CVE-2007-4826

Publication date 12 September 2007

Last updated 24 July 2024

Ubuntu priority

bgpd in Quagga before 0.99.9 allows explicitly configured BGP peers to cause a denial of service (crash) via a malformed (1) OPEN message or (2) a COMMUNITY attribute, which triggers a NULL pointer dereference. NOTE: vector 2 only exists when debugging is enabled.

Read the notes from the security team

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
quagga	7.04 feisty	Fixed 0.99.6-2ubuntu3.2
	6.10 edgy	Fixed 0.99.4-4ubuntu1.2
	6.06 LTS dapper	Fixed 0.99.2-1ubuntu3.3

How can I get the fixes?
What do statuses mean?

Notes

kees

only vulnerable to configured upstream peers

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-512-1
Quagga vulnerability
15 September 2007

Other references

https://www.cve.org/CVERecord?id=CVE-2007-4826