PublicDate: 2007-09-12 10:17:00 UTC
Candidate: CVE-2007-4826
References:
 https://ubuntu.com/security/notices/USN-512-1
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4826
Description:
 bgpd in Quagga before 0.99.9 allows explicitly configured BGP peers to
 cause a denial of service (crash) via a malformed (1) OPEN message or (2) a
 COMMUNITY attribute, which triggers a NULL pointer dereference. NOTE:
 vector 2 only exists when debugging is enabled.
Ubuntu-Description:
Notes:
 kees> only vulnerable to configured upstream peers
Priority: untriaged
Discovered-by:
Assigned-to:
CVSS:

Bugs:
upstream_quagga: released (0.99.9)
dapper_quagga: released (0.99.2-1ubuntu3.3)
edgy_quagga: released (0.99.4-4ubuntu1.2)
feisty_quagga: released (0.99.6-2ubuntu3.2)
devel_quagga: not-affected