Quagga < 0.99.17 BGPD Multiple Vulnerabilities
High Nessus Plugin ID 59788
SynopsisThe remote service may be affected by multiple vulnerabilities.
DescriptionAccording to its self-reported version number, the installation of Quagga's BGPD listening on the remote host is affected by multiple vulnerabilities :
- A stack-based buffer overflow vulnerability can be triggered by a specially crafted BGP ROUTE-REFRESH message with a malformed Outbound Route Filtering record sent by a pre-configured peer. (CVE-2010-2948)
- A denial of service vulnerability in BGPD can be triggered by a specially crafted UPDATE message with an unknown AS type in an AS path attribute.
SolutionUpgrade to version 0.99.17 or later.