CVE-2011-3326

Name of the Vulnerable Software and Affected Versions Quagga versions prior to 0.99.19 Quagga versions prior to 0.99.20

Description The issue affects the Quagga package in various Linux operating systems, including Red Hat Enterprise Linux, CentOS, SUSE Linux Enterprise, and openSUSE. It allows remote attackers to cause a denial of service (daemon crash) via an invalid Link State Advertisement (LSA) type in an IPv4 Link State Update message. The ospf flood function in ospf flood.c in ospfd is vulnerable. This can lead to disruption of confidentiality, integrity, and availability of protected information.

Recommendations For Quagga versions prior to 0.99.19, update to version 0.99.19 or later. For Quagga versions prior to 0.99.20, update to version 0.99.20 or later. As a temporary workaround, consider disabling the ospf flood function until a patch is available. Restrict access to the vulnerable ospfd module to minimize the risk of exploitation. Avoid using the ospf flood function in the affected API endpoint until the issue is resolved.