FreeBSD : quagga -- stack overflow and DoS vulnerabilities (167953a4-b01c-11df-9a98-0015587e2cc1)

High Nessus Plugin ID 48749


The remote FreeBSD host is missing a security-related update.


The Red Hat security team reported two vulnerabilities :

A stack-based buffer overflow flaw was found in the way Quagga's bgpd daemon processed Route-Refresh messages. A configured Border Gateway Protocol (BGP) peer could send a Route-Refresh message with specially crafted Outbound Route Filtering (ORF) record, which would cause the master BGP daemon (bgpd) to crash or, possibly, execute arbitrary code with the privileges of the user running bgpd.

A NULL pointer dereference flaw was found in the way Quagga's bgpd daemon parsed paths of autonomous systems (AS). A configured BGP peer could send a BGP update AS path request with unknown AS type, which could lead to denial of service (bgpd daemon crash).


Update the affected package.

See Also

Plugin Details

Severity: High

ID: 48749

File Name: freebsd_pkg_167953a4b01c11df9a980015587e2cc1.nasl

Version: $Revision: 1.9 $

Type: local

Published: 2010/08/26

Modified: 2014/08/16

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:quagga, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2010/08/25

Vulnerability Publication Date: 2010/08/24