FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

quagga -- two DoS vulnerabilities

Affected packages
quagga < 0.99.17_6

Details

VuXML ID b2a40507-5c88-11e0-9e85-00215af774f0
Discovery 2010-04-30
Entry 2011-04-01

Quagga developers report:

Quagga 0.99.18 has been released. This release fixes 2 denial of services in bgpd, which can be remotely triggered by malformed AS-Pathlimit or Extended-Community attributes. These issues have been assigned CVE-2010-1674 and CVE-2010-1675. Support for AS-Pathlimit has been removed with this release.

References

CVE Name CVE-2010-1674
CVE Name CVE-2010-1675
URL http://www.quagga.net/news2.php?y=2011&m=3&d=21#id1300723200