vulnerability announce CVE-2012-1820
Quagga: denial of service via ORF
Synthesis of the vulnerability
A malicious peer can send a BGP OPEN message with a malformed ORF capability, in order to generate a denial of service in Quagga.Impacted products:
Debian, Fedora, MBS, Solaris, Quagga, RHEL, SUSE Linux Enterprise Desktop, SLES.
BID-53775, CVE-2012-1820, DSA-2497-1, FEDORA-2012-9103, FEDORA-2012-9116, FEDORA-2012-9117, MDVSA-2013:122, RHSA-2012:1259-01, SUSE-SU-2012:0706-1, VIGILANCE-VUL-11672, VU#962587.
Description of the vulnerability
The BGP ORF (Outbound Route Filtering, RFC 5291) feature can be used to send to a peer a list of filters to apply on routes, in order to block them upstream.
The BGP OPEN message is used when the session with a peer is initialized. This message can contain capabilities indicating supported features (RFC 5492).
The capability 3 indicates that ORF is supported, and contains one AFI/SAFI (Address Family Identifier, Subsequent Address Family Identifier) block.
However, when the BGP OPEN message has an ORF capability with several blocks, the bgp_capability_orf_entry() function does not correctly process the size of data. The Quagga daemon then tries to read at an invalid memory address.
A malicious peer can therefore send a BGP OPEN message with a malformed ORF capability, in order to generate a denial of service in Quagga.Complete Vigil@nce bulletin....
Share this bulletin
Computer vulnerabilities tracking service
Vigil@nce provides system vulnerability analysis
. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.