Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <50A2910F.2040106@redhat.com>
Date: Tue, 13 Nov 2012 11:27:27 -0700
From: Kurt Seiifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Jan Lieskovsky <jlieskov@...hat.com>,
        "Steven M. Christey" <coley@...us.mitre.org>,
        Denis Ovsienko <infrastation@...dex.ru>,
        Christian Hammers <ch@...ian.org>,
        "Dmitry V. Levin" <ldv@...linux.org>, Paul Jakma <paul@...ma.org>,
        Florian Weimer <fweimer@...hat.com>, "Marco d'Itri" <md@...ux.it>
Subject: Re: CVE Request -- quagga (ospf6d): Assertion failure
 when removing routes (retrieving information which route to remove)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/13/2012 07:48 AM, Jan Lieskovsky wrote:
> Hello Kurt, Steve, vendors,
> 
> Marco d'Itri in Debian bug [1] has reported the following
> deficiency, being present in 0.99.21 and possibly earlier versions
> of the Quagga routing suite:
> 
> A denial of service flaw was found in the way Quagga's ospf6d
> daemon performed routes removal. In certain circumstances when
> removing the route the ospf6d daemon terminated with assertion
> failure when trying to determine / find, which route to remove. An
> OSPF6 router could use this flaw to cause ospf6d on an adjacent
> router to abort.
> 
> References: [1]
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693102 [2]
> https://bugzilla.redhat.com/show_bug.cgi?id=876197
> 
> Upstream bug report: [3]
> https://bugzilla.quagga.net/show_bug.cgi?id=747
> 
> Could you allocate a CVE id for this?
> 
> Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat
> Security Response Team
> 

Please use CVE-2012-5521 for this issue.


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQopEPAAoJEBYNRVNeJnmT5fQP/0T4SrIhya2QCMKB6xwXh2A3
g15i+A2X0ToXLDgUpnMlJPUbQMSRKvncm+prkHUJNsDxP6KW/hzMj/lsFGfdxsda
drGePasJJNJUT0f1Z2g8IXNfy1iUq3ZnjAFpwbd93iR/iRclDvNPhC5813XOr37G
ozpR4E4K+7Uf2GUvPAHwbTsgYeCQwnOzWZ3wIet9+Ej1vaEqRuXra3XmSnLAPiRp
RTZb6A4TROnc/+KLRI8JHH5AZUSNODJClG00sewI8CVSEp+EtbRRljntzzRVlqOJ
OXqITx5F5a+Su1S93dlRCoj4GJlPOJ9ALZ74+9RxmBFmR/ApE+uVUqZmIlJbvK73
sAUBEvvV8yymP6WoaamA/UP8HcICATvjjdQe+I5fgCiFLxOU2z2vVkNuOdNZNwom
iDGnnckWVEfjy9uRPAf7ubybCAMyY54pMZP2YHOwEzCaH7p74G3Pgv52DtGnQqU6
ADSJPp0Sc6R0/QyqCbnSyksdPw/gAUWEbAZvlct63o2k+tENii3DjN8oz7bd4dsB
afIuUqXbV+/1ta/6fkduY6Hir5gOyBXkh9KNg84FM6aa1sYgLGuxzVb1OOxXzXd8
dsc6nahjFM98n80yx5InFKgyEcGr9BEzEWjn3dqKtagEyr5X3RjeFEabTlojYZIS
sMvb3K2PDbLv/+TJ2NIG
=S1si
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.