CVE-2003-0795
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
15/12/2003
Last modified:
03/04/2025
Description
The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference.
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:gnu:zebra:0.91a:*:*:*:*:*:*:* | ||
cpe:2.3:a:gnu:zebra:0.92a:*:*:*:*:*:*:* | ||
cpe:2.3:a:gnu:zebra:0.93a:*:*:*:*:*:*:* | ||
cpe:2.3:a:gnu:zebra:0.93b:*:*:*:*:*:*:* | ||
cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:* | 0.96.3 (including) | |
cpe:2.3:a:quagga:quagga:0.95:*:*:*:*:*:*:* | ||
cpe:2.3:a:quagga:quagga:0.96:*:*:*:*:*:*:* | ||
cpe:2.3:a:quagga:quagga:0.96.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:quagga:quagga:0.96.2:*:*:*:*:*:*:* | ||
cpe:2.3:a:sgi:propack:2.2.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:sgi:propack:2.3:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://marc.info/?l=bugtraq&m=106883387304266&w=2
- http://secunia.com/advisories/10563
- http://www.debian.org/security/2004/dsa-415
- http://www.redhat.com/support/errata/RHSA-2003-305.html
- http://www.redhat.com/support/errata/RHSA-2003-307.html
- http://marc.info/?l=bugtraq&m=106883387304266&w=2
- http://secunia.com/advisories/10563
- http://www.debian.org/security/2004/dsa-415
- http://www.redhat.com/support/errata/RHSA-2003-305.html
- http://www.redhat.com/support/errata/RHSA-2003-307.html