Computer Security
[EN] securityvulns.ru no-pyccku


quagga BGP daemon DoS
Published:12.09.2010
Source:
SecurityVulns ID:11136
Type:remote
Threat Level:
5/10
Description:Few DoS conditions on BGP traffic parsing.
Affected:QUAGGA : quagga 0.99
CVE:CVE-2010-2949 (bgpd in Quagga before 0.99.17 does not properly parse AS paths, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unknown AS type in an AS path attribute in a BGP UPDATE message.)
 CVE-2010-2948 (Stack-based buffer overflow in the bgp_route_refresh_receive function in bgp_packet.c in bgpd in Quagga before 0.99.17 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a malformed Outbound Route Filtering (ORF) record in a BGP ROUTE-REFRESH (RR) message.)
Original documentdocumentDEBIAN, [SECURITY] [DSA-2104-1] New quagga packages fix denial of service (12.09.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod