CVE-2012-1820

Publication date 13 June 2012

Last updated 24 July 2024

Ubuntu priority

The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering (ORF) capability TLV in an OPEN message.

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
quagga	12.04 LTS precise	Fixed 0.99.20.1-0ubuntu0.12.04.3
	11.10 oneiric	Fixed 0.99.20.1-0ubuntu0.11.10.3
	11.04 natty	Fixed 0.99.20.1-0ubuntu0.11.04.3
	10.04 LTS lucid	Fixed 0.99.20.1-0ubuntu0.10.04.3
	8.04 LTS hardy	Ignored end of life

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
quagga	Upstream: 790d1e2 Vendor: http://www.debian.org/security/2012/dsa-2497

References

Related Ubuntu Security Notices (USN)

USN-1605-1
Quagga vulnerability
11 October 2012

CVE-2012-1820

Status

Patch details

References

Related Ubuntu Security Notices (USN)

Other references