[3.4] quagga: stack-based buffer overflow vulnerability (CVE-2016-2342)
The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI
parser in bgpd in Quagga before 1.0.20160309,
when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI
routes-data length field during a data copy,
which allows remote attackers to execute arbitrary code or cause a
denial of service (stack-based buffer overflow) via a crafted packet.
References:
http://savannah.nongnu.org/forum/forum.php?forum\_id=8476
https://security-tracker.debian.org/tracker/CVE-2016-2342
Patch:
http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=a3bc7e9400b214a0f078fdb19596ba54214a1442
(from redmine: issue id 5341, created on 2016-03-29, closed on 2016-04-12)
- Relations:
- parent #5340 (closed)
- Changesets:
- Revision 845087bd on 2016-04-06T10:36:13Z:
main/quagga: security upgrade to 1.0.20160315 (CVE-2016-2342). Fixes #5341