CVE-2011-3327

CVSS V2 High 7.5 CVSS V3 None

Description

Heap-based buffer overflow in the ecommunity_ecom2str function in bgp_ecommunity.c in bgpd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by sending a crafted BGP UPDATE message over IPv4.

Overview

CVE ID
CVE-2011-3327

Assigner
cret@cert.org

Vulnerability Status
Modified

Published Version
2011-10-10T10:55:06

Last Modified Date
2018-01-06T02:29:18

Weakness Enumerations

CWE	URL
CWE-119	http://cwe.mitre.org/data/definitions/119.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version End
cpe:2.3:a:quagga:quagga::::::::	1	OR	0.99.18
cpe:2.3:a:quagga:quagga:0.95:::::::*	1	OR
cpe:2.3:a:quagga:quagga:0.96:::::::*	1	OR
cpe:2.3:a:quagga:quagga:0.96.1:::::::*	1	OR
cpe:2.3:a:quagga:quagga:0.96.2:::::::*	1	OR
cpe:2.3:a:quagga:quagga:0.96.3:::::::*	1	OR
cpe:2.3:a:quagga:quagga:0.96.4:::::::*	1	OR
cpe:2.3:a:quagga:quagga:0.96.5:::::::*	1	OR
cpe:2.3:a:quagga:quagga:0.97.0:::::::*	1	OR
cpe:2.3:a:quagga:quagga:0.97.1:::::::*	1	OR
cpe:2.3:a:quagga:quagga:0.97.2:::::::*	1	OR
cpe:2.3:a:quagga:quagga:0.97.3:::::::*	1	OR
cpe:2.3:a:quagga:quagga:0.97.4:::::::*	1	OR
cpe:2.3:a:quagga:quagga:0.97.5:::::::*	1	OR
cpe:2.3:a:quagga:quagga:0.98.0:::::::*	1	OR
cpe:2.3:a:quagga:quagga:0.98.1:::::::*	1	OR
cpe:2.3:a:quagga:quagga:0.98.2:::::::*	1	OR
cpe:2.3:a:quagga:quagga:0.98.3:::::::*	1	OR
cpe:2.3:a:quagga:quagga:0.98.4:::::::*	1	OR
cpe:2.3:a:quagga:quagga:0.98.5:::::::*	1	OR
cpe:2.3:a:quagga:quagga:0.98.6:::::::*	1	OR
cpe:2.3:a:quagga:quagga:0.99.1:::::::*	1	OR
cpe:2.3:a:quagga:quagga:0.99.2:::::::*	1	OR
cpe:2.3:a:quagga:quagga:0.99.3:::::::*	1	OR
cpe:2.3:a:quagga:quagga:0.99.4:::::::*	1	OR
cpe:2.3:a:quagga:quagga:0.99.5:::::::*	1	OR
cpe:2.3:a:quagga:quagga:0.99.6:::::::*	1	OR
cpe:2.3:a:quagga:quagga:0.99.7:::::::*	1	OR
cpe:2.3:a:quagga:quagga:0.99.8:::::::*	1	OR
cpe:2.3:a:quagga:quagga:0.99.9:::::::*	1	OR
cpe:2.3:a:quagga:quagga:0.99.10:::::::*	1	OR
cpe:2.3:a:quagga:quagga:0.99.11:::::::*	1	OR
cpe:2.3:a:quagga:quagga:0.99.12:::::::*	1	OR
cpe:2.3:a:quagga:quagga:0.99.13:::::::*	1	OR
cpe:2.3:a:quagga:quagga:0.99.14:::::::*	1	OR
cpe:2.3:a:quagga:quagga:0.99.15:::::::*	1	OR
cpe:2.3:a:quagga:quagga:0.99.16:::::::*	1	OR
cpe:2.3:a:quagga:quagga:0.99.17:::::::*	1	OR

CVSS Version 2

Version
2.0

Vector String
AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector
NETWORK

Access Compatibility
LOW

Authentication
NONE

Confidentiality Impact
PARTIAL

Integrity Impact
PARTIAL

Availability Impact
PARTIAL

Base Score
7.5

Severity
HIGH

Exploitability Score
10

Impact Score
6.4

References

Reference URL	Reference Tags
https://www.cert.fi/en/reports/2011/vulnerability539178.html
http://www.quagga.net/download/quagga-0.99.19.changelog.txt
http://code.quagga.net/?p=quagga.git;a=commit;h=94431dbc753171b48b5c6806af97fd690813b00a
https://bugzilla.redhat.com/show_bug.cgi?id=738400
http://www.debian.org/security/2011/dsa-2316
http://www.kb.cert.org/vuls/id/668534	US Government Resource
http://secunia.com/advisories/46139	Vendor Advisory
http://secunia.com/advisories/46274
http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00027.html
http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html
http://rhn.redhat.com/errata/RHSA-2012-1258.html
http://rhn.redhat.com/errata/RHSA-2012-1259.html
http://security.gentoo.org/glsa/glsa-201202-02.xml
http://secunia.com/advisories/48106

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2011-3327
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3327

History

Created	Old Value	New Value	Data Type	Notes
2022-05-10 18:51:20				Added to TrackCVE