Ubuntu Security Notice (C) 2011-2013 Canonical, Inc. / NASL script (C) 2011-2013 Tenable Network Security, Inc.
The remote Ubuntu host is missing one or more security-related patches.
It was discovered that Quagga incorrectly parsed certain malformed
extended communities. A remote attacker could use this flaw to cause
Quagga to crash, resulting in a denial of service. (CVE-2010-1674)
It was discovered that Quagga resets BGP sessions when encountering
malformed AS_PATHLIMIT attributes. A remote attacker could use this
flaw to disrupt BGP sessions, resulting in a denial of service. This
update removes AS_PATHLIMIT support from Quagga. This issue only
affected Ubuntu 8.04 LTS, 9.10, 10.04 LTS and 10.10. (CVE-2010-1675).
Update the affected quagga and / or quagga-doc packages.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.1
Public Exploit Available : true