Date: Tue, 13 Nov 2012 09:48:59 -0500 (EST) From: Jan Lieskovsky <jlieskov@...hat.com> To: oss-security@...ts.openwall.com Cc: "Steven M. Christey" <coley@...us.mitre.org>, Denis Ovsienko <infrastation@...dex.ru>, Christian Hammers <ch@...ian.org>, "Dmitry V. Levin" <ldv@...linux.org>, Paul Jakma <paul@...ma.org>, Florian Weimer <fweimer@...hat.com>, "Marco d'Itri" <md@...ux.it> Subject: CVE Request -- quagga (ospf6d): Assertion failure when removing routes (retrieving information which route to remove) Hello Kurt, Steve, vendors, Marco d'Itri in Debian bug  has reported the following deficiency, being present in 0.99.21 and possibly earlier versions of the Quagga routing suite: A denial of service flaw was found in the way Quagga's ospf6d daemon performed routes removal. In certain circumstances when removing the route the ospf6d daemon terminated with assertion failure when trying to determine / find, which route to remove. An OSPF6 router could use this flaw to cause ospf6d on an adjacent router to abort. References:  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693102  https://bugzilla.redhat.com/show_bug.cgi?id=876197 Upstream bug report:  https://bugzilla.quagga.net/show_bug.cgi?id=747 Could you allocate a CVE id for this? Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.