Quagga, a routing software suite, contains a BGP OPEN vulnerability that result in a denial-of-service condition.
CVE-2012-1820: Quagga version 0.99.20.1 and before contains a bug in BGP OPEN message handling.
Program Impacted: bgpd: fix DoS in bgp_capability_orf()
A denial-of-service condition can be caused by an attacker controlling one of the pre-configured BGP peers. In most cases this means, that the attack must be originated from an adjacent network.
We are currently unaware of a practical solution to this problem.
Engarde Secure Linux
IBM Corporation (zseries)
Mandriva S. A.
MontaVista Software, Inc.
Red Hat, Inc.
Slackware Linux Inc.
Sun Microsystems, Inc.
The SCO Group
Thanks to Denis Ovsienko for reporting this vulnerability.
This document was written by Michael Orlando.
|Date First Published:||2012-06-04|
|Date Last Updated:||2012-06-11 14:04 UTC|