A stack-based buffer overflow flaw was found in the way Quagga handled IPv6 router advertisement messages. A remote attacker could use this flaw to crash the zebra daemon resulting in denial of service.
A buffer overflow exists in the IPv6 (Router Advertisement) code in Zebra. The issue can be triggered on an IPv6 address where the Quagga daemon is reachable by a RA (Router Advertisement or IPv6 ICMP message. The issue leads to a crash of the zebra daemon. In specific circumstances this vulnerability may allow remote code execution.
Disable IPv6 neighbor discovery announcements on all interfaces ("ipv6 nd suppress-ra" configured under all interfaces). Make sure to have it disabled on ALL interfaces.
Created quagga tracking bugs for this issue:
Affects: fedora-all [bug 1386110]
On RHEL (and Fedora), the usage of -fstack-protector compilation flag limits the impact of this stack-based buffer overflow to a crash (denial-of-service) in the zebra daemon. Our CVSS scores reflect this fact.
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6
Via RHSA-2017:0794 https://rhn.redhat.com/errata/RHSA-2017-0794.html