var-200312-0227
Vulnerability from variot
The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference. GNU Zebra A password is set, and zebra If the connection to the module's management port is valid: telnet Sending an undefined code that does not exist as an option when connecting will cause a segmentation violation, zebra A vulnerability exists that causes the daemon to crash.zebra Daemon interferes with service operation (DoS) It may be in a state. It has been reported that Zebra, as well as Quagga, may be vulnerable to a remote denial of service vulnerability that may allow an attacker to cause the software to crash or hang. The issue is reported to occur if an attacker attempts to connect to the Zebra telnet management port while a password is enabled. The program will crash when attempting to dereference an invalid, possibly NULL, pointer. All versions of GNU Zebra are said to be vulnerable to this issue. All versions of Quagga prior to 0.96.4 are also vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200312-0227",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.96"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.95"
},
{
"model": "propack",
"scope": "eq",
"trust": 1.3,
"vendor": "sgi",
"version": "2.3"
},
{
"model": "propack",
"scope": "eq",
"trust": 1.3,
"vendor": "sgi",
"version": "2.2.1"
},
{
"model": "zebra",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "0.92a"
},
{
"model": "zebra",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "0.91a"
},
{
"model": "quagga",
"scope": "lte",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.1"
},
{
"model": "zebra",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "0.93a"
},
{
"model": "zebra",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "0.93b"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.3"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "8.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "9"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.6,
"vendor": "quagga",
"version": "0.96.3"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.3"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.2"
},
{
"model": "zebra b",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "0.93"
},
{
"model": "zebra a",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "0.93"
},
{
"model": "zebra a",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "0.92"
},
{
"model": "zebra a",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "0.91"
},
{
"model": "routing software suite",
"scope": "ne",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.4"
}
],
"sources": [
{
"db": "BID",
"id": "9029"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000343"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-062"
},
{
"db": "NVD",
"id": "CVE-2003-0795"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:gnu:zebra:0.92a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:zebra:0.93a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "0.96.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.95:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sgi:propack:2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:zebra:0.93b:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sgi:propack:2.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:zebra:0.91a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0795"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat Security Advisory",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200312-062"
}
],
"trust": 0.6
},
"cve": "CVE-2003-0795",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2003-0795",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 1.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2003-0795",
"trust": 1.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200312-062",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2003-000343"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-062"
},
{
"db": "NVD",
"id": "CVE-2003-0795"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference. GNU Zebra A password is set, and zebra If the connection to the module\u0027s management port is valid: telnet Sending an undefined code that does not exist as an option when connecting will cause a segmentation violation, zebra A vulnerability exists that causes the daemon to crash.zebra Daemon interferes with service operation (DoS) It may be in a state. It has been reported that Zebra, as well as Quagga, may be vulnerable to a remote denial of service vulnerability that may allow an attacker to cause the software to crash or hang. The issue is reported to occur if an attacker attempts to connect to the Zebra telnet management port while a password is enabled. The program will crash when attempting to dereference an invalid, possibly NULL, pointer. \nAll versions of GNU Zebra are said to be vulnerable to this issue. All versions of Quagga prior to 0.96.4 are also vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0795"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000343"
},
{
"db": "BID",
"id": "9029"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2003-0795",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "10563",
"trust": 1.6
},
{
"db": "BID",
"id": "9029",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000343",
"trust": 0.8
},
{
"db": "REDHAT",
"id": "RHSA-2003:305",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2003:307",
"trust": 0.6
},
{
"db": "DEBIAN",
"id": "DSA-415",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20031114 QUAGGA REMOTE VULNERABILITY",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200312-062",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "9029"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000343"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-062"
},
{
"db": "NVD",
"id": "CVE-2003-0795"
}
]
},
"id": "VAR-200312-0227",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.1590909
},
"last_update_date": "2022-05-04T09:27:10.240000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "RHSA-2003:307",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2003-307.html"
},
{
"title": "RHSA-2003:307",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2003-307j.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2003-000343"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0795"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://www.redhat.com/support/errata/rhsa-2003-307.html"
},
{
"trust": 1.6,
"url": "http://www.redhat.com/support/errata/rhsa-2003-305.html"
},
{
"trust": 1.6,
"url": "http://www.debian.org/security/2004/dsa-415"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/10563"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=106883387304266\u0026w=2"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0795"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0795"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/9029"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=106883387304266\u0026w=2"
},
{
"trust": 0.3,
"url": "http://distro.conectiva.com.br/atualizacoes/index.php?id=a\u0026anuncio=000789"
},
{
"trust": 0.3,
"url": "http://archives.neohapsis.com/archives/vendor/2004-q1/0011.html"
},
{
"trust": 0.3,
"url": "http://www.quagga.net/"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2003-305.html"
},
{
"trust": 0.3,
"url": "/archive/1/344491"
}
],
"sources": [
{
"db": "BID",
"id": "9029"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000343"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-062"
},
{
"db": "NVD",
"id": "CVE-2003-0795"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "9029"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000343"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-062"
},
{
"db": "NVD",
"id": "CVE-2003-0795"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-11-12T00:00:00",
"db": "BID",
"id": "9029"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2003-000343"
},
{
"date": "2003-11-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200312-062"
},
{
"date": "2003-12-15T05:00:00",
"db": "NVD",
"id": "CVE-2003-0795"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-07-12T00:56:00",
"db": "BID",
"id": "9029"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2003-000343"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200312-062"
},
{
"date": "2016-10-18T02:37:00",
"db": "NVD",
"id": "CVE-2003-0795"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200312-062"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GNU Zebra Undefined in Telnet Service operation disruption due to connection options (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2003-000343"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200312-062"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.