CVE-2012-0255

Name of the Vulnerable Software and Affected Versions Quagga versions prior to 0.99.20.1 Quagga versions prior to 0.99.22.4

Description The issue concerns multiple vulnerabilities in the Quagga package, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. The BGP implementation in bgpd does not properly use message buffers for OPEN messages, allowing remote attackers to cause a denial of service via a message associated with a malformed Four-octet AS Number Capability.

Recommendations For Quagga versions prior to 0.99.20.1, update to version 0.99.20.1 or later to resolve the issue. For Quagga versions prior to 0.99.22.4, update to version 0.99.22.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the BGP implementation in bgpd to minimize the risk of exploitation.