ID CVE-2012-1820
Summary The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering (ORF) capability TLV in an OPEN message.
References
Vulnerable Configurations
  • cpe:2.3:a:quagga:quagga:0.95:*:*:*:*:*:*:*
    cpe:2.3:a:quagga:quagga:0.95:*:*:*:*:*:*:*
  • cpe:2.3:a:quagga:quagga:0.96:*:*:*:*:*:*:*
    cpe:2.3:a:quagga:quagga:0.96:*:*:*:*:*:*:*
  • cpe:2.3:a:quagga:quagga:0.96.1:*:*:*:*:*:*:*
    cpe:2.3:a:quagga:quagga:0.96.1:*:*:*:*:*:*:*
  • cpe:2.3:a:quagga:quagga:0.96.2:*:*:*:*:*:*:*
    cpe:2.3:a:quagga:quagga:0.96.2:*:*:*:*:*:*:*
  • cpe:2.3:a:quagga:quagga:0.96.3:*:*:*:*:*:*:*
    cpe:2.3:a:quagga:quagga:0.96.3:*:*:*:*:*:*:*
  • cpe:2.3:a:quagga:quagga:0.96.4:*:*:*:*:*:*:*
    cpe:2.3:a:quagga:quagga:0.96.4:*:*:*:*:*:*:*
  • cpe:2.3:a:quagga:quagga:0.96.5:*:*:*:*:*:*:*
    cpe:2.3:a:quagga:quagga:0.96.5:*:*:*:*:*:*:*
  • cpe:2.3:a:quagga:quagga:0.97.0:*:*:*:*:*:*:*
    cpe:2.3:a:quagga:quagga:0.97.0:*:*:*:*:*:*:*
  • cpe:2.3:a:quagga:quagga:0.97.1:*:*:*:*:*:*:*
    cpe:2.3:a:quagga:quagga:0.97.1:*:*:*:*:*:*:*
  • cpe:2.3:a:quagga:quagga:0.97.2:*:*:*:*:*:*:*
    cpe:2.3:a:quagga:quagga:0.97.2:*:*:*:*:*:*:*
  • cpe:2.3:a:quagga:quagga:0.97.3:*:*:*:*:*:*:*
    cpe:2.3:a:quagga:quagga:0.97.3:*:*:*:*:*:*:*
  • cpe:2.3:a:quagga:quagga:0.97.4:*:*:*:*:*:*:*
    cpe:2.3:a:quagga:quagga:0.97.4:*:*:*:*:*:*:*
  • cpe:2.3:a:quagga:quagga:0.97.5:*:*:*:*:*:*:*
    cpe:2.3:a:quagga:quagga:0.97.5:*:*:*:*:*:*:*
  • cpe:2.3:a:quagga:quagga:0.98.0:*:*:*:*:*:*:*
    cpe:2.3:a:quagga:quagga:0.98.0:*:*:*:*:*:*:*
  • cpe:2.3:a:quagga:quagga:0.98.1:*:*:*:*:*:*:*
    cpe:2.3:a:quagga:quagga:0.98.1:*:*:*:*:*:*:*
  • cpe:2.3:a:quagga:quagga:0.98.2:*:*:*:*:*:*:*
    cpe:2.3:a:quagga:quagga:0.98.2:*:*:*:*:*:*:*
  • cpe:2.3:a:quagga:quagga:0.98.3:*:*:*:*:*:*:*
    cpe:2.3:a:quagga:quagga:0.98.3:*:*:*:*:*:*:*
  • cpe:2.3:a:quagga:quagga:0.98.4:*:*:*:*:*:*:*
    cpe:2.3:a:quagga:quagga:0.98.4:*:*:*:*:*:*:*
  • cpe:2.3:a:quagga:quagga:0.98.5:*:*:*:*:*:*:*
    cpe:2.3:a:quagga:quagga:0.98.5:*:*:*:*:*:*:*
  • cpe:2.3:a:quagga:quagga:0.98.6:*:*:*:*:*:*:*
    cpe:2.3:a:quagga:quagga:0.98.6:*:*:*:*:*:*:*
  • cpe:2.3:a:quagga:quagga:0.99.1:*:*:*:*:*:*:*
    cpe:2.3:a:quagga:quagga:0.99.1:*:*:*:*:*:*:*
  • cpe:2.3:a:quagga:quagga:0.99.2:*:*:*:*:*:*:*
    cpe:2.3:a:quagga:quagga:0.99.2:*:*:*:*:*:*:*
  • cpe:2.3:a:quagga:quagga:0.99.3:*:*:*:*:*:*:*
    cpe:2.3:a:quagga:quagga:0.99.3:*:*:*:*:*:*:*
  • cpe:2.3:a:quagga:quagga:0.99.4:*:*:*:*:*:*:*
    cpe:2.3:a:quagga:quagga:0.99.4:*:*:*:*:*:*:*
  • cpe:2.3:a:quagga:quagga:0.99.5:*:*:*:*:*:*:*
    cpe:2.3:a:quagga:quagga:0.99.5:*:*:*:*:*:*:*
  • cpe:2.3:a:quagga:quagga:0.99.6:*:*:*:*:*:*:*
    cpe:2.3:a:quagga:quagga:0.99.6:*:*:*:*:*:*:*
  • cpe:2.3:a:quagga:quagga:0.99.7:*:*:*:*:*:*:*
    cpe:2.3:a:quagga:quagga:0.99.7:*:*:*:*:*:*:*
  • cpe:2.3:a:quagga:quagga:0.99.8:*:*:*:*:*:*:*
    cpe:2.3:a:quagga:quagga:0.99.8:*:*:*:*:*:*:*
  • cpe:2.3:a:quagga:quagga:0.99.9:*:*:*:*:*:*:*
    cpe:2.3:a:quagga:quagga:0.99.9:*:*:*:*:*:*:*
  • cpe:2.3:a:quagga:quagga:0.99.10:*:*:*:*:*:*:*
    cpe:2.3:a:quagga:quagga:0.99.10:*:*:*:*:*:*:*
  • cpe:2.3:a:quagga:quagga:0.99.11:*:*:*:*:*:*:*
    cpe:2.3:a:quagga:quagga:0.99.11:*:*:*:*:*:*:*
  • cpe:2.3:a:quagga:quagga:0.99.12:*:*:*:*:*:*:*
    cpe:2.3:a:quagga:quagga:0.99.12:*:*:*:*:*:*:*
  • cpe:2.3:a:quagga:quagga:0.99.13:*:*:*:*:*:*:*
    cpe:2.3:a:quagga:quagga:0.99.13:*:*:*:*:*:*:*
  • cpe:2.3:a:quagga:quagga:0.99.14:*:*:*:*:*:*:*
    cpe:2.3:a:quagga:quagga:0.99.14:*:*:*:*:*:*:*
  • cpe:2.3:a:quagga:quagga:0.99.15:*:*:*:*:*:*:*
    cpe:2.3:a:quagga:quagga:0.99.15:*:*:*:*:*:*:*
  • cpe:2.3:a:quagga:quagga:0.99.16:*:*:*:*:*:*:*
    cpe:2.3:a:quagga:quagga:0.99.16:*:*:*:*:*:*:*
  • cpe:2.3:a:quagga:quagga:0.99.17:*:*:*:*:*:*:*
    cpe:2.3:a:quagga:quagga:0.99.17:*:*:*:*:*:*:*
  • cpe:2.3:a:quagga:quagga:0.99.18:*:*:*:*:*:*:*
    cpe:2.3:a:quagga:quagga:0.99.18:*:*:*:*:*:*:*
  • cpe:2.3:a:quagga:quagga:0.99.19:*:*:*:*:*:*:*
    cpe:2.3:a:quagga:quagga:0.99.19:*:*:*:*:*:*:*
  • cpe:2.3:a:quagga:quagga:0.99.20:*:*:*:*:*:*:*
    cpe:2.3:a:quagga:quagga:0.99.20:*:*:*:*:*:*:*
  • cpe:2.3:a:quagga:quagga:-:*:*:*:*:*:*:*
    cpe:2.3:a:quagga:quagga:-:*:*:*:*:*:*:*
  • cpe:2.3:a:quagga:quagga:0.99.20.1:*:*:*:*:*:*:*
    cpe:2.3:a:quagga:quagga:0.99.20.1:*:*:*:*:*:*:*
CVSS
Base: 2.9 (as of 02-03-2013 - 04:40)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
ADJACENT_NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:A/AC:M/Au:N/C:N/I:N/A:P
redhat via4
advisories
bugzilla
id 817580
title CVE-2012-1820 quagga (bgpd): Assertion failure by processing BGP OPEN message with malformed ORF capability TLV (VU#962587)
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 6 is installed
      oval oval:com.redhat.rhba:tst:20111656003
    • OR
      • AND
        • comment quagga is earlier than 0:0.99.15-7.el6_3.2
          oval oval:com.redhat.rhsa:tst:20121259001
        • comment quagga is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100945002
      • AND
        • comment quagga-contrib is earlier than 0:0.99.15-7.el6_3.2
          oval oval:com.redhat.rhsa:tst:20121259003
        • comment quagga-contrib is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100945004
      • AND
        • comment quagga-devel is earlier than 0:0.99.15-7.el6_3.2
          oval oval:com.redhat.rhsa:tst:20121259005
        • comment quagga-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100945006
rhsa
id RHSA-2012:1259
released 2012-09-12
severity Moderate
title RHSA-2012:1259: quagga security update (Moderate)
rpms
  • quagga-0:0.99.15-7.el6_3.2
  • quagga-contrib-0:0.99.15-7.el6_3.2
  • quagga-debuginfo-0:0.99.15-7.el6_3.2
  • quagga-devel-0:0.99.15-7.el6_3.2
refmap via4
bid 53775
cert-vn VU#962587
debian DSA-2497
secunia 50941
ubuntu USN-1605-1
Last major update 02-03-2013 - 04:40
Published 13-06-2012 - 15:55
Last modified 02-03-2013 - 04:40
Back to Top