CVE-2010-2949

Name of the Vulnerable Software and Affected Versions Quagga versions prior to 0.99.20

Description The issue concerns multiple vulnerabilities in the Quagga package that can be exploited remotely, potentially leading to breaches of confidentiality, integrity, and availability of protected information. Specifically, it is mentioned that the bgpd component in Quagga does not properly parse AS paths, which can allow remote attackers to cause a denial of service by crashing the daemon through a NULL pointer dereference. This can be achieved by sending a BGP UPDATE message with an unknown AS type in an AS path attribute.

Recommendations For Quagga versions prior to 0.99.20, update to version 0.99.20 or later to resolve the issue. As a temporary workaround, consider restricting access to the bgpd component to minimize the risk of exploitation.