Network Security

AERAsec
Network Security
Current Security Messages


Most of the links lead to the corresponding files at CERT or other organisations. So changes take place immediately, especially which patches should be installed or which changes in the configuration should be made to avoid this vulnerability. Some of the files are transferred by FTP.

By the way: If we're not publishing well-known risks inheritant in any widely used platform or program that doesn't mean this particular platform or program is safe to use!

Here you find our network security search engine!


This is some information you send:

Your Browser

CCBot/2.0 (http://commoncrawl.org/faq/)

Your IP address

ec2-54-89-70-124.compute-1.amazonaws.com [54.89.70.124]

Your referer

(filtered or not existing)

Current month, Last month, Last 10 messages, Last 20 messages (index only)

Chosen message with ID ae-201012-013

System: Red Hat Enterprise Linux
Topic: Vulnerabilities in kvm and quagga
Links: RHSA-2010-0898, CVE-2010-3698, CVE-2010-4091, ESB-2010.1100,
RHSA-2010-0945, CVE-2010-2948, CVE-2010-2949, ESB-2010.1101
ID: ae-201012-013

A flaw was found in the way QEMU-KVM handled the reloading of fs and gs segment registers when they had invalid selectors. A privileged host user with access to "/dev/kvm" could use this flaw to crash the host (denial of service).
A stack-based buffer overflow flaw was found in the way the Quagga bgpd daemon processed certain BGP Route Refresh (RR) messages. A configured BGP peer could send a specially-crafted BGP message, causing bgpd on a target system to crash or, possibly, execute arbitrary code with the privileges of the user running bgpd. A NULL pointer dereference flaw was found in the way the Quagga bgpd daemon parsed the paths of autonomous systems (AS). A configured BGP peer could crash bgpd on a target system via a specially-crafted BGP message.
Fixed packages are available now.



(c) 2000-2014 AERAsec Network Services and Security GmbH