FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

quagga -- stack overflow and DoS vulnerabilities

Affected packages
quagga < 0.99.17

Details

VuXML ID 167953a4-b01c-11df-9a98-0015587e2cc1
Discovery 2010-08-24
Entry 2010-08-25

The Red Hat security team reported two vulnerabilities:

A stack buffer overflow flaw was found in the way Quagga's bgpd daemon processed Route-Refresh messages. A configured Border Gateway Protocol (BGP) peer could send a Route-Refresh message with specially-crafted Outbound Route Filtering (ORF) record, which would cause the master BGP daemon (bgpd) to crash or, possibly, execute arbitrary code with the privileges of the user running bgpd.

A NULL pointer dereference flaw was found in the way Quagga's bgpd daemon parsed paths of autonomous systems (AS). A configured BGP peer could send a BGP update AS path request with unknown AS type, which could lead to denial of service (bgpd daemon crash).

References

URL http://www.openwall.com/lists/oss-security/2010/08/24/3
URL http://www.quagga.net/news2.php?y=2010&m=8&d=19#id1282241100