Vulnerability Note VU#962587
Quagga BGP OPEN denial of service vulnerability
Quagga, a routing software suite, contains a BGP OPEN vulnerability that result in a denial-of-service condition.
CVE-2012-1820: Quagga version 0.99.20.1 and before contains a bug in BGP OPEN message handling.
Program Impacted: bgpd: fix DoS in bgp_capability_orf()
A denial-of-service condition can be caused by an attacker controlling one of the pre-configured BGP peers. In most cases this means, that the attack must be originated from an adjacent network.
We are currently unaware of a practical solution to this problem.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Debian GNU/Linux||Affected||25 Apr 2012||26 Apr 2012|
|Infoblox||Affected||25 Apr 2012||26 Apr 2012|
|Openwall GNU/*/Linux||Not Affected||25 Apr 2012||26 Apr 2012|
|Conectiva Inc.||Unknown||25 Apr 2012||25 Apr 2012|
|Cray Inc.||Unknown||25 Apr 2012||25 Apr 2012|
|Engarde Secure Linux||Unknown||25 Apr 2012||25 Apr 2012|
|Fedora Project||Unknown||25 Apr 2012||25 Apr 2012|
|Gentoo Linux||Unknown||25 Apr 2012||25 Apr 2012|
|Unknown||25 Apr 2012||25 Apr 2012|
|Hewlett-Packard Company||Unknown||25 Apr 2012||25 Apr 2012|
|IBM Corporation (zseries)||Unknown||25 Apr 2012||25 Apr 2012|
|IBM eServer||Unknown||25 Apr 2012||25 Apr 2012|
|Mandriva S. A.||Unknown||25 Apr 2012||25 Apr 2012|
|MontaVista Software, Inc.||Unknown||25 Apr 2012||25 Apr 2012|
|Novell, Inc.||Unknown||25 Apr 2012||25 Apr 2012|
CVSS Metrics (Learn More)
Thanks to Denis Ovsienko for reporting this vulnerability.
This document was written by Michael Orlando.
- CVE IDs: CVE-2012-1820
- Date Public: 03 Jun 2012
- Date First Published: 04 Jun 2012
- Date Last Updated: 11 Jun 2012
- Document Revision: 12
If you have feedback, comments, or additional information about this vulnerability, please send us email.