Debian Security Advisory DSA 2497-1 (quagga) Network Vulnerability

Summary

The remote host is missing an update to quagga announced via advisory DSA 2497-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202497-1

Insight

It was discovered that Quagga, a routing daemon, contains a vulnerability in processing the ORF capability in BGP OPEN messages. A malformed OPEN message from a previously configured BGP peer could cause bgpd to crash, causing a denial of service. For the stable distribution (squeeze), this problem has been fixed in version 0.99.20.1-0+squeeze3. For the testing distribution (wheezy) and the unstable distribution (sid), this problem has been fixed in version 0.99.21-3. We recommend that you upgrade your quagga packages.

Severity

Classification

CVE CVE-2012-1820
CVSS Base Score: 2.9
AV:A/AC:M/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Debian Security Advisory DSA 1003-1 (xpvm)
Debian Security Advisory DSA 1517-1 (ldapscripts)
Debian Security Advisory DSA 2730-1 (gnupg - information leak)
Debian Security Advisory DSA 2411-1 (mumble)
Debian Security Advisory DSA 1531-2 (policyd-weight)

Take action and discover your vulnerabilities