PT-2012-1082 · Quagga+3 · Quagga+3

Martin Winter

Published

2012-04-05

Updated

2018-01-18

CVE-2012-0255

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Quagga versions prior to 0.99.20.1 Quagga versions prior to 0.99.22.4

Description The issue concerns multiple vulnerabilities in the Quagga package, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. The BGP implementation in bgpd does not properly use message buffers for OPEN messages, allowing remote attackers to cause a denial of service via a message associated with a malformed Four-octet AS Number Capability.

Recommendations For Quagga versions prior to 0.99.20.1, update to version 0.99.20.1 or later to resolve the issue. For Quagga versions prior to 0.99.22.4, update to version 0.99.22.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the BGP implementation in bgpd to minimize the risk of exploitation.

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

BDU:2015-06496

BDU:2015-06499

BDU:2015-06500

BDU:2015-06503

BDU:2015-08791

BDU:2015-08792

BDU:2015-08793

BDU:2015-08794

BDU:2015-09708

CESA-2012_1259

CVE-2012-0255

DSA-2459-1

RHSA-2012:1259

RHSA-2012_1259

Affected Products

Centos

Quagga

Red Hat

Suse

PT-2012-1082 · Quagga+3 · Quagga+3

CVE-2012-0255

Weakness Enumeration

Related Identifiers

Affected Products

References · 50