Sign-up

ID

VAR-200312-0227


CVE

CVE-2003-0795


TITLE

GNU Zebra Undefined in Telnet Service operation disruption due to connection options (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2003-000343

DESCRIPTION

The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference. GNU Zebra A password is set, and zebra If the connection to the module's management port is valid: telnet Sending an undefined code that does not exist as an option when connecting will cause a segmentation violation, zebra A vulnerability exists that causes the daemon to crash.zebra Daemon interferes with service operation (DoS) It may be in a state. It has been reported that Zebra, as well as Quagga, may be vulnerable to a remote denial of service vulnerability that may allow an attacker to cause the software to crash or hang. The issue is reported to occur if an attacker attempts to connect to the Zebra telnet management port while a password is enabled. The program will crash when attempting to dereference an invalid, possibly NULL, pointer. All versions of GNU Zebra are said to be vulnerable to this issue. All versions of Quagga prior to 0.96.4 are also vulnerable

Trust: 1.89

sources: NVD: CVE-2003-0795 // JVNDB: JVNDB-2003-000343 // BID: 9029

AFFECTED PRODUCTS

vendor:quaggamodel:quaggascope:eqversion:0.96

Trust: 1.6

vendor:quaggamodel:quaggascope:eqversion:0.95

Trust: 1.6

vendor:sgimodel:propackscope:eqversion:2.3

Trust: 1.3

vendor:sgimodel:propackscope:eqversion:2.2.1

Trust: 1.3

vendor:gnumodel:zebrascope:eqversion:0.92a

Trust: 1.0

vendor:gnumodel:zebrascope:eqversion:0.91a

Trust: 1.0

vendor:quaggamodel:quaggascope:lteversion:0.96.3

Trust: 1.0

vendor:quaggamodel:quaggascope:eqversion:0.96.2

Trust: 1.0

vendor:quaggamodel:quaggascope:eqversion:0.96.1

Trust: 1.0

vendor:gnumodel:zebrascope:eqversion:0.93a

Trust: 1.0

vendor:gnumodel:zebrascope:eqversion:0.93b

Trust: 1.0

vendor:red hatmodel:linuxscope:eqversion:7.2

Trust: 0.8

vendor:red hatmodel:linuxscope:eqversion:7.3

Trust: 0.8

vendor:red hatmodel:linuxscope:eqversion:8.0

Trust: 0.8

vendor:red hatmodel:linuxscope:eqversion:9

Trust: 0.8

vendor:quaggamodel:quaggascope:eqversion:0.96.3

Trust: 0.6

vendor:quaggamodel:routing software suitescope:eqversion:0.96.3

Trust: 0.3

vendor:quaggamodel:routing software suitescope:eqversion:0.96.2

Trust: 0.3

vendor:gnumodel:zebra bscope:eqversion:0.93

Trust: 0.3

vendor:gnumodel:zebra ascope:eqversion:0.93

Trust: 0.3

vendor:gnumodel:zebra ascope:eqversion:0.92

Trust: 0.3

vendor:gnumodel:zebra ascope:eqversion:0.91

Trust: 0.3

vendor:quaggamodel:routing software suitescope:neversion:0.96.4

Trust: 0.3

sources: BID: 9029 // JVNDB: JVNDB-2003-000343 // CNNVD: CNNVD-200312-062 // NVD: CVE-2003-0795

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2003-0795
value: MEDIUM

Trust: 1.8

CNNVD: CNNVD-200312-062
value: MEDIUM

Trust: 0.6

NVD: CVE-2003-0795
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2003-000343 // CNNVD: CNNVD-200312-062 // NVD: CVE-2003-0795

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

sources: NVD: CVE-2003-0795

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200312-062

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200312-062

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2003-0795

PATCH
title:RHSA-2003:307url:https://rhn.redhat.com/errata/rhsa-2003-307.html
Trust: 0.8
title:RHSA-2003:307url:http://www.jp.redhat.com/support/errata/rhsa/rhsa-2003-307j.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2003-000343

EXTERNAL IDS
db:NVDid:CVE-2003-0795
Trust: 2.7
db:SECUNIAid:10563
Trust: 1.6
db:BIDid:9029
Trust: 1.1
db:JVNDBid:JVNDB-2003-000343
Trust: 0.8
db:REDHATid:RHSA-2003:305
Trust: 0.6
db:REDHATid:RHSA-2003:307
Trust: 0.6
db:DEBIANid:DSA-415
Trust: 0.6
db:BUGTRAQid:20031114 QUAGGA REMOTE VULNERABILITY
Trust: 0.6
db:CNNVDid:CNNVD-200312-062
Trust: 0.6
sources:
            
            
            BID: 9029 // 
            
            
            
            JVNDB: JVNDB-2003-000343 // 
            
            
            
            CNNVD: CNNVD-200312-062 // 
            
            
            
            NVD: CVE-2003-0795

REFERENCES
url:http://www.redhat.com/support/errata/rhsa-2003-307.html
Trust: 1.6
url:http://www.redhat.com/support/errata/rhsa-2003-305.html
Trust: 1.6
url:http://www.debian.org/security/2004/dsa-415
Trust: 1.6
url:http://secunia.com/advisories/10563
Trust: 1.6
url:http://marc.info/?l=bugtraq&m=106883387304266&w=2
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0795
Trust: 0.8
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0795
Trust: 0.8
url:http://www.securityfocus.com/bid/9029
Trust: 0.8
url:http://marc.theaimsgroup.com/?l=bugtraq&m=106883387304266&w=2
Trust: 0.6
url:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000789
Trust: 0.3
url:http://archives.neohapsis.com/archives/vendor/2004-q1/0011.html
Trust: 0.3
url:http://www.quagga.net/
Trust: 0.3
url:http://rhn.redhat.com/errata/rhsa-2003-305.html
Trust: 0.3
url:/archive/1/344491
Trust: 0.3
sources:
            
            
            BID: 9029 // 
            
            
            
            JVNDB: JVNDB-2003-000343 // 
            
            
            
            CNNVD: CNNVD-200312-062 // 
            
            
            
            NVD: CVE-2003-0795

CREDITS
Red Hat Security Advisory
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200312-062

SOURCES
db:BIDid:9029
db:JVNDBid:JVNDB-2003-000343
db:CNNVDid:CNNVD-200312-062
db:NVDid:CVE-2003-0795

LAST UPDATE DATE
2022-05-04T09:27:10.240000+00:00

SOURCES UPDATE DATE
db:BIDid:9029date:2009-07-12T00:56:00
db:JVNDBid:JVNDB-2003-000343date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200312-062date:2005-10-20T00:00:00
db:NVDid:CVE-2003-0795date:2016-10-18T02:37:00

SOURCES RELEASE DATE
db:BIDid:9029date:2003-11-12T00:00:00
db:JVNDBid:JVNDB-2003-000343date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200312-062date:2003-11-12T00:00:00
db:NVDid:CVE-2003-0795date:2003-12-15T05:00:00