[quagga-users 12177] Re: Quagga 0.99.18 Released (addressing CVE-2010-1674)

Florian Weimer fweimer at bfk.de
Tue Mar 22 09:16:53 GMT 2011


* Paul Jakma:

> This release fixes 2 denial of services in bgpd, which can be remotely
> triggered by malformed AS-Pathlimit or Extended-Community
> attributes. These issues have been assigned CVE-2010-1674. Support for
> AS-Pathlimit has been removed with this release.

Thanks. 8-)

Note that the latter (the AS_PATHLIMIT removal) addresses
CVE-2010-1675.  CVE-2010-1674 is restricted to the Extended Community
parse problem.

-- 
Florian Weimer                <fweimer at bfk.de>
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstraße 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99


More information about the Quagga-users mailing list