Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2012-1820

Published: 13 June 2012

The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering (ORF) capability TLV in an OPEN message.

Priority

Medium

Status

Package Release Status
quagga
Launchpad, Ubuntu, Debian 		hardy Ignored
(end of life)
lucid
Released (0.99.20.1-0ubuntu0.10.04.3)
natty
Released (0.99.20.1-0ubuntu0.11.04.3)
oneiric
Released (0.99.20.1-0ubuntu0.11.10.3)
precise
Released (0.99.20.1-0ubuntu0.12.04.3)
upstream Needs triage

Patches:
upstream: https://github.com/Quagga-RE/quagga-RE/commit/790d1e263e8800bc49d0038d481591ecb4e37b88
vendor: http://www.debian.org/security/2012/dsa-2497

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading