CVE-2003-0795

MEDIUM
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference.

References

http://marc.info/?l=bugtraq&m=106883387304266&w=2

http://secunia.com/advisories/10563

http://www.debian.org/security/2004/dsa-415

http://www.redhat.com/support/errata/RHSA-2003-305.html

http://www.redhat.com/support/errata/RHSA-2003-307.html

Details

Source: MITRE

Published: 2003-12-15

Updated: 2016-10-18

Type: CWE-20

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Tenable Plugins

View all (4 total)

IDNameProductFamilySeverity
59786Quagga < 0.96.4 Zebra Denial of Service VulnerabilityNessusMisc.
medium
15252Debian DSA-415-1 : zebra - denial of serviceNessusDebian Local Security Checks
medium
12427RHEL 2.1 : zebra (RHSA-2003:305)NessusRed Hat Local Security Checks
medium
11925Quagga / Zebra Malformed Telnet Command Denial of ServiceNessusDenial of Service
medium