quagga -- multiple vulnerabilities

2012-03-23T00:00:00
ID 42A2C82A-75B9-11E1-89B4-001EC9578670
Type freebsd
Reporter FreeBSD
Modified 2012-03-26T00:00:00

Description

CERT reports:

The ospfd implementation of OSPF in Quagga allows a remote attacker (on a local network segment with OSPF enabled) to cause a denial of service (daemon aborts due to an assert) with a malformed OSPF LS-Update message. The ospfd implementation of OSPF in Quagga allows a remote attacker (on a local network segment with OSPF enabled) to cause a denial of service (daemon crash) with a malformed OSPF Network- LSA message. The bgpd implementation of BGP in Quagga allows remote attackers to cause a denial of service (daemon aborts due to an assert) via BGP Open message with an invalid AS4 capability.