FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  362910
Date:      2014-07-25
Time:      14:12:54Z
Committer: ohauer

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
42a2c82a-75b9-11e1-89b4-001ec9578670quagga -- multiple vulnerabilities

CERT reports:

The ospfd implementation of OSPF in Quagga allows a remote attacker (on a local network segment with OSPF enabled) to cause a denial of service (daemon aborts due to an assert) with a malformed OSPF LS-Update message.

The ospfd implementation of OSPF in Quagga allows a remote attacker (on a local network segment with OSPF enabled) to cause a denial of service (daemon crash) with a malformed OSPF Network- LSA message.

The bgpd implementation of BGP in Quagga allows remote attackers to cause a denial of service (daemon aborts due to an assert) via BGP Open message with an invalid AS4 capability.


Discovery 2012-03-23
Entry 2012-03-24
Modified 2012-03-26
quagga
lt 0.99.20.1

quagga-re
lt 0.99.17.8

CVE-2012-0249
CVE-2012-0250
CVE-2012-0255
http://www.kb.cert.org/vuls/id/551715
42a2c82a-75b9-11e1-89b4-001ec9578670quagga -- multiple vulnerabilities

CERT reports:

The ospfd implementation of OSPF in Quagga allows a remote attacker (on a local network segment with OSPF enabled) to cause a denial of service (daemon aborts due to an assert) with a malformed OSPF LS-Update message.

The ospfd implementation of OSPF in Quagga allows a remote attacker (on a local network segment with OSPF enabled) to cause a denial of service (daemon crash) with a malformed OSPF Network- LSA message.

The bgpd implementation of BGP in Quagga allows remote attackers to cause a denial of service (daemon aborts due to an assert) via BGP Open message with an invalid AS4 capability.


Discovery 2012-03-23
Entry 2012-03-24
Modified 2012-03-26
quagga
lt 0.99.20.1

quagga-re
lt 0.99.17.8

CVE-2012-0249
CVE-2012-0250
CVE-2012-0255
http://www.kb.cert.org/vuls/id/551715
1e14d46f-af1f-11e1-b242-00215af774f0quagga -- BGP OPEN denial of service vulnerability

CERT reports:

If a pre-configured BGP peer sends a specially-crafted OPEN message with a malformed ORF capability TLV, Quagga bgpd process will erroneously try to consume extra bytes from the input packet buffer. The process will detect a buffer overrun attempt before it happens and immediately terminate with an error message. All BGP sessions established by the attacked router will be closed and its BGP routing disrupted.


Discovery 2012-06-04
Entry 2012-06-05
quagga
le 0.99.20.1

quagga-re
lt 0.99.17.10

CVE-2012-1820
http://www.kb.cert.org/vuls/id/962587
1e14d46f-af1f-11e1-b242-00215af774f0quagga -- BGP OPEN denial of service vulnerability

CERT reports:

If a pre-configured BGP peer sends a specially-crafted OPEN message with a malformed ORF capability TLV, Quagga bgpd process will erroneously try to consume extra bytes from the input packet buffer. The process will detect a buffer overrun attempt before it happens and immediately terminate with an error message. All BGP sessions established by the attacked router will be closed and its BGP routing disrupted.


Discovery 2012-06-04
Entry 2012-06-05
quagga
le 0.99.20.1

quagga-re
lt 0.99.17.10

CVE-2012-1820
http://www.kb.cert.org/vuls/id/962587