You are here

CVE-2012-0255

Vincent (CVE) Danen's picture
The BGP implementation in bgpd in Quagga before 0.99.20.1 does not properly use message buffers for OPEN messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a message associated with a malformed Four-octet AS Number Capability (aka AS4 capability).

Details Source

Mitre

Public Date

2012-03-28 00:00:00

Impact

Low

Bugzilla

CVE-2012-0255 quagga (bgpd): Assertion failure by processing malformed AS4 capability in BGP OPEN message

Bugzilla ID

802 781

CVSS Status

verified

Base Score

2.90

Base Metrics

AV:A/AC:M/Au:N/C:N/I:N/A:P

Acknowledgements

Red Hat would like to thank the CERT/CC for reporting this issue. The CERT/CC acknowledges Martin Winter at OpenSourceRouting.org as the original reporter.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 6 (quagga) RHSA-2012:1259 2012-09-12

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 5 quagga Not affected