Rapid7 Vulnerability & Exploit Database

RHSA-2011:0406: quagga security update

Back to Search

RHSA-2011:0406: quagga security update

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
03/29/2011
Created
07/25/2018
Added
04/14/2011
Modified
07/04/2017

Description

Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemonimplements the BGP (Border Gateway Protocol) routing protocol.A denial of service flaw was found in the way the Quagga bgpd daemonprocessed certain route metrics information. A BGP message with aspecially-crafted path limit attribute would cause the bgpd daemon to resetits session with the peer through which this message was received.(CVE-2010-1675)A NULL pointer dereference flaw was found in the way the Quagga bgpd daemonprocessed malformed route extended communities attributes. A configured BGPpeer could crash bgpd on a target system via a specially-crafted BGPmessage. (CVE-2010-1674)Users of quagga should upgrade to these updated packages, which containbackported patches to correct these issues. After installing the updatedpackages, the bgpd daemon must be restarted for the update to take effect.

Solution(s)

  • redhat-upgrade-quagga
  • redhat-upgrade-quagga-contrib
  • redhat-upgrade-quagga-debuginfo
  • redhat-upgrade-quagga-devel

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;