The vty layer in Quagga prior to 0.96.4, and Zebra 0.93b and previous versions, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote malicious users to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gnu zebra 0.92a |
||
gnu zebra 0.93a |
||
quagga quagga |
||
quagga quagga 0.95 |
||
sgi propack 2.3 |
||
quagga quagga 0.96.2 |
||
gnu zebra 0.93b |
||
sgi propack 2.2.1 |
||
gnu zebra 0.91a |
||
quagga quagga 0.96.1 |
||
quagga quagga 0.96 |