CVE-2003-0795

MEDIUM

Description

The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference.

References

http://marc.info/?l=bugtraq&m=106883387304266&w=2

http://secunia.com/advisories/10563

http://www.debian.org/security/2004/dsa-415

http://www.redhat.com/support/errata/RHSA-2003-305.html

http://www.redhat.com/support/errata/RHSA-2003-307.html

Details

Source: MITRE

Published: 2003-12-15

Updated: 2016-10-18

Type: CWE-20

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Tenable Plugins

View all (4 total)

IDNameProductFamilySeverity
59786Quagga < 0.96.4 Zebra Denial of Service VulnerabilityNessusMisc.
medium
15252Debian DSA-415-1 : zebra - denial of serviceNessusDebian Local Security Checks
medium
12427RHEL 2.1 : zebra (RHSA-2003:305)NessusRed Hat Local Security Checks
medium
11925Quagga / Zebra Malformed Telnet Command Denial of ServiceNessusDenial of Service
medium