Red Hat Enterprise Linux quagga Remote Denial of Service Vulnerability

Release date:
Updated on:

Affected Systems:
RedHat Enterprise Linux Server Optional 6
RedHat Enterprise Linux Workstation Optional 6
Description:
--------------------------------------------------------------------------------
Cve id: CVE-2010-1674, CVE-2010-1675

Quagga is a TCP/IP-based routing software suite. The Quagga bgpd daemon implements the BGP routing protocol.

The bgpd daemon of Quagga has a denial-of-service vulnerability in processing certain route measurement information. BGP messages with special path restriction attributes can cause the bgpd program to reset its session with the peer that receives the message. The Quagga bgpd daemon has the NULL pointer reference vulnerability when processing malformed routing extended community attributes. The configured BGP peer can cause bgpd to crash on the target system through specially crafted BGP messages.

<* Link: https://rhn.redhat.com/errata/RHSA-2011-0406.html

*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

RedHat
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://www.redhat.com/apps/support/errata/index.html