← back
CVE-2003-0795

CVE-2003-0795

EPSS 8.2%
The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/23375unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://marc.info/?l=bugtraq&m=106883387304266&w=2http://secunia.com/advisories/10563http://www.debian.org/security/2004/dsa-415http://www.redhat.com/support/errata/RHSA-2003-305.htmlhttp://www.redhat.com/support/errata/RHSA-2003-307.html