Debian Security Advisory DSA 1293-1 (quagga) Network Vulnerability

Summary

The remote host is missing an update to quagga announced via advisory DSA 1293-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201293-1

Insight

Paul Jakma discovered that specially crafted UPDATE messages can trigger an out of boundary read that can result in a system crash of quagga, the BGP/OSPF/RIP routing daemon. For the old stable distribution (sarge) this problem has been fixed in version 0.98.3-7.4. For the stable distribution (etch) this problem has been fixed in version 0.99.5-5etch2. For the unstable distribution (sid) this problem has been fixed in version 0.99.6-5. We recommend that you upgrade your quagga package.

Severity

Classification

CVE CVE-2007-1995
CVSS Base Score: 6.3
AV:N/AC:M/Au:S/C:N/I:N/A:C

Related Vulnerabilities

Debian Security Advisory DSA 020-1 (php4)
Debian Security Advisory DSA 1079-1 (mysql-dfsg)
Debian Security Advisory DSA 088-1 (fml)
Debian Security Advisory DSA 092-1 (wmtv)
Debian Security Advisory DSA 1122-1 (libnet-server-perl)

Take action and discover your vulnerabilities