SB2012070320 - Input validation error in quagga (Alpine package)
Published: July 3, 2012
Security Bulletin ID
SB2012070320
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Adjecent network
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2012-1820)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering (ORF) capability TLV in an OPEN message.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=f190c78b47866318407b91618adb341d02468e1c
- https://git.alpinelinux.org/aports/commit/?id=6f372d09f35b431b423f929da01f6240b29da3fc
- https://git.alpinelinux.org/aports/commit/?id=7c13136e9c28506f29172b55b88f58146548e4d0
- https://git.alpinelinux.org/aports/commit/?id=f9f3c2397c005d343f8d3b71cc2d763f4ddb37be