GNU Zebra 0.9x / Quagga 0.96 - Remote Denial of Service

EDB-ID:

23375


Platform:

Linux

Published:

2003-11-12

source: http://www.securityfocus.com/bid/9029/info

It has been reported that Zebra, as well as Quagga, may be vulnerable to a remote denial of service vulnerability that may allow an attacker to cause the software to crash or hang. The issue is reported to occur if an attacker attempts to connect to the Zebra telnet management port while a password is enabled. The program will crash when attempting to dereference an invalid, possibly NULL, pointer.

All versions of GNU Zebra are said to be vulnerable to this issue. All versions of Quagga prior to 0.96.4 are also vulnerable. 

printf '\xff\xf0\xff\xf0\xff\xf0' | nc <host> <port>