Summary
This host is installed with Quagga for Linux and is prone to Denial of Service Vulnerability.
Impact
Successful exploitation will let the attacker crash the daemon by advertising specially crafted AS paths and cause denial of service.
Impact level: Application
Solution
Apply the security update with the patch 0.99.10-1lenny2 for stable versions.
Apply the security update with the patch 0.99.11-2 for unstable versions.
http://www.debian.org/security/2009/dsa-1788
*****
NOTE: Please ignore the warning if patch has been already applied.
*****
Insight
This flaw is due to an assertion error in the BGP daemon while handling an AS path containing multiple 4 byte AS numbers.
Affected
Quagga version 0.99.11 and prior
References
Severity
Classification
-
CVE CVE-2009-1572 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities