Red Hat Bugzilla – Bug 654614
CVE-2010-1675 quagga: BGP session reset by processing BGP Update message with malformed AS-path attributes
Last modified: 2015-11-24 09:37:09 EST
A security flaw was found in the way Quagga bgpd daemon
processed certain route metrics information. A configured BGP peer
could use this flaw to send a BGP message with specially-crafted
value of AS-path attribute, which would cause the bgpd daemon on
all systems on the route the message travels to reset the BGP session.
This issue did NOT affect the versions of the quagga package,
as shipped with Red Hat Enterprise Linux 4 and 5, as they
did not include support for AS-Pathlimit feature yet.
This issue affects the version of the quagga package, as shipped
with Red Hat Enterprise Linux 6.
This issue affects the versions of the quagga package, as shipped
with Fedora release of 13 and 14.
Updated upstream version, addressing this:
Created quagga tracking bugs for this issue
Affects: fedora-all [bug 689852]
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Via RHSA-2011:0406 https://rhn.redhat.com/errata/RHSA-2011-0406.html