Quagga: Denial of Service — GLSA 200705-05

A vulnerability has been discovered in Quagga allowing for a Denial of Service.

Affected Packages

net-misc/quagga on all architectures
Affected versions < 0.98.6-r2
Unaffected versions >= 0.98.6-r2

Background

Quagga is a free routing daemon, supporting RIP, OSPF and BGP protocols.

Description

The Quagga development team reported a vulnerability in the BGP routing deamon when processing NLRI attributes inside UPDATE messages.

Impact

A malicious peer inside a BGP area could send a specially crafted packet to a Quagga instance, possibly resulting in a crash of the Quagga daemon.

Workaround

There is no known workaround at this time.

Resolution

All Quagga users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-misc/quagga-0.98.6-r2"

References

Release Date
May 02, 2007

Latest Revision
May 02, 2007: 01

Severity
normal

Exploitable
remote

Bugzilla entries