Vigil@nce: Quagga, denials of service
July 2009 by Vigil@nce
Several denial of service were announced in Quagga.
Severity: 1/4
Consequences: denial of service of service
Provenance: intranet client
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Number of vulnerabilities in this bulletin: 3
Creation date: 22/07/2009
IMPACTED PRODUCTS
– Quagga Routing Suite
DESCRIPTION OF THE VULNERABILITY
Several errors were announced in Quagga. Some of them can lead to
a denial of service.
A buffer overflow can occur in the bgp_clear_node_queue_init()
function of the bgp_route.c file. [grav:1/4]
Several errors lead to a crash in bgpd. [grav:1/4]
A memory leak of bgpd/bgp_filter.c can progressively lead to a
denial of service. [grav:1/4]
CHARACTERISTICS
Identifiers: VIGILANCE-VUL-8879
http://vigilance.fr/vulnerability/Quagga-denials-of-service-8879