Quagga, a routing software suite, contains multiple vulnerabilities that result in a denial-of-service condition.
Quagga 0.99.20 and previous versions are susceptible to various denial-of-service conditions. The Quagga advisories state the following:
CVE-2012-0249: Error in OSPF parsing LS-Update messages Can Cause a Crash of Quagga ospfd
A remote attacker may be able to cause a denial-of-service condition.
Apply an Update
For CVE-2012-0255, the following workaround exists: Shutdown sessions to any peers you can not trust, or where you can not ensure the security of the control-plane.
Thanks to Martin Winter at OpenSourceRouting.org for reporting these vulnerabilities, MU Dynamics for their sponsorship of the protocol fuzzer which uncovered these issues, and Denis Ovsienko Paul Jakma fo r fixing the issues.