SUSE update for frr



Published: 2022-09-13 | Updated: 2023-06-08
Risk Medium
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2019-25074
CVE-2022-37032
CWE-ID CWE-401
CWE-125
Exploitation vector Network
Public exploit Public exploit code for vulnerability #2 is available.
Vulnerable software
Subscribe 		SUSE Manager Retail Branch Server
Operating systems & Components / Operating system

SUSE Linux Enterprise Storage
Operating systems & Components / Operating system

SUSE Manager Server
Operating systems & Components / Operating system

SUSE Manager Proxy
Operating systems & Components / Operating system

openSUSE Leap
Operating systems & Components / Operating system

SUSE Linux Enterprise Server for SAP Applications
Operating systems & Components / Operating system

SUSE Linux Enterprise Server
Operating systems & Components / Operating system

SUSE Linux Enterprise High Performance Computing
Operating systems & Components / Operating system

SUSE Linux Enterprise Module for Server Applications
Operating systems & Components / Operating system

libmlag_pb0-debuginfo
Operating systems & Components / Operating system package or component

libmlag_pb0
Operating systems & Components / Operating system package or component

libfrrzmq0-debuginfo
Operating systems & Components / Operating system package or component

libfrrzmq0
Operating systems & Components / Operating system package or component

libfrrsnmp0-debuginfo
Operating systems & Components / Operating system package or component

libfrrsnmp0
Operating systems & Components / Operating system package or component

libfrrospfapiclient0-debuginfo
Operating systems & Components / Operating system package or component

libfrrospfapiclient0
Operating systems & Components / Operating system package or component

libfrrgrpc_pb0-debuginfo
Operating systems & Components / Operating system package or component

libfrrgrpc_pb0
Operating systems & Components / Operating system package or component

libfrrfpm_pb0-debuginfo
Operating systems & Components / Operating system package or component

libfrrfpm_pb0
Operating systems & Components / Operating system package or component

libfrrcares0-debuginfo
Operating systems & Components / Operating system package or component

libfrrcares0
Operating systems & Components / Operating system package or component

libfrr_pb0-debuginfo
Operating systems & Components / Operating system package or component

libfrr_pb0
Operating systems & Components / Operating system package or component

libfrr0-debuginfo
Operating systems & Components / Operating system package or component

libfrr0
Operating systems & Components / Operating system package or component

frr-devel
Operating systems & Components / Operating system package or component

frr-debugsource
Operating systems & Components / Operating system package or component

frr-debuginfo
Operating systems & Components / Operating system package or component

frr
Operating systems & Components / Operating system package or component

Vendor SUSE

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Memory leak

EUVDB-ID: #VU67275

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-25074

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak when processing IS-IS HELLO packets. A remote attacker can send specially crafted packets to the IS-IS daemon, trigger memory leak and perform denial of service attack.

Mitigation

Update the affected package frr to the latest version.

Vulnerable software versions

SUSE Manager Retail Branch Server: 4.2 - 4.3

SUSE Linux Enterprise Storage: 7.1

SUSE Manager Server: 4.2 - 4.3

SUSE Manager Proxy: 4.2 - 4.3

openSUSE Leap: 15.3 - 15.4

SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4

SUSE Linux Enterprise Server: 15-SP3 - 15-SP4

SUSE Linux Enterprise High Performance Computing: 15-SP3 - 15-SP4

SUSE Linux Enterprise Module for Server Applications: 15-SP3 - 15-SP4

libmlag_pb0-debuginfo: before 7.4-150300.4.7.1

libmlag_pb0: before 7.4-150300.4.7.1

libfrrzmq0-debuginfo: before 7.4-150300.4.7.1

libfrrzmq0: before 7.4-150300.4.7.1

libfrrsnmp0-debuginfo: before 7.4-150300.4.7.1

libfrrsnmp0: before 7.4-150300.4.7.1

libfrrospfapiclient0-debuginfo: before 7.4-150300.4.7.1

libfrrospfapiclient0: before 7.4-150300.4.7.1

libfrrgrpc_pb0-debuginfo: before 7.4-150300.4.7.1

libfrrgrpc_pb0: before 7.4-150300.4.7.1

libfrrfpm_pb0-debuginfo: before 7.4-150300.4.7.1

libfrrfpm_pb0: before 7.4-150300.4.7.1

libfrrcares0-debuginfo: before 7.4-150300.4.7.1

libfrrcares0: before 7.4-150300.4.7.1

libfrr_pb0-debuginfo: before 7.4-150300.4.7.1

libfrr_pb0: before 7.4-150300.4.7.1

libfrr0-debuginfo: before 7.4-150300.4.7.1

libfrr0: before 7.4-150300.4.7.1

frr-devel: before 7.4-150300.4.7.1

frr-debugsource: before 7.4-150300.4.7.1

frr-debuginfo: before 7.4-150300.4.7.1

frr: before 7.4-150300.4.7.1

External links

http://www.suse.com/support/update/announcement/2022/suse-su-20223246-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Out-of-bounds read

EUVDB-ID: #VU67277

Risk: Medium

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C]

CVE-ID: CVE-2022-37032

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information or perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition when processing BGP messages. A remote attacker can send specially crafted BGP messages to the system, trigger an out-of-bounds read error and read contents of memory on the system or crash the BGP daemon.

Mitigation

Update the affected package frr to the latest version.

Vulnerable software versions

SUSE Manager Retail Branch Server: 4.2 - 4.3

SUSE Linux Enterprise Storage: 7.1

SUSE Manager Server: 4.2 - 4.3

SUSE Manager Proxy: 4.2 - 4.3

openSUSE Leap: 15.3 - 15.4

SUSE Linux Enterprise Server for SAP Applications: 15-SP3 - 15-SP4

SUSE Linux Enterprise Server: 15-SP3 - 15-SP4

SUSE Linux Enterprise High Performance Computing: 15-SP3 - 15-SP4

SUSE Linux Enterprise Module for Server Applications: 15-SP3 - 15-SP4

libmlag_pb0-debuginfo: before 7.4-150300.4.7.1

libmlag_pb0: before 7.4-150300.4.7.1

libfrrzmq0-debuginfo: before 7.4-150300.4.7.1

libfrrzmq0: before 7.4-150300.4.7.1

libfrrsnmp0-debuginfo: before 7.4-150300.4.7.1

libfrrsnmp0: before 7.4-150300.4.7.1

libfrrospfapiclient0-debuginfo: before 7.4-150300.4.7.1

libfrrospfapiclient0: before 7.4-150300.4.7.1

libfrrgrpc_pb0-debuginfo: before 7.4-150300.4.7.1

libfrrgrpc_pb0: before 7.4-150300.4.7.1

libfrrfpm_pb0-debuginfo: before 7.4-150300.4.7.1

libfrrfpm_pb0: before 7.4-150300.4.7.1

libfrrcares0-debuginfo: before 7.4-150300.4.7.1

libfrrcares0: before 7.4-150300.4.7.1

libfrr_pb0-debuginfo: before 7.4-150300.4.7.1

libfrr_pb0: before 7.4-150300.4.7.1

libfrr0-debuginfo: before 7.4-150300.4.7.1

libfrr0: before 7.4-150300.4.7.1

frr-devel: before 7.4-150300.4.7.1

frr-debugsource: before 7.4-150300.4.7.1

frr-debuginfo: before 7.4-150300.4.7.1

frr: before 7.4-150300.4.7.1

External links

http://www.suse.com/support/update/announcement/2022/suse-su-20223246-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.



###SIDEBAR###