CVE-2007-4826

Name of the Vulnerable Software and Affected Versions: quagga versions 0.98.3 through 0.98.6 quagga-devel versions 0.98.3 through 0.98.6 quagga-contrib versions 0.98.3 through 0.98.6

Description: The issue affects the quagga package in various operating systems, including CentOS and Red Hat Enterprise Linux. It allows an authenticated attacker to exploit multiple vulnerabilities, potentially leading to a disruption of confidentiality, integrity, and availability of protected information. The exploitation can be carried out remotely. According to the NVD, bgpd in Quagga before 0.99.9 is vulnerable to a denial of service (crash) via a malformed OPEN message or a COMMUNITY attribute, which triggers a NULL pointer dereference.

Recommendations: For quagga versions 0.98.3 through 0.98.6, consider updating to a version prior to 0.99.9 to mitigate the risk. For quagga-devel versions 0.98.3 through 0.98.6, consider updating to a version prior to 0.99.9 to mitigate the risk. For quagga-contrib versions 0.98.3 through 0.98.6, consider updating to a version prior to 0.99.9 to mitigate the risk. As a temporary workaround, consider disabling the bgpd service until a patch is available. Restrict access to the quagga package to minimize the risk of exploitation.