Red Hat Bugzilla – Bug 626795
CVE-2010-2949 Quagga (bgpd): DoS (crash) while processing certain BGP update AS path messages
Last modified: 2015-11-24 09:35:23 EST
A NULL pointer dereference flaw was found in the way Quagga's bgpd daemon
parsed paths of autonomous systems (AS). A configured BGP peer could send
a BGP update AS path request with unknown AS type, which could lead to
denial of service (bgpd daemon crash).
This issue did NOT affect the versions of the quagga package, as shipped
with Red Hat Enterprise Linux 3, 4, or 5.
This issue affects the versions of the quagga package, as shipped
with Fedora release of 12 and 13.
Created quagga tracking bugs for this issue
Affects: fedora-all [bug 628981]
Not vulnerable. This issue did not affect the versions of quagga
package as shipped with Red Hat Enterprise Linux 3, 4, or 5, as
these versions do not support 4 byte AS numbers (AS4 support) yet.
Comment #13 => VERIFIED
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Via RHSA-2010:0945 https://rhn.redhat.com/errata/RHSA-2010-0945.html