CVE-2010-2949
CVE-2010-2949
bgpd in Quagga before 0.99.17 does not properly parse AS paths, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unknown AS type in an AS path attribute in a BGP UPDATE message.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://code.quagga.net/?p=quagga.git%3Ba=commit%3Bh=cddb8112b80fa9867156c637d63e6e79eeac67bbhttp://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=626795http://secunia.com/advisories/41038http://secunia.com/advisories/41238http://secunia.com/advisories/42397http://secunia.com/advisories/42446http://secunia.com/advisories/42498http://secunia.com/advisories/48106http://security.gentoo.org/glsa/glsa-201202-02.xmlhttp://www.debian.org/security/2010/dsa-2104