CVE-2003-0795
published 2003-12-15CVE-2003-0795: The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which…
medium5CVSS 3.1
AVNACLAuNCNINAP
EXPLOIT
The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gnu | zebra | — | — |
| gnu | zebra | — | — |
| gnu | zebra | — | — |
| gnu | zebra | — | — |
| quagga | quagga | <= 0.96.3 | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| quagga | quagga | — | — |
| sgi | propack | — | — |
| sgi | propack | — | — |