- Home
- CVEs with nessus.description==Several remote vulnerabilities have been discovered in the BGP implementation of Quagga, a routing daemon.
The Common Vulnerabilities and Exposures project identifies the following problems :
- CVE-2010-2948 When processing a crafted Route Refresh message received from a configured, authenticated BGP neighbor, Quagga may crash, leading to a denial of service.
- CVE-2010-2949 When processing certain crafted AS paths, Quagga would crash with a NULL pointer dereference, leading to a denial of service. In some configurations, such crafted AS paths could be relayed by intermediate BGP routers.
In addition, this update contains a reliability fix: Quagga will no longer advertise confederation-related AS paths to non-confederation peers, and reject unexpected confederation-related AS paths by resetting the session with the BGP peer which is advertising them.
(Previously, such AS paths would trigger resets of unrelated BGP sessions.)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top