Gentoo Linux Security Advisory 201310-8 - Multiple vulnerabilities have been found in Quagga, the worst of which could lead to arbitrary code execution. Versions less than 0.99.22.4 are affected.
ba9ca5c17e84ebeec9337e6ffbaa556d3fbe8194187caaf3a58902d40d14f254
Red Hat Security Advisory 2012-1259-01 - Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP routing protocol. The Quagga ospfd and ospf6d daemons implement the OSPF routing protocol. A heap-based buffer overflow flaw was found in the way the bgpd daemon processed malformed Extended Communities path attributes. An attacker could send a specially-crafted BGP message, causing bgpd on a target system to crash or, possibly, execute arbitrary code with the privileges of the user running bgpd. The UPDATE message would have to arrive from an explicitly configured BGP peer, but could have originated elsewhere in the BGP network.
37b20bb55b5cac2a78ef3d512a2dcd040a9fa6e30e2802150f11501eda2c1742
Ubuntu Security Notice 1441-1 - It was discovered that Quagga incorrectly handled Link State Update messages with invalid lengths. A remote attacker could use this flaw to cause Quagga to crash, resulting in a denial of service. It was discovered that Quagga incorrectly handled messages with a malformed Four-octet AS Number Capability. A remote attacker could use this flaw to cause Quagga to crash, resulting in a denial of service. Various other issues were also addressed.
5d00061ebbf37190e2a234ed2e926b9591981ccaf98e5bc04f27356da0113e72
Debian Linux Security Advisory 2459-1 - Several vulnerabilities have been discovered in Quagga, a routing daemon.
c4367fc9a6c58c5c50a49bebc2fb4c7a2ab096bdd87ada9269d127b16eeae4ba