Launchpad.net

CVE 2012-0255

The BGP implementation in bgpd in Quagga before 0.99.20.1 does not properly use message buffers for OPEN messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a message associated with a malformed Four-octet AS Number Capability (aka AS4 capability).

Related bugs and status

CVE-2012-0255 (Candidate) is related to these bugs:

Bug #994169: quagga security update tracking bug

		In	Importance	Status
994169	quagga security update tracking bug	quagga (Ubuntu)	Medium	Fix Released
994169	quagga security update tracking bug	quagga (Ubuntu Lucid)	Medium	Fix Released
994169	quagga security update tracking bug	quagga (Ubuntu Natty)	Medium	Fix Released
994169	quagga security update tracking bug	quagga (Ubuntu Oneiric)	Medium	Fix Released
994169	quagga security update tracking bug	quagga (Ubuntu Quantal)	Medium	Fix Released
994169	quagga security update tracking bug	quagga (Ubuntu Precise)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

CERT-VN: VU#551715
FEDORA: FEDORA-2012-5352
FEDORA: FEDORA-2012-5411
FEDORA: FEDORA-2012-5436
REDHAT: RHSA-2012:1259
SECUNIA: 48949
DEBIAN: DSA-2459