header-logo
Suggest Exploit
vendor:
Zebra and Quagga
by:
SecurityFocus
7.5
CVSS
HIGH
Remote Denial of Service
399
CWE
Product Name: Zebra and Quagga
Affected Version From: All versions of GNU Zebra
Affected Version To: All versions of Quagga prior to 0.96.4
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux
2002

Remote Denial of Service Vulnerability in Zebra and Quagga

It has been reported that Zebra, as well as Quagga, may be vulnerable to a remote denial of service vulnerability that may allow an attacker to cause the software to crash or hang. The issue is reported to occur if an attacker attempts to connect to the Zebra telnet management port while a password is enabled. The program will crash when attempting to dereference an invalid, possibly NULL, pointer.

Mitigation:

Disable the telnet management port or use a strong password.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/9029/info

It has been reported that Zebra, as well as Quagga, may be vulnerable to a remote denial of service vulnerability that may allow an attacker to cause the software to crash or hang. The issue is reported to occur if an attacker attempts to connect to the Zebra telnet management port while a password is enabled. The program will crash when attempting to dereference an invalid, possibly NULL, pointer.

All versions of GNU Zebra are said to be vulnerable to this issue. All versions of Quagga prior to 0.96.4 are also vulnerable. 

printf '\xff\xf0\xff\xf0\xff\xf0' | nc <host> <port>

Navigation

Suggest Exploit

Services By CQR