OpenPKG Security Advisory - A Denial of Service (DoS) vulnerability exists in the routing daemon Quagga, versions up to and including 0.99.6. The Quagga bgpd(8) daemon is vulnerable as configured peers may cause it to abort because of an assertion which can be triggered by peers by sending an "UPDATE" message with a specially crafted, malformed Multi-Protocol reachable/unreachable "NLRI" attribute.
12492b05bc1c9dd6d3ab14537255e48285c3a6cb1a68486580a7e74f2e78c677Ubuntu Security Notice 461-1 - It was discovered that Quagga did not correctly verify length information sent from configured peers. Remote malicious peers could send a specially crafted UPDATE message which would cause bgpd to abort, leading to a denial of service.
3adbef0532f09c1add5f433acda4c39a1efb76b001e83facf47faa01db9d6cd7Debian Security Advisory 1293-1 - Paul Jakma discovered that specially crafted UPDATE messages can trigger an out of boundary read that can result in a system crash of quagga, the BGP/OSPF/RIP routing daemon.
f545db7c8c023ce454ac8c27fd742fc31df9a41e6f3a8c10e8ade58ebc3d0472Mandriva Linux Security Advisory - The BGP routing daemon in Quagga did not properly validate length values in NLRI attributes which could allow a remote attacker to cause a denial of service via a crafted UPDATE message that triggered an assertion error or out of bounds read.
751730867882a5c9d6a763a58a6b0a8973c8c346b2b6fea2b84b9e097baff778Gentoo Linux Security Advisory GLSA 200705-05 - The Quagga development team reported a vulnerability in the BGP routing daemon when processing NLRI attributes inside UPDATE messages. Versions less than 0.98.6-r2 are affected.
6a607378c17401310a4268154ac4c1cd8b508e5d326576bb411a8c6602ac212b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed