Background Print only logo
Cert logo
suomeksi | på svenska
Home Page | Advice | Reports | Activities |


P.O. Box 313
FI-00181 Helsinki
Phone: +358 295 390 230 (lnf/mcf)

PGP keys

Finnish Communications Regulatory Authority (FICORA):

Itämerenkatu 3 A
P. O. Box 313
Phone: +358 259 390 100 (lnf/mcf)

Detailed contact information

Home Page > Reports > 2011 > CERT-FI Advisory on Quagga

CERT-FI Advisory on Quagga

Target - servers and server applications

Access Vector - remote
- no user interaction required

Impact - denial of service
- potential code execution

Remediation - fix provided by vendor


Quagga is an open source routing software that can handle various routing protocols such as RIP, BGP and OSPF. Five vulnerabilities have been found in the BGP, OSPF and OSPFv3 components of Quagga. The vulnerabilities allow an attacker to cause a denial of service or potentially to execute his own code by sending a specially modified packets to an affected server. Routing messages are typically accepted from the routing peers. Exploiting these vulnerabilities may require an established routing session (BGP peering or OSPF/OSPFv3 adjacency) to the router.

The vulnerability CVE-2011-3327 is related to the extended communities handling in BGP messages. Receiving a malformed BGP update can result in a buffer overflow and disruption of IPv4 routing.

The vulnerability CVE-2011-3326 results from the handling of LSA (Link State Advertisement) states in the OSPF service. Receiving a modified Link State Update message with malicious state information can result in denial of service in IPv4 routing.

The vulnerability CVE-2011-3325 is a denial of service vulnerability related to Hello message handling by the OSPF service. As Hello messages are used to initiate adjacencies, exploiting the vulnerability may be feasible from the same broadcast domain without an established adjacency. A malformed packet may result in denial of service in IPv4 routing.

The vulnerabilities CVE-2011-3324 and CVE-2011-3323 are related to the IPv6 routing protocol (OSPFv3) implemented in ospf6d daemon. Receiving modified Database Description and Link State Update messages, respectively, can result in denial of service in IPv6 routing.

Vulnerability Coordination Information and Acknowledgements

The vulnerabilities were reported by Riku Hietamäki, Tuomo Untinen and Jukka Taimisto of the Codenomicon CROSS project. CERT-FI would like to thank Codenomicon, the Quagga project and CERT/CC for co-operation in the remediation efforts.

Vendor Information

  • Quagga before version 0.99.19


Install either the latest version of Quagga ( or a fixed version of the software provided by your operating system or application vendor.

The vulnerabilities can be remediated by restricting network access to the routing daemon. Exploiting four of the vulnerabilities require established routing sessions or adjacencies.


Contact Information

CERT-FI Vulnerability Coordination can be contacted as follows:

Please quote the advisory reference [FICORA #539178] in the subject line

+358 9 6966 510
Monday - Friday 08:00 - 16:15 (EET: UTC+2)

Fax :
+358 9 6966 515

Vulnerability Coordination
P.O. Box 313
FI-00181 Helsinki

CERT-FI encourages those who wish to communicate via email to make use
of our PGP key. The key is available at

The CERT-FI vulnerability coordination policy can be viewed at

Revision History

26 Sept 2011, 14:00 UTC: Published
26 Oct 2011, 09:02 UTC: Added links to JPCERT and US-CERT advisories

Page updated 26.10.2011   Print version Print version