Launchpad.net

CVE 2012-0250

Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (daemon crash) via a Link State Update (aka LS Update) packet containing a network-LSA link-state advertisement for which the data-structure length is smaller than the value in the Length header field.

Related bugs and status

CVE-2012-0250 (Candidate) is related to these bugs:

Bug #994169: quagga security update tracking bug

		In	Importance	Status
994169	quagga security update tracking bug	quagga (Ubuntu)	Medium	Fix Released
994169	quagga security update tracking bug	quagga (Ubuntu Lucid)	Medium	Fix Released
994169	quagga security update tracking bug	quagga (Ubuntu Natty)	Medium	Fix Released
994169	quagga security update tracking bug	quagga (Ubuntu Oneiric)	Medium	Fix Released
994169	quagga security update tracking bug	quagga (Ubuntu Quantal)	Medium	Fix Released
994169	quagga security update tracking bug	quagga (Ubuntu Precise)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

CERT-VN: VU#551715
FEDORA: FEDORA-2012-5352
FEDORA: FEDORA-2012-5411
FEDORA: FEDORA-2012-5436
REDHAT: RHSA-2012:1258
REDHAT: RHSA-2012:1259
SECUNIA: 48949
DEBIAN: DSA-2459