Quagga contains five remote component vulnerabilities due to issues when handling BGP, OSPF, and OSPFv3 packets.
Quagga is an open source routing software that can handle various routing protocols such as RIP, BGP and OSPF. Five vulnerabilities have been found in the BGP, OSPF and OSPFv3 components of Quagga. The vulnerabilities allow an attacker to cause a denial of service or potentially to execute his own code by sending a specially modified packets to an affected server. Routing messages are typically accepted from the routing peers. Exploiting these vulnerabilities may require an established routing session (BGP peering or OSPF/OSPFv3 adjacency) to the router.
An attacker could exploit these vulnerabilities to cause a denial-of-service crash or may execute arbitrary code on the affected server with the permissions of the Quagga software.
Quagga before version 0.99.19
Thanks to Riku Hietamäki, Tuomo Untinen and Jukka Taimisto of the Codenomicon CROSS project for reporting this vulnerability to CERT-FI.