Quagga / Zebra Malformed Telnet Command Denial of Service

This script is copyright (C) 2003-2014 Matt North

Synopsis :

The remote routing daemon is prone to a denial of service attack.

Description :

A remote denial of service vulnerability exists in Zebra and Quagga
that can be triggered by sending a telnet option delimiter with no
actual option data, which causes the daemon to attempt to dereference
a typically NULL pointer and crash.

This affects all versions from 0.90a to 0.93b.

See also :


Solution :

If using Quagga, upgrade to version 0.96.4 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 3.7
Public Exploit Available : false

Family: Denial of Service

Nessus Plugin ID: 11925 ()

Bugtraq ID: 9029

CVE ID: CVE-2003-0795