Five vulnerabilities have been found in the BGP, OSPF, and
OSPFv3 components of Quagga. The vulnerabilities allow an
attacker to cause a denial of service or potentially to
execute his own code by sending a specially modified packets
to an affected server. Routing messages are typically accepted
from the routing peers. Exploiting these vulnerabilities may
require an established routing session (BGP peering or
OSPF/OSPFv3 adjacency) to the router.
The vulnerability CVE-2011-3327
is related to the extended communities handling in BGP
messages. Receiving a malformed BGP update can result
in a buffer overflow and disruption of IPv4 routing.
The vulnerability CVE-2011-3326
results from the handling of LSA (Link State Advertisement)
states in the OSPF service. Receiving a modified Link State
Update message with malicious state information can result in
denial of service in IPv4 routing.
The vulnerability CVE-2011-3325
is a denial of service vulnerability related to Hello message
handling by the OSPF service. As Hello messages are used to
initiate adjacencies, exploiting the vulnerability may be
feasible from the same broadcast domain without an established
adjacency. A malformed packet may result in denial of service
in IPv4 routing.
The vulnerabilities CVE-2011-3324
and CVE-2011-3323
are related to the IPv6 routing protocol (OSPFv3) implemented
in ospf6d daemon. Receiving modified Database Description and
Link State Update messages, respectively, can result in denial
of service in IPv6 routing.