The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference.
References
| Link | Resource |
|---|---|
| http://marc.info/?l=bugtraq&m=106883387304266&w=2 | |
| http://secunia.com/advisories/10563 | Vendor Advisory |
| http://www.debian.org/security/2004/dsa-415 | Patch Vendor Advisory |
| http://www.redhat.com/support/errata/RHSA-2003-305.html | Patch Vendor Advisory |
| http://www.redhat.com/support/errata/RHSA-2003-307.html | Patch Vendor Advisory |
| http://marc.info/?l=bugtraq&m=106883387304266&w=2 | |
| http://secunia.com/advisories/10563 | Vendor Advisory |
| http://www.debian.org/security/2004/dsa-415 | Patch Vendor Advisory |
| http://www.redhat.com/support/errata/RHSA-2003-305.html | Patch Vendor Advisory |
| http://www.redhat.com/support/errata/RHSA-2003-307.html | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
20 Nov 2024, 23:45
| Type | Values Removed | Values Added |
|---|---|---|
| References | () http://marc.info/?l=bugtraq&m=106883387304266&w=2 - | |
| References | () http://secunia.com/advisories/10563 - Vendor Advisory | |
| References | () http://www.debian.org/security/2004/dsa-415 - Patch, Vendor Advisory | |
| References | () http://www.redhat.com/support/errata/RHSA-2003-305.html - Patch, Vendor Advisory | |
| References | () http://www.redhat.com/support/errata/RHSA-2003-307.html - Patch, Vendor Advisory |
Information
Published : 2003-12-15 05:00
Updated : 2024-11-20 23:45
NVD link : CVE-2003-0795
Mitre link : CVE-2003-0795
CVE.ORG link : CVE-2003-0795
JSON object : View
Products Affected
gnu
- zebra
quagga
- quagga
sgi
- propack
CWE
CWE-20
Improper Input Validation