RHSA-2011:0406: quagga security update
Description
Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemonimplements the BGP (Border Gateway Protocol) routing protocol.A denial of service flaw was found in the way the Quagga bgpd daemonprocessed certain route metrics information. A BGP message with aspecially-crafted path limit attribute would cause the bgpd daemon to resetits session with the peer through which this message was received.(CVE-2010-1675)A NULL pointer dereference flaw was found in the way the Quagga bgpd daemonprocessed malformed route extended communities attributes. A configured BGPpeer could crash bgpd on a target system via a specially-crafted BGPmessage. (CVE-2010-1674)Users of quagga should upgrade to these updated packages, which containbackported patches to correct these issues. After installing the updatedpackages, the bgpd daemon must be restarted for the update to take effect.
Solution(s)
- redhat-upgrade-quagga
- redhat-upgrade-quagga-contrib
- redhat-upgrade-quagga-debuginfo
- redhat-upgrade-quagga-devel
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center