CVE-2012-1820

Published: 13 June 2012

The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering (ORF) capability TLV in an OPEN message.

Priority

Status

Package	Release	Status
quagga Launchpad, Ubuntu, Debian	Upstream	Needs triage






	Patches: Upstream: https://github.com/Quagga-RE/quagga-RE/commit/790d1e263e8800bc49d0038d481591ecb4e37b88 Vendor: http://www.debian.org/security/2012/dsa-2497

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1820
http://www.kb.cert.org/vuls/id/962587
https://usn.ubuntu.com/usn/usn-1605-1
NVD
Launchpad
Debian

Bugs

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1820
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=676510
https://bugs.launchpad.net/ubuntu/+source/quagga/+bug/1018052

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM