Debian Security Advisory DSA 1293-1 (quagga) Network Vulnerability

Summary

The remote host is missing an update to quagga announced via advisory DSA 1293-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201293-1

Insight

Paul Jakma discovered that specially crafted UPDATE messages can trigger an out of boundary read that can result in a system crash of quagga, the BGP/OSPF/RIP routing daemon. For the old stable distribution (sarge) this problem has been fixed in version 0.98.3-7.4. For the stable distribution (etch) this problem has been fixed in version 0.99.5-5etch2. For the unstable distribution (sid) this problem has been fixed in version 0.99.6-5. We recommend that you upgrade your quagga package.

Severity

Classification

CVE CVE-2007-1995

CVSS	Base Score: 6.3 AV:N/AC:M/Au:S/C:N/I:N/A:C

Related Vulnerabilities

Debian Security Advisory DSA 1006-1 (wzdftpd)
Debian Security Advisory DSA 1121-1 (postgrey)
Debian Security Advisory DSA 1144-1 (chmlib)
Debian Security Advisory DSA 1100-1 (wv2)
Debian Security Advisory DSA 1066-1 (phpbb2)

Take action and discover your vulnerabilities