FreeBSD : quagga -- several security issues (e15a22ce-f16f-446b-9ca7-6859350c2e75)
High Nessus Plugin ID 106859
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionQuagga reports :
The Quagga BGP daemon, bgpd, does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid.
Arbitrary data from the bgpd process may be sent over the network to a peer and/or it may crash.
The Quagga BGP daemon, bgpd, can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes.
The Quagga BGP daemon, bgpd, can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input.
The Quagga BGP daemon, bgpd, can enter an infinite loop if sent an invalid OPEN message by a configured peer.
SolutionUpdate the affected package.