Quagga < 0.99.20.1 Multiple Vulnerabilities
Medium Nessus Plugin ID 59791
SynopsisThe remote service may be affected by multiple vulnerabilities.
DescriptionAccording to its self-reported version number, the installation of Quagga listening on the remote host is affected by multiple vulnerabilities :
- A buffer overflow vulnerability exists in OSPFD can be triggered by a specially crafted Link Status Update message that is smaller than the length specified in its header, leading to denial of service.
- A buffer overflow vulnerability in exists OSPFD can be triggered by a specially crafted Link Status Update message containing a network-LSA link-state advertisement for which the data-structure length is smaller than the value in the Length header field, leading to denial of service. (CVE-2012-0250)
- A denial of service vulnerability exists in BGPD that can be triggered by a specially crafted OPEN message with a malformed four-octet AS Number Capability.
SolutionUpgrade to version 0.99.20.1 or later.