Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 13 Nov 2012 11:27:27 -0700
From: Kurt Seiifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Jan Lieskovsky <jlieskov@...hat.com>,
        "Steven M. Christey" <coley@...us.mitre.org>,
        Denis Ovsienko <infrastation@...dex.ru>,
        Christian Hammers <ch@...ian.org>,
        "Dmitry V. Levin" <ldv@...linux.org>, Paul Jakma <paul@...ma.org>,
        Florian Weimer <fweimer@...hat.com>, "Marco d'Itri" <md@...ux.it>
Subject: Re: CVE Request -- quagga (ospf6d): Assertion failure
 when removing routes (retrieving information which route to remove)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/13/2012 07:48 AM, Jan Lieskovsky wrote:
> Hello Kurt, Steve, vendors,
> 
> Marco d'Itri in Debian bug [1] has reported the following
> deficiency, being present in 0.99.21 and possibly earlier versions
> of the Quagga routing suite:
> 
> A denial of service flaw was found in the way Quagga's ospf6d
> daemon performed routes removal. In certain circumstances when
> removing the route the ospf6d daemon terminated with assertion
> failure when trying to determine / find, which route to remove. An
> OSPF6 router could use this flaw to cause ospf6d on an adjacent
> router to abort.
> 
> References: [1]
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693102 [2]
> https://bugzilla.redhat.com/show_bug.cgi?id=876197
> 
> Upstream bug report: [3]
> https://bugzilla.quagga.net/show_bug.cgi?id=747
> 
> Could you allocate a CVE id for this?
> 
> Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat
> Security Response Team
> 

Please use CVE-2012-5521 for this issue.


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQopEPAAoJEBYNRVNeJnmT5fQP/0T4SrIhya2QCMKB6xwXh2A3
g15i+A2X0ToXLDgUpnMlJPUbQMSRKvncm+prkHUJNsDxP6KW/hzMj/lsFGfdxsda
drGePasJJNJUT0f1Z2g8IXNfy1iUq3ZnjAFpwbd93iR/iRclDvNPhC5813XOr37G
ozpR4E4K+7Uf2GUvPAHwbTsgYeCQwnOzWZ3wIet9+Ej1vaEqRuXra3XmSnLAPiRp
RTZb6A4TROnc/+KLRI8JHH5AZUSNODJClG00sewI8CVSEp+EtbRRljntzzRVlqOJ
OXqITx5F5a+Su1S93dlRCoj4GJlPOJ9ALZ74+9RxmBFmR/ApE+uVUqZmIlJbvK73
sAUBEvvV8yymP6WoaamA/UP8HcICATvjjdQe+I5fgCiFLxOU2z2vVkNuOdNZNwom
iDGnnckWVEfjy9uRPAf7ubybCAMyY54pMZP2YHOwEzCaH7p74G3Pgv52DtGnQqU6
ADSJPp0Sc6R0/QyqCbnSyksdPw/gAUWEbAZvlct63o2k+tENii3DjN8oz7bd4dsB
afIuUqXbV+/1ta/6fkduY6Hir5gOyBXkh9KNg84FM6aa1sYgLGuxzVb1OOxXzXd8
dsc6nahjFM98n80yx5InFKgyEcGr9BEzEWjn3dqKtagEyr5X3RjeFEabTlojYZIS
sMvb3K2PDbLv/+TJ2NIG
=S1si
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.