CVE-2012-1820

EUVD-2012-1830
The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering (ORF) capability TLV in an OPEN message.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.9 UNKNOWN
ADJACENT_NETWORK
MEDIUM
AV:A/AC:M/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
Affected Products (NVD)
VendorProductVersion
quaggaquagga
𝑥
≤ 0.99.20.1
quaggaquagga
0.95
quaggaquagga
0.96
quaggaquagga
0.96.1
quaggaquagga
0.96.2
quaggaquagga
0.96.3
quaggaquagga
0.96.4
quaggaquagga
0.96.5
quaggaquagga
0.97.0
quaggaquagga
0.97.1
quaggaquagga
0.97.2
quaggaquagga
0.97.3
quaggaquagga
0.97.4
quaggaquagga
0.97.5
quaggaquagga
0.98.0
quaggaquagga
0.98.1
quaggaquagga
0.98.2
quaggaquagga
0.98.3
quaggaquagga
0.98.4
quaggaquagga
0.98.5
quaggaquagga
0.98.6
quaggaquagga
0.99.1
quaggaquagga
0.99.2
quaggaquagga
0.99.3
quaggaquagga
0.99.4
quaggaquagga
0.99.5
quaggaquagga
0.99.6
quaggaquagga
0.99.7
quaggaquagga
0.99.8
quaggaquagga
0.99.9
quaggaquagga
0.99.10
quaggaquagga
0.99.11
quaggaquagga
0.99.12
quaggaquagga
0.99.13
quaggaquagga
0.99.14
quaggaquagga
0.99.15
quaggaquagga
0.99.16
quaggaquagga
0.99.17
quaggaquagga
0.99.18
quaggaquagga
0.99.19
quaggaquagga
0.99.20
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
quagga
hardy
ignored
lucid
Fixed 0.99.20.1-0ubuntu0.10.04.3
released
natty
Fixed 0.99.20.1-0ubuntu0.11.04.3
released
oneiric
Fixed 0.99.20.1-0ubuntu0.11.10.3
released
precise
Fixed 0.99.20.1-0ubuntu0.12.04.3
released
References
http://rhn.redhat.com/errata/RHSA-2012-1259.html
http://secunia.com/advisories/50941
http://www.debian.org/security/2012/dsa-2497
http://www.kb.cert.org/vuls/id/962587
http://www.securityfocus.com/bid/53775
http://www.ubuntu.com/usn/USN-1605-1
http://rhn.redhat.com/errata/RHSA-2012-1259.html
http://secunia.com/advisories/50941
http://www.debian.org/security/2012/dsa-2497
http://www.kb.cert.org/vuls/id/962587
http://www.securityfocus.com/bid/53775
http://www.ubuntu.com/usn/USN-1605-1