Quagga, a routing software suite, contains a BGP OPEN vulnerability that result in a denial-of-service condition.
CVE-2012-1820: Quagga version 0.99.20.1 and before contains a bug in BGP OPEN message handling.
Program Impacted: bgpd: fix DoS in bgp_capability_orf()
A denial-of-service condition can be caused by an attacker controlling one of the pre-configured BGP peers. In most cases this means, that the attack must be originated from an adjacent network.
We are currently unaware of a practical solution to this problem.
Debian GNU/Linux Affected
Openwall GNU/*/Linux Not Affected
Conectiva Inc. Unknown
Cray Inc. Unknown
Engarde Secure Linux Unknown
Fedora Project Unknown
Gentoo Linux Unknown
Hewlett-Packard Company Unknown
IBM Corporation (zseries) Unknown
IBM eServer Unknown
Mandriva S. A. Unknown
MontaVista Software, Inc. Unknown
Novell, Inc. Unknown
Red Hat, Inc. Unknown
SUSE Linux Unknown
Slackware Linux Inc. Unknown
Sun Microsystems, Inc. Unknown
The SCO Group Unknown
Thanks to Denis Ovsienko for reporting this vulnerability.
This document was written by Michael Orlando.
|Date First Published:||2012-06-04|
|Date Last Updated:||2012-06-11 14:04 UTC|