News
- 2007-04-08: Security: DoS in bgpd if configured peer sends crafted packet
The bgpd daemon is vulnerable to a Denial-of-Service. Configured peers may cause a Quagga bgpd to, typically, assert() and abort. The DoS may be triggered by peers by sending an UPDATE message with a crafted, malformed Multi-Protocol reachable/unreachable NLRI attribute. Further details, and a proposed fix for Quagga 0.99 are available in Bug #354.
