CVE-2012-1820

Name of the Vulnerable Software and Affected Versions Quagga versions prior to 0.99.22.4 Quagga version 0.99.15

Description The issue affects the Quagga package, allowing remote attackers to exploit multiple vulnerabilities, potentially leading to disruption of confidentiality, integrity, and availability of protected information. The exploitation can be carried out remotely. Specifically, the bgp capability orf function in bgpd in Quagga 0.99.20.1 and earlier is vulnerable to a denial of service (assertion failure and daemon exit) by sending a malformed Outbound Route Filtering (ORF) capability TLV in an OPEN message, leveraging a BGP peering relationship.

Recommendations For Quagga versions prior to 0.99.22.4, update to version 0.99.22.4 or later to resolve the issue. For Quagga version 0.99.15, consider disabling the bgp capability orf function as a temporary workaround until a patch is available. Restrict access to the Quagga package to minimize the risk of exploitation.