories/42397 42446 http://secunia.com/advisories/42446 42498 http://secunia.com/advisories/42498 42635 http://www.securityfocus.com/bid/42635 48106 http://secunia.com/advisories/48106 ADV-2010-2304 http://www.vupen.com/english/advisories/2010/2304 ADV-2010-3097 http://www.vupen.com/english/advisories/2010/3097 ADV-2010-3124 http://www.vupen.com/english/advisories/2010/3124 DSA-2104 http://www.debian.org/security/2010/dsa-2104 GLSA-201202-02 http://security.gentoo.org/glsa/glsa-201202-02.xml MDVSA-2010:174 http://www.mandriva.com/security/advisories?name=MDVSA-2010:174 RHSA-2010:0785 http://www.redhat.com/support/errata/RHSA-2010-0785.html RHSA-2010:0945 http://www.redhat.com/support/errata/RHSA-2010-0945.html SUSE-SR:2010:022 http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html SUSE-SU-2011:1316 http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html USN-1027-1 http://www.ubuntu.com/usn/USN-1027-1 [oss-security] 20100824 CVE Request -- Quagga (bgpd) [two ids] -- 1, Stack buffer overflow by processing crafted Refresh-Route msgs 2, NULL ptr deref by parsing certain AS paths by BGP update request http://www.openwall.com/lists/oss-security/2010/08/24/3 [oss-security] 20100825 Re: CVE Request -- Quagga (bgpd) [two ids] -- 1, Stack buffer overflow by processing crafted Refresh-Route msgs 2, NULL ptr deref by parsing certain AS paths by BGP update request http://www.openwall.com/lists/oss-security/2010/08/25/4 http://code.quagga.net/?p=quagga.git%3Ba=commit%3Bh=d64379e8f3c0636df53ed08d5b2f1946cfedd0e3 http://www.quagga.net/news2.php?y=2010&m=8&d=19 https://bugzilla.redhat.com/show_bug.cgi?id=626783 Common Vulnerability Exposure (CVE) ID: CVE-2010-2949 42642 http://www.securityfocus.com/bid/42642 http://code.quagga.net/?p=quagga.git%3Ba=commit%3Bh=cddb8112b80fa9867156c637d63e6e79eeac67bb https://bugzilla.redhat.com/show_bug.cgi?id=626795
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.