First published: Tue Nov 18 2003(Updated: )
The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Quagga Quagga | =0.95 | |
Gnu Zebra | =0.92a | |
Quagga Quagga | =0.96.1 | |
SGI ProPack | =2.2.1 | |
Gnu Zebra | =0.93b | |
SGI ProPack | =2.3 | |
Gnu Zebra | =0.91a | |
Quagga Quagga | <=0.96.3 | |
Quagga Quagga | =0.96.2 | |
Gnu Zebra | =0.93a | |
Quagga Quagga | =0.96 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.