Debian DSA-415-1 : zebra - denial of service

medium Nessus Plugin ID 15252

Synopsis

The remote Debian host is missing a security-related update.

Description

Two vulnerabilities were discovered in zebra, an IP routing daemon :

- CAN-2003-0795 - a bug in the telnet CLI could allow a remote attacker to cause a zebra process to crash, resulting in a denial of service.
- CAN-2003-0858 - netlink messages sent by other users (rather than the kernel) would be accepted, leading to a denial of service.

Solution

For the current stable distribution (woody) this problem has been fixed in version 0.92a-5woody2.


The zebra package has been obsoleted in the unstable distribution by GNU Quagga, where this problem was fixed in version 0.96.4x-4.

We recommend that you update your zebra package.

See Also

http://www.debian.org/security/2004/dsa-415

Plugin Details

Severity: Medium

ID: 15252

File Name: debian_DSA-415.nasl

Version: 1.20

Type: local

Agent: unix

Published: 9/29/2004

Updated: 1/4/2021

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:zebra, cpe:/o:debian:debian_linux:3.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 1/6/2004

Reference Information

CVE: CVE-2003-0795, CVE-2003-0858

BID: 9029

DSA: 415