FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

quagga -- stack overflow and DoS vulnerabilities

Affected packages
quagga < 0.99.17


VuXML ID 167953a4-b01c-11df-9a98-0015587e2cc1
Discovery 2010-08-24
Entry 2010-08-25

The Red Hat security team reported two vulnerabilities:

A stack buffer overflow flaw was found in the way Quagga's bgpd daemon processed Route-Refresh messages. A configured Border Gateway Protocol (BGP) peer could send a Route-Refresh message with specially-crafted Outbound Route Filtering (ORF) record, which would cause the master BGP daemon (bgpd) to crash or, possibly, execute arbitrary code with the privileges of the user running bgpd.

A NULL pointer dereference flaw was found in the way Quagga's bgpd daemon parsed paths of autonomous systems (AS). A configured BGP peer could send a BGP update AS path request with unknown AS type, which could lead to denial of service (bgpd daemon crash).