oss-sec mailing list archives
CVE Request -- quagga (ospf6d): Assertion failure when removing routes (retrieving information which route to remove)
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Tue, 13 Nov 2012 09:48:59 -0500 (EST)
Hello Kurt, Steve, vendors, Marco d'Itri in Debian bug [1] has reported the following deficiency, being present in 0.99.21 and possibly earlier versions of the Quagga routing suite: A denial of service flaw was found in the way Quagga's ospf6d daemon performed routes removal. In certain circumstances when removing the route the ospf6d daemon terminated with assertion failure when trying to determine / find, which route to remove. An OSPF6 router could use this flaw to cause ospf6d on an adjacent router to abort. References: [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693102 [2] https://bugzilla.redhat.com/show_bug.cgi?id=876197 Upstream bug report: [3] https://bugzilla.quagga.net/show_bug.cgi?id=747 Could you allocate a CVE id for this? Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE Request -- quagga (ospf6d): Assertion failure when removing routes (retrieving information which route to remove) Jan Lieskovsky (Nov 13)