How to Buy
This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.
The remote Red Hat host is missing a security update.
Updated zebra packages that close a locally-exploitable and a
remotely-exploitable denial of service vulnerability are now
Zebra an open source implementation of TCP/IP routing software.
Jonny Robertson reported that Zebra can be remotely crashed if a Zebra
password has been enabled and a remote attacker can connect to the
Zebra telnet management port. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CVE-2003-0795 to this
Herbert Xu reported that Zebra can accept spoofed messages sent on the
kernel netlink interface by other users on the local machine. This
could lead to a local denial of service attack. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2003-0858 to this issue.
Users of Zebra should upgrade to these erratum packages, which contain
a patch preventing Zebra from crashing when it receives a telnet
option delimiter without any option data, and a patch that checks that
netlink messages actually came from the kernel.
See also :
Update the affected zebra package.
Risk factor :
Medium / CVSS Base Score : 5.0
Family: Red Hat Local Security Checks
Nessus Plugin ID: 12427 ()
CVE ID: CVE-2003-0795CVE-2003-0858
Nessus Professional: Scan unlimited IPs, run compliance checks & moreNessus Cloud: The power of Nessus for teams – from the cloud
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.