Details of VAR-200312-0225

ID

VAR-200312-0225

CVE

CVE-2003-0858

TITLE

GNU Zebra Service operation disruption due to illegal messages (DoS) Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2003-000344

DESCRIPTION

Zebra 0.93b and earlier, and quagga before 0.95, allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface

Trust: 1.89

sources: NVD: CVE-2003-0858 // JVNDB: JVNDB-2003-000344 // BID: 87768

AFFECTED PRODUCTS

vendor:	quagga	model:	routing software suite	scope:	lte	version:	0.95	Trust: 1.0
vendor:	gnu	model:	zebra	scope:	lte	version:	0.91	Trust: 1.0
vendor:	red hat	model:	linux	scope:	eq	version:	7.2	Trust: 0.8
vendor:	red hat	model:	linux	scope:	eq	version:	7.3	Trust: 0.8
vendor:	red hat	model:	linux	scope:	eq	version:	8.0	Trust: 0.8
vendor:	red hat	model:	linux	scope:	eq	version:	9	Trust: 0.8
vendor:	gnu	model:	zebra	scope:	eq	version:	0.91	Trust: 0.6
vendor:	quagga	model:	routing software suite	scope:	eq	version:	0.95	Trust: 0.3

sources: BID: 87768 // JVNDB: JVNDB-2003-000344 // CNNVD: CNNVD-200312-036 // NVD: CVE-2003-0858

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2003-0858
value:	LOW
Trust: 1.8
CNNVD:	CNNVD-200312-036
value:	LOW
Trust: 0.6

NVD:	CVE-2003-0858
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

sources: JVNDB: JVNDB-2003-000344 // CNNVD: CNNVD-200312-036 // NVD: CVE-2003-0858

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.0

sources: NVD: CVE-2003-0858

THREAT TYPE

local

Trust: 0.9

sources: BID: 87768 // CNNVD: CNNVD-200312-036

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-200312-036

CONFIGURATIONS

sources: NVD: CVE-2003-0858

PATCH

title:	RHSA-2003:307	url:	https://rhn.redhat.com/errata/rhsa-2003-307.html	Trust: 0.8
title:	RHSA-2003:307	url:	http://www.jp.redhat.com/support/errata/rhsa/rhsa-2003-307j.html	Trust: 0.8

sources: JVNDB: JVNDB-2003-000344

EXTERNAL IDS

db:	NVD	id:	CVE-2003-0858	Trust: 2.7
db:	SECUNIA	id:	10563	Trust: 1.6
db:	JVNDB	id:	JVNDB-2003-000344	Trust: 0.8
db:	OVAL	id:	OVAL:ORG.MITRE.OVAL:DEF:10169	Trust: 0.6
db:	REDHAT	id:	RHSA-2003:305	Trust: 0.6
db:	REDHAT	id:	RHSA-2003:307	Trust: 0.6
db:	REDHAT	id:	RHSA-2003:315	Trust: 0.6
db:	DEBIAN	id:	DSA-415	Trust: 0.6
db:	CNNVD	id:	CNNVD-200312-036	Trust: 0.6
db:	BID	id:	87768	Trust: 0.3

sources: BID: 87768 // JVNDB: JVNDB-2003-000344 // CNNVD: CNNVD-200312-036 // NVD: CVE-2003-0858

REFERENCES

url:	http://www.debian.org/security/2004/dsa-415	Trust: 1.9
url:	http://www.redhat.com/support/errata/rhsa-2003-305.html	Trust: 1.9
url:	http://www.redhat.com/support/errata/rhsa-2003-307.html	Trust: 1.9
url:	http://www.redhat.com/support/errata/rhsa-2003-315.html	Trust: 1.9
url:	http://secunia.com/advisories/10563	Trust: 1.6
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10169	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0858	Trust: 0.8
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0858	Trust: 0.8
url:	http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:10169	Trust: 0.6

sources: BID: 87768 // JVNDB: JVNDB-2003-000344 // CNNVD: CNNVD-200312-036 // NVD: CVE-2003-0858

CREDITS

Unknown

Trust: 0.3

sources: BID: 87768

SOURCES

db:	BID	id:	87768
db:	JVNDB	id:	JVNDB-2003-000344
db:	CNNVD	id:	CNNVD-200312-036
db:	NVD	id:	CVE-2003-0858

LAST UPDATE DATE

2022-05-04T09:27:10.210000+00:00

SOURCES UPDATE DATE

db:	BID	id:	87768	date:	2003-12-15T00:00:00
db:	JVNDB	id:	JVNDB-2003-000344	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-200312-036	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2003-0858	date:	2017-10-11T01:29:00

SOURCES RELEASE DATE

db:	BID	id:	87768	date:	2003-12-15T00:00:00
db:	JVNDB	id:	JVNDB-2003-000344	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-200312-036	date:	2003-12-15T00:00:00
db:	NVD	id:	CVE-2003-0858	date:	2003-12-15T05:00:00