Submitted by Vincent (CVE) Danen on Fri, 09/18/2015 - 07:07
The BGP implementation in bgpd in Quagga before 0.99.20.1 does not properly use message buffers for OPEN messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a message associated with a malformed Four-octet AS Number Capability (aka AS4 capability).
CVE-2012-0255 quagga (bgpd): Assertion failure by processing malformed AS4 capability in BGP OPEN message
Red Hat would like to thank the CERT/CC for reporting this issue. The CERT/CC acknowledges Martin Winter at OpenSourceRouting.org as the original reporter.
Red Hat Security Errata
|Red Hat Enterprise Linux 6 (quagga)||RHSA-2012:1259||2012-09-12|
Affected Packages State
|Red Hat Enterprise Linux 5||quagga||Not affected|