FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

quagga -- multiple vulnerabilities

Affected packages
quagga < 0.99.20.1
quagga-re < 0.99.17.8

Details

VuXML ID 42a2c82a-75b9-11e1-89b4-001ec9578670
Discovery 2012-03-23
Entry 2012-03-24
Modified 2012-03-26

CERT reports:

The ospfd implementation of OSPF in Quagga allows a remote attacker (on a local network segment with OSPF enabled) to cause a denial of service (daemon aborts due to an assert) with a malformed OSPF LS-Update message.

The ospfd implementation of OSPF in Quagga allows a remote attacker (on a local network segment with OSPF enabled) to cause a denial of service (daemon crash) with a malformed OSPF Network- LSA message.

The bgpd implementation of BGP in Quagga allows remote attackers to cause a denial of service (daemon aborts due to an assert) via BGP Open message with an invalid AS4 capability.

References

CVE Name CVE-2012-0249
CVE Name CVE-2012-0250
CVE Name CVE-2012-0255
URL http://www.kb.cert.org/vuls/id/551715