On 14 Nov 2016, at 21:20, Alexis Rosen wrote:
On Oct 18, 2016, at 1:56 AM, Martin Winter
<mwin...@opensourcerouting.org> wrote:
Security Advisory: Quagga Buffer Overflow in IPv6 RA handling
=============================================================
[...] The issue can be triggered on an IPv6 address where the Quagga
daemon is reachable by a RA (Router Advertisement or IPv6 ICMP
message.
So... Nearly a month later, I'm deleting old mail and noticed this.
As far as I can tell, this is an editing error of some sort, and in
fact you can NOT trigger the issue simply by having an IPv6 address
reachable with an ICMP.
How about this wording:
A buffer overflow exists in the IPv6 (Router Advertisement) code in
Zebra. The issue can be triggered on any interface with a reachable
IPv6 address
by a RA (Router Advertisement) or IPv6 ICMP message.
The issue leads to a crash of the zebra daemon.
Later in the advisory, it says:
Usage of Quagga without running the 'zebra' daemon, or no
IPv6 neighbor-discovery are not affected.
What this should say:
The issue is in Zebra daemon. So you are safe without Zebra daemon (i.e.
some users only using BGPd)
You are also safe if you have the IPv6 neighbor-discovery disabled.
So maybe just a missing comma?
Usage of Quagga without running the 'zebra' daemon, or no
IPv6 neighbor-discovery, are not affected.
A quick look at the code also suggests this is so, but my familiarity
with this code is basically nil, and it would be very easy for me to
get this wrong.
Can someone who is certain please clarify? And maybe update the CVE so
the sentence makes sense (and has balanced parentheses)?
I’ll update if you can confirm that these 2 small rewrites clarify the
issue.
- Martin
_______________________________________________
Quagga-users mailing list
Quagga-users@lists.quagga.net
https://lists.quagga.net/mailman/listinfo/quagga-users