quagga -- BGP OPEN denial of service vulnerability

ID 1E14D46F-AF1F-11E1-B242-00215AF774F0
Type freebsd
Reporter FreeBSD
Modified 2012-06-04T00:00:00


CERT reports:

If a pre-configured BGP peer sends a specially-crafted OPEN message with a malformed ORF capability TLV, Quagga bgpd process will erroneously try to consume extra bytes from the input packet buffer. The process will detect a buffer overrun attempt before it happens and immediately terminate with an error message. All BGP sessions established by the attacked router will be closed and its BGP routing disrupted.