Published: 15/12/2003 Updated: 18/10/2016

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The vty layer in Quagga prior to 0.96.4, and Zebra 0.93b and previous versions, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote malicious users to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu zebra 0.92a
gnu zebra 0.93a
quagga quagga
quagga quagga 0.95
sgi propack 2.3
quagga quagga 0.96.2
gnu zebra 0.93b
sgi propack 2.2.1
gnu zebra 0.91a
quagga quagga 0.96.1
quagga quagga 0.96

source: wwwsecurityfocuscom/bid/9029/info It has been reported that Zebra, as well as Quagga, may be vulnerable to a remote denial of service vulnerability that may allow an attacker to cause the software to crash or hang The issue is reported to occur if an attacker attempts to connect to the Zebra telnet management port while a passwor ...

CWE-20 http://www.redhat.com/support/errata/RHSA-2003-305.html http://www.redhat.com/support/errata/RHSA-2003-307.html http://www.debian.org/security/2004/dsa-415 http://secunia.com/advisories/10563 http://marc.info/?l=bugtraq&m=106883387304266&w=2 https://nvd.nist.gov https://www.exploit-db.com/exploits/23375/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2003-0795

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect