CVE-2010-2948

2010-09-10T00:00:00
ID UB:CVE-2010-2948
Type ubuntucve
Reporter ubuntu.com
Modified 2010-09-10T00:00:00

Description

Stack-based buffer overflow in the bgp_route_refresh_receive function in bgp_packet.c in bgpd in Quagga before 0.99.17 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a malformed Outbound Route Filtering (ORF) record in a BGP ROUTE-REFRESH (RR) message.

Bugs

  • <https://bugs.edge.launchpad.net/ubuntu/+source/quagga/+bug/683958>
  • <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=594262>