CVE-2003-0795

Severity CVSS v4.0:
Pending analysis
Type:
CWE-20 Input Validation
Publication date:
15/12/2003
Last modified:
03/04/2025

Description

The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:gnu:zebra:0.91a:*:*:*:*:*:*:*
cpe:2.3:a:gnu:zebra:0.92a:*:*:*:*:*:*:*
cpe:2.3:a:gnu:zebra:0.93a:*:*:*:*:*:*:*
cpe:2.3:a:gnu:zebra:0.93b:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:* 0.96.3 (including)
cpe:2.3:a:quagga:quagga:0.95:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.96:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.96.1:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.96.2:*:*:*:*:*:*:*
cpe:2.3:a:sgi:propack:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:sgi:propack:2.3:*:*:*:*:*:*:*