Debian DSA-2197-1 Addresses Denial Of Service Risks in Quagga
debian
March 21, 2011
It has been discovered that the Quagga routing daemon contains two denial-of-service vulnerabilities in its BGP implementation: CVE-2010-1674
Topics Covered
Summary
It has been discovered that the Quagga routing daemon contains two
denial-of-service vulnerabilities in its BGP implementation:
CVE-2010-1674
A crafted Extended Communities attribute triggers a null
pointer dereference which causes the BGP daemon to crash.
The crafted attributes are not propagated by the Internet
core, so only explicitly configured direct peers are able
to exploit this vulnerability in typical configurations.
CVE-2010-1675
The BGP daemon resets BGP sessions when it encounters malformed AS_PATHLIMIT attributes, introducing a distributed
BGP session reset vulnerability which disrupts packet
forwarding. Such malformed attributes are propagated by the
Internet core, and exploitation of this vulnerability is not
restricted to directly configured BGP peers.
This security update removes AS_PATHLIMIT processing from the BGP
implementation, preserving the configuration statements for backwards
compatibility. (Standardization of this BGP extension was abandoned
long ago.)
Fo...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: quagga
CVE ID: CVE-2010-1674 CVE-2010-1675
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!