Bugzilla – Bug 789834
VUL-2: quagga: quagga (ospf6d): Assertion failure when removing routes (retrieving information which route to remove)
Last modified: 2020-04-02 02:25:30 UTC
is public, via oss-sec CVE-2012-5521 From: Jan Lieskovsky <jlieskov@redhat.com> Date: Tue, 13 Nov 2012 09:48:59 -0500 (EST) Subject: [oss-security] CVE Request -- quagga (ospf6d): Assertion failure when removing routes (retrieving information which route to remove) Hello Kurt, Steve, vendors, Marco d'Itri in Debian bug [1] has reported the following deficiency, being present in 0.99.21 and possibly earlier versions of the Quagga routing suite: A denial of service flaw was found in the way Quagga's ospf6d daemon performed routes removal. In certain circumstances when removing the route the ospf6d daemon terminated with assertion failure when trying to determine / find, which route to remove. An OSPF6 router could use this flaw to cause ospf6d on an adjacent router to abort. References: [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693102 [2] https://bugzilla.redhat.com/show_bug.cgi?id=876197 Upstream bug report: [3] https://bugzilla.quagga.net/show_bug.cgi?id=747 Could you allocate a CVE id for this? Thank you && Regards, Jan.
The SWAMPID for this issue is 50109. This issue was rated as moderate. Please submit fixed packages until 2012-11-29. When done, please reassign the bug to security-team@suse.de. Patchinfo will be handled by security team.
bugbot adjusting priority
I tried to make sense of the code and why it crashes ... but with just the backtrace it is hard for me either. (canceling swamp until we have a valid fix)
The SWAMPID for this issue is 54111. This issue was rated as moderate. Please submit fixed packages until 2013-09-02. When done, please reassign the bug to security-team@suse.de. Patchinfo will be handled by security team.
The upstream bug is still UNCONFIRMED and there is no patch. We'll close this for now. The bug was mentioned in the SWAMP and no further information is available.