FreeBSD Ports: Quagga Network Vulnerability

Summary

The remote host is missing an update to the system as announced in the referenced advisory.

Solution

Update your system with the appropriate patches or software upgrades. http://www.quagga.net/news2.php?y=2011&m=3&d=21#id1300723200 http://www.vuxml.org/freebsd/b2a40507-5c88-11e0-9e85-00215af774f0.html

Insight

The following package is affected: quagga CVE-2010-1674 The extended-community parser in bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed Extended Communities attribute. CVE-2010-1675 bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (session reset) via a malformed AS_PATHLIMIT path attribute.

Severity

Classification

CVE CVE-2010-1674, CVE-2010-1675
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

FreeBSD Ports: apr
FreeBSD Ports: cabextract
FreeBSD Ports: cgiwrap
FreeBSD Ports: asterisk10
FreeBSD Ports: bugzilla

FreeBSD Ports: quagga

Take action and discover your vulnerabilities