VAR-200312-0227
Vulnerability from variot - Updated: 2022-05-04 09:27The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference. GNU Zebra A password is set, and zebra If the connection to the module's management port is valid: telnet Sending an undefined code that does not exist as an option when connecting will cause a segmentation violation, zebra A vulnerability exists that causes the daemon to crash.zebra Daemon interferes with service operation (DoS) It may be in a state. It has been reported that Zebra, as well as Quagga, may be vulnerable to a remote denial of service vulnerability that may allow an attacker to cause the software to crash or hang. The issue is reported to occur if an attacker attempts to connect to the Zebra telnet management port while a password is enabled. The program will crash when attempting to dereference an invalid, possibly NULL, pointer. All versions of GNU Zebra are said to be vulnerable to this issue. All versions of Quagga prior to 0.96.4 are also vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200312-0227",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.96"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.6,
"vendor": "quagga",
"version": "0.95"
},
{
"model": "propack",
"scope": "eq",
"trust": 1.3,
"vendor": "sgi",
"version": "2.3"
},
{
"model": "propack",
"scope": "eq",
"trust": 1.3,
"vendor": "sgi",
"version": "2.2.1"
},
{
"model": "zebra",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "0.92a"
},
{
"model": "zebra",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "0.91a"
},
{
"model": "quagga",
"scope": "lte",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.3"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.2"
},
{
"model": "quagga",
"scope": "eq",
"trust": 1.0,
"vendor": "quagga",
"version": "0.96.1"
},
{
"model": "zebra",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "0.93a"
},
{
"model": "zebra",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "0.93b"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.3"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "8.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "9"
},
{
"model": "quagga",
"scope": "eq",
"trust": 0.6,
"vendor": "quagga",
"version": "0.96.3"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.3"
},
{
"model": "routing software suite",
"scope": "eq",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.2"
},
{
"model": "zebra b",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "0.93"
},
{
"model": "zebra a",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "0.93"
},
{
"model": "zebra a",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "0.92"
},
{
"model": "zebra a",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "0.91"
},
{
"model": "routing software suite",
"scope": "ne",
"trust": 0.3,
"vendor": "quagga",
"version": "0.96.4"
}
],
"sources": [
{
"db": "BID",
"id": "9029"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000343"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-062"
},
{
"db": "NVD",
"id": "CVE-2003-0795"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:gnu:zebra:0.92a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:zebra:0.93a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "0.96.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.95:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sgi:propack:2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:zebra:0.93b:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sgi:propack:2.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:zebra:0.91a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:quagga:quagga:0.96:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0795"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat Security Advisory",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200312-062"
}
],
"trust": 0.6
},
"cve": "CVE-2003-0795",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2003-0795",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 1.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2003-0795",
"trust": 1.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200312-062",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2003-000343"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-062"
},
{
"db": "NVD",
"id": "CVE-2003-0795"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference. GNU Zebra A password is set, and zebra If the connection to the module\u0027s management port is valid: telnet Sending an undefined code that does not exist as an option when connecting will cause a segmentation violation, zebra A vulnerability exists that causes the daemon to crash.zebra Daemon interferes with service operation (DoS) It may be in a state. It has been reported that Zebra, as well as Quagga, may be vulnerable to a remote denial of service vulnerability that may allow an attacker to cause the software to crash or hang. The issue is reported to occur if an attacker attempts to connect to the Zebra telnet management port while a password is enabled. The program will crash when attempting to dereference an invalid, possibly NULL, pointer. \nAll versions of GNU Zebra are said to be vulnerable to this issue. All versions of Quagga prior to 0.96.4 are also vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0795"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000343"
},
{
"db": "BID",
"id": "9029"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2003-0795",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "10563",
"trust": 1.6
},
{
"db": "BID",
"id": "9029",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000343",
"trust": 0.8
},
{
"db": "REDHAT",
"id": "RHSA-2003:305",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2003:307",
"trust": 0.6
},
{
"db": "DEBIAN",
"id": "DSA-415",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20031114 QUAGGA REMOTE VULNERABILITY",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200312-062",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "9029"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000343"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-062"
},
{
"db": "NVD",
"id": "CVE-2003-0795"
}
]
},
"id": "VAR-200312-0227",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.1590909
},
"last_update_date": "2022-05-04T09:27:10.240000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "RHSA-2003:307",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2003-307.html"
},
{
"title": "RHSA-2003:307",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2003-307j.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2003-000343"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0795"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://www.redhat.com/support/errata/rhsa-2003-307.html"
},
{
"trust": 1.6,
"url": "http://www.redhat.com/support/errata/rhsa-2003-305.html"
},
{
"trust": 1.6,
"url": "http://www.debian.org/security/2004/dsa-415"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/10563"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=106883387304266\u0026w=2"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0795"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0795"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/9029"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=106883387304266\u0026w=2"
},
{
"trust": 0.3,
"url": "http://distro.conectiva.com.br/atualizacoes/index.php?id=a\u0026anuncio=000789"
},
{
"trust": 0.3,
"url": "http://archives.neohapsis.com/archives/vendor/2004-q1/0011.html"
},
{
"trust": 0.3,
"url": "http://www.quagga.net/"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2003-305.html"
},
{
"trust": 0.3,
"url": "/archive/1/344491"
}
],
"sources": [
{
"db": "BID",
"id": "9029"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000343"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-062"
},
{
"db": "NVD",
"id": "CVE-2003-0795"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "9029"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000343"
},
{
"db": "CNNVD",
"id": "CNNVD-200312-062"
},
{
"db": "NVD",
"id": "CVE-2003-0795"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-11-12T00:00:00",
"db": "BID",
"id": "9029"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2003-000343"
},
{
"date": "2003-11-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200312-062"
},
{
"date": "2003-12-15T05:00:00",
"db": "NVD",
"id": "CVE-2003-0795"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-07-12T00:56:00",
"db": "BID",
"id": "9029"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2003-000343"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200312-062"
},
{
"date": "2016-10-18T02:37:00",
"db": "NVD",
"id": "CVE-2003-0795"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200312-062"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GNU Zebra Undefined in Telnet Service operation disruption due to connection options (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2003-000343"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200312-062"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…