FreeBSD : quagga -- BGP OPEN denial of service vulnerability (1e14d46f-af1f-11e1-b242-00215af774f0)

This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.

Synopsis :

The remote FreeBSD host is missing one or more security-related

Description :

CERT reports :

If a pre-configured BGP peer sends a specially crafted OPEN message
with a malformed ORF capability TLV, Quagga bgpd process will
erroneously try to consume extra bytes from the input packet buffer.
The process will detect a buffer overrun attempt before it happens and
immediately terminate with an error message. All BGP sessions
established by the attacked router will be closed and its BGP routing

See also :

Solution :

Update the affected packages.

Risk factor :

Low / CVSS Base Score : 2.9

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 59380 ()

Bugtraq ID:

CVE ID: CVE-2012-1820

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now