CVE-2003-0795

Description

The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference.

Affected products

• gnu / zebra0.91a – 0.91a
• gnu / zebra0.92a – 0.92a
• gnu / zebra0.93a – 0.93a
• gnu / zebra0.93b – 0.93b
• Quagga / quagga0.96.3
• Quagga / quagga0.95 – 0.95
• Quagga / quagga0.96 – 0.96
• Quagga / quagga0.96.1 – 0.96.1
• Quagga / quagga0.96.2 – 0.96.2
• sgi / propack2.2.1 – 2.2.1
• sgi / propack2.3 – 2.3

References

• MISChttp://www.redhat.com/support/errata/RHSA-2003-305.html
• MAILING_LISThttp://marc.info/?l=bugtraq&m=106883387304266&w=2
• VENDOR_ADVISORYhttp://www.debian.org/security/2004/dsa-415
• VENDOR_ADVISORYhttp://secunia.com/advisories/10563
• MISChttp://www.redhat.com/support/errata/RHSA-2003-307.html