FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

quagga -- BGP OPEN denial of service vulnerability

Affected packages
quagga <= 0.99.20.1
quagga-re < 0.99.17.10

Details

VuXML ID 1e14d46f-af1f-11e1-b242-00215af774f0
Discovery 2012-06-04
Entry 2012-06-05

CERT reports:

If a pre-configured BGP peer sends a specially-crafted OPEN message with a malformed ORF capability TLV, Quagga bgpd process will erroneously try to consume extra bytes from the input packet buffer. The process will detect a buffer overrun attempt before it happens and immediately terminate with an error message. All BGP sessions established by the attacked router will be closed and its BGP routing disrupted.

[source]

References

CVE Name CVE-2012-1820
URL http://www.kb.cert.org/vuls/id/962587

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.